Pundit provides a set of helpers that guide Ruby programmer in leveraging regular Ruby classes and object oriented design patterns to build a simple, robust and scaleable authorization system.
Questions tagged [pundit]
439 questions
1
vote
1 answer
Devise & Pundit - need to work together?
I am making and web app in Ruby on Rails. The question I have is - if I installed devise do I need to install pundit as well to control user access?
I am talking about simple access to a current user profile or the only author of the article can…
Fresz
- 1,804
- 2
- 16
- 29
1
vote
1 answer
Pundit Error with authorize @user in Rails 4 Application [Pundit::NotAuthorizedError in UsersController#destroy]
I am getting the following error while trying to delete a user in my Rails 4 App.
Pundit::NotAuthorizedError in UsersController#destroy
not allowed to destroy? this #
Extracted source (around line #30):
@user =…
Praveen George
- 9,237
- 4
- 26
- 53
1
vote
1 answer
Rails 4 - Pundit and Associations
I am trying to make an app with Rails 4.
I am using pundit with devise.
I am trying to write an Address Policy in Pundit.
I have three relevant models, being user.rb, profile.rb and address.rb.
The associations are:
user.rb
has_one…
Mel
- 2,481
- 26
- 113
- 273
1
vote
1 answer
pundit_user: undefined method `current_user' for #
I have two layouts Admin and Domain. And I don't need any extra configuration in Admin layout. but if user tries to access Domain layout they must be in their valid domain.
This means that, I need to customize all of my Domain policy to include both…
przbadu
- 5,769
- 5
- 42
- 67
1
vote
1 answer
rails4 how to list all models with an existing Pundit policy
I am trying to get a list of all models in my app with an already defined Pundit policy.
until then , I am checking it using this code :
current_user = User.first
ActiveRecord::Base.send(:subclasses).map { |subclass| subclass.name if
…
user762579
1
vote
2 answers
rails4 + Pundit model instance not defined in policy
I defines a Pundit policy "CompanyPolicy" as stated in the documentation , the scopez gives the expected results ( on :index ) but I get an exception trying to use the company model instance :
*** NameError Exception: undefined local variable or…
user762579
1
vote
1 answer
Rails 4 - Pundit::PolicyScopingNotPerformedError
I am new with Pundit ( I am used to Cancan...) and I am training on it, trying to follow the ReadMe.. but I am stuck with the PolicyScoping error when indexing all sheets from my Sheet model
#application_controller.rb
class ApplicationController <…
user762579
1
vote
0 answers
Does Pundit support blacklisting for attributes (inverse for permitted_attributes)?
In Rails in your models_controller you can either whitelist your attributes:
def deal_params
params.require(:deal).permit(:name, :phone])
end
or blacklist your attributes
def deal_params
params.require(:deal).permit!.except(:id)
end
In Pundit…
arthur
- 348
- 4
- 16
1
vote
1 answer
pundit authorisation multiple-inheritence (scopes, modules)?
I'm using Pundit for authorisation, and want to share logic between the policy classes. So far I've been using plain ruby modules and include, but haven't found a good solution for pundit's Scope classes.
For example granting an admin access to…
nruth
- 1,068
- 7
- 22
1
vote
0 answers
Pundit with multiple model criteria
When using pundit I understand I can authorise the current user against a model. Simple.
I have a scenario where I wish to authorise the user against a model and confirm criteria within a second model however Pundit only allows a single…
Dercni
- 1,216
- 3
- 18
- 38
1
vote
1 answer
Pundit - Policies are not recognised
I am implementing pundit and wish to restrict the user#edit and user#update actions to only the current_user
def edit
@user = current_user
authorize(@user)
end
def update
@user = current_user
authorise(@user)
if…
Dercni
- 1,216
- 3
- 18
- 38
1
vote
2 answers
Ruby Pundit Authorization Users and Collaborators
Ruby beginner over here. I'm currently working on a project where Users can create public and private wikis. There are three different roles: Admin, Standard User and Premium User. A Standard user can only see public wikis.
Authorization is working…
LizGee
- 45
- 8
1
vote
1 answer
Rails / Pundit / RSpec - #let or #subject called without a block
I've created Pundit policies specs with
rails g pundit:policy class
... but the specs are giving the following error:
.rvm/gems/ruby-2.2.2/gems/rspec-core-3.3.1/lib/rspec/core/memoized_helpers.rb:287:in `let': #let or #subject called without a…
Hugo Carlos
- 401
- 3
- 22
1
vote
1 answer
Using Pundit for authorizing controllers
I am learning to use Pundit for authorization. But the way I see it is authorization for resources not pages. I want a user to be redirected to a unauthorized page if he/she is not authorized to visit the page using pundit.
For e.g.
class…
sethi
- 1,869
- 2
- 17
- 27
1
vote
1 answer
How can I enforce scoping on singular resources using Pundit?
I have a few singular resources in my app, e.g.:
# routes.rb
MySite::Application.routes.draw do
resource :thing
end
# things_controller.rb
class ThingsController < ApplicationController
def edit
load_thing
end
def update
…
tristanm
- 3,337
- 2
- 27
- 40