I am a newbie when it comes to RubyOnRails. Recently while working with the gem pundit I encountered a problem. Pundit during function sort? authorization does not see the logged in user that is @user = nill. I don't know what the problem is because other authorizations with the same syntax works for example edit? I am uploading the code below:
lesson_controler.rb
class LessonsController < ApplicationController
before_action :set_lesson, only: [ :show, :edit, :update, :destroy ]
def sort
@course = Course.friendly.find(params[:course_id])
@lesson = Lesson.friendly.find(params[:lesson_id])
authorize @lesson
@lesson.update(lesson_params)
render body: nil
end
def index
@lessons = Lesson.all
end
def show
authorize @lesson
current_user.view_lesson(@lesson)
@lessons = @course.lessons
end
def new
@lesson = Lesson.new
@course = Course.friendly.find(params[:course_id])
end
def edit
authorize @lesson
end
def create
@lesson = Lesson.new(lesson_params)
@course = Course.friendly.find(params[:course_id])
@lesson.course_id = @course.id
authorize @lesson
respond_to do |format|
if @lesson.save
format.html { redirect_to course_lesson_path(@course,@lesson), notice: "Lesson was successfully created." }
format.json { render :show, status: :created, location: @lesson }
else
format.html { render :new, status: :unprocessable_entity }
format.json { render json: @lesson.errors, status: :unprocessable_entity }
end
end
end
def update
authorize @lesson
respond_to do |format|
if @lesson.update(lesson_params)
format.html { redirect_to course_lesson_path(@course,@lesson), notice: "Lesson was successfully updated." }
format.json { render :show, status: :ok, location: @lesson }
else
format.html { render :edit, status: :unprocessable_entity }
format.json { render json: @lesson.errors, status: :unprocessable_entity }
end
end
end
def destroy
authorize @lesson
@lesson.destroy
respond_to do |format|
format.html { redirect_to course_path(@course), notice: "Lesson was successfully destroyed." }
format.json { head :no_content }
end
end
private
def set_lesson
@course = Course.friendly.find(params[:course_id])
@lesson = Lesson.friendly.find(params[:id])
end
def lesson_params
params.require(:lesson).permit(:title, :content, :row_order_position)
end
end
lesson_policy.rb:
class LessonPolicy < ApplicationPolicy
class Scope < Scope
def resolve
scope.all
end
end
def sort?
@record.course.user_id == @user.id
end
def edit?
@record.course.user_id == @user.id
end
def update?
@record.course.user_id == @user.id
end
def destroy?
@record.course.user_id == @user.id
end
def show?
@record.course.user_id == @user.id || @user&.has_role?(:admin) || @record.course.bought(@user) == false
end
def new?
@record.course.user_id == @user.id
end
def create?
@record.course.user_id == @user.id
end
end
Application_policy.rb:
class ApplicationPolicy
attr_reader :user, :record
def initialize(user, record)
@user = user
@record = record
end
def index?
false
end
def show?
false
end
def create?
false
end
def new?
create?
end
def update?
false
end
def edit?
update?
end
def destroy?
false
end
class Scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
scope.all
end
private
attr_reader :user, :scope
end
end
How can I make a logged in user visible to pundit?
