Stack Overflow
Stack Overflow

Questions tagged [pundit]

Pundit provides a set of helpers that guide Ruby programmer in leveraging regular Ruby classes and object oriented design patterns to build a simple, robust and scaleable authorization system.

439 questions
1
vote
1 answer

Mutiple Objects authorization using pundit in one action

In the code below i want authorize team and user. By authorizing the team , i want to make sure the current_user is the admin of team Second authorize is to make sure that the user being removed is not the admin(user) of team. I assume you have…
Charles Skariah
  • 670
  • 6
  • 18
1
vote
2 answers

Pundit gem. Is there way to show record's specific attribute values over yml file?

i'am playing with pundit gem. i need to show post's title in a flash message #config/locales/pundit.en.yml en: pundit: default: 'You cannot perform this action.' post_policy: share?: 'You cannot share post…
okliv
  • 3,909
  • 30
  • 47
1
vote
0 answers

With Rails + Devise + Pundit, how to give signed-in users a "public preview" view of their profile?

The show method for a user's profile page uses typical pundit policies to display/hide user-specific actions (such as editing) based on whether the page owner is signed in. So the show view for example contains: - if policy(@user).edit? = link_to…
jpw
  • 18,697
  • 25
  • 111
  • 187
1
vote
0 answers

Using Pundit to resolve association scope

Example code: #model class Profile < AR:Base has_many :projects end #controller class ProfilesController < AC def show @user = Profile.find(params[:id]) end end #view @profile.projects.each do |project| = render something end Any…
Aleksandr K.
  • 1,338
  • 14
  • 21
1
vote
1 answer

Using Pundit for Rails 5 Authorization with two different user tables (User and Admin)

If using Pundit for authorization in a Blog app, Devise for Authentication with different user tables for User and Admin, how can a Policy for Posts be implemented where: Users can update their own posts Admins can update anyone's post In the…
jpw
  • 18,697
  • 25
  • 111
  • 187
1
vote
1 answer

How to get Pundit to apply a scope to a model with a different name than the policy?

I have a DirectoryController, and -- deliberately -- no UsersController. UsersController will doubtless be added when I create the administration controls, and will have a totally difference scope & purpose. When I call policy_scoped in the…
RonLugge
  • 5,086
  • 5
  • 33
  • 61
1
vote
1 answer

Does the Pundit or CanCan gem allow for user-by-user, controller-by-controller permissions?

I have an admin section on my site with links to 30 something features. We want to have it so that each customer service reps will be given access to these pages on a very granular, individual level (i.e. Joe will be given access to page A and B,…
Ryan Grush
  • 2,076
  • 3
  • 37
  • 64
1
vote
1 answer

Pundit Gem Index Page Prevent Access

I'm using the pundit gem and trying to figure out how to use it to prevent access to an index page that belongs to a user other than the current_user. The examples only talk about how to scope the results to the current_user but no how to actually…
Robbo
  • 1,292
  • 2
  • 18
  • 41
1
vote
1 answer

Allow non registered users to view content with pundit

I have having trouble allowing non-registered/non-logged in users to view the index and show pages for a blog section. I am using Pundit for authorization and realize that at the moment I have my policies set to not allow non-users to view any part…
Nate
  • 71
  • 8
1
vote
1 answer

Rails 5, Pundit with namespaced resources

I'm trying to figure out how to use pundit with my namespaced resources. I've read lots of SO posts from others saying they have problems with this, but those predate discussions on the pundit gem issue tracker. The issue tracker isn't clear about…
Mel
  • 2,481
  • 26
  • 113
  • 273
1
vote
1 answer

Rails Pundit Authorization not performed

I'm getting an "Pundit::PolicyScopingNotPerformedError" when calling a GET request to the show method of this controller. Any help appreciated. Controller: class DashboardsController < ApplicationController before_action…
Andrew
  • 375
  • 2
  • 12
1
vote
3 answers

How do I authorize a controller action with Pundit if authorization depends on an instance variable?

I have an wedding class with many organizers, and the resources are nested so, to view an event's organizers, I have to access: /events/23/organizers The index controller for organizers is like so: Class OrganizersController < ApplicationController …
Amin Shah Gilani
  • 8,675
  • 5
  • 37
  • 79
1
vote
1 answer

Rails 4 - Pundit, Scopes: Getting Started

I am really struggling in my efforts over the past 2+ years to try to learn how to use pundit. I am trying to write scoped policies, so that different users can receive objects based on the scope class that they fit into. I have asked several…
Mel
  • 2,481
  • 26
  • 113
  • 273
1
vote
2 answers

Rails: No Pundit policy found in Rails

I have used the Pundit Gem before, but I've never tried doing what I'm trying to do now, and for some reason Pundit is not happy. What I'm aiming to do, is to have a modal with the 'create' (Foo) form on my 'index'(Foos) page. Thus I need to…
HermannHH
  • 1,732
  • 1
  • 27
  • 57
1
vote
2 answers

Rails Pundit Policy Spec test failing with NoMethodError

I have just started using Pundit for authorization in my current project along with the pundit-matchers gem. So far it seems to generally be working for me but I have a problem in my tests. I have generally tried to follow the examples in the…
brad
  • 9,573
  • 12
  • 62
  • 89
1 2 3
29 30