Pundit provides a set of helpers that guide Ruby programmer in leveraging regular Ruby classes and object oriented design patterns to build a simple, robust and scaleable authorization system.
Questions tagged [pundit]
439 questions
1
vote
2 answers
Understanding how to use Pundit
I've been trying to wrap my head around the concept of a policy, which seems straightforward enough--a policy is a set of rules by which access to system privileges and resources is determined.
Simple enough.
So, in order for a user within a system…
Michael P.
- 1,373
- 3
- 12
- 33
1
vote
1 answer
Cant authorise nested resources with Pundit
Here is my problem. I have multiple users with multiple subscriptions each and i want to authorise subscriptions index method with Pundit.
My routes.rb:
resources :users do
resources : subscriptions
end
Lets assume i'm user with id 1. What i need…
kabukiman
- 185
- 14
1
vote
1 answer
Ruby gem Pundit doesn't appear to be doing the policy correctly
I'm doing this in the User#Show view:
<% if policy(Gallery.new).create? %>
<%= link_to "Add a photo gallery for #{@user.name}", new_user_gallery_path(@user), class: 'btn btn-success' %>
<% end %>
and Admin can add galleries to any user. But…
Rachel
- 125
- 1
- 9
1
vote
1 answer
How to Authorized a custom created method in Rails by Pundit?
I have created custom method in rails 4
def duplicate
new_house = @house.amoeba_dup
respond_to do |format|
if new_house.save
format.html { render action: 'new', notice: 'Category Attribute Added Successfully'…
Ravi Tiwari
- 73
- 7
1
vote
1 answer
Pundit scoping, how to make a member only see their posts?
I'm working on Authorization for my school assignment, which is a Reddit clone. I was just introduced to the Pundit Gem for Authorization on user roles, ie, Admin, Moderator, Member and Guest.
I have to make it so:
Admins and Moderators should see…
Jonathan Musso
- 1,374
- 3
- 21
- 45
1
vote
1 answer
Pundit Scope inheritance
I need something like Scope inheritance in pundit. Imagine this scenarion:
class ApplicationPolicy
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
…
Oleg Antonyan
- 2,943
- 3
- 28
- 44
1
vote
1 answer
Rails: what do I test in controller/view/request/feature tests respectively?
So I rails g scaffold bar content:string in Rails, it generates a whole lot of things. As a newbie in testing, I have little idea on what to put in each category.
Some context first:
The testing framework is RSpec
I'm using devise for…
fengye87
- 2,433
- 4
- 24
- 41
1
vote
1 answer
$ rails g pundit:install errors 'const_get' : wrong constant name Admin? (Name Error) while attempting to generate default policy library
New to ROR working through a tutorial attempting to generate a default policy file for my application with the pundit:install.
$ rails g pundit:install generates the following error:
.rvm/gems/ruby-2.2.0/gems/devise-3.4.1/lib/devise/models.rb:88:in…
mezzimench
- 25
- 5
1
vote
1 answer
How to restrict access to models in Ruby on Rails 4 using Pundit and Rolify
I have only just jumped on the Rails in the last few months and have run into my first real snag in my current project which I have been unable to find an answer for.
My aim is to implement some fine grained control over which user…
Darragh
- 19
- 1
- 6
1
vote
1 answer
Rolify and acts_as_tenant with Single Signon (with some Devise & Pundit on the side) - can it be done?
I am going to try and make this work in my Rails app but I figured I would see if anyone knew of a gotcha that would stop me in the tracks.
The basic premise is that I have the following models:
Company - the tenants in acts_as_tenant
User - unique…
Dan Tappin
- 2,692
- 3
- 37
- 77
1
vote
2 answers
how to add an omnipotent user level to Pundit
I've looked through the documentation and did some searching but i don't see an option for an omnipotent user (super user) level, or how one can be created.
Has anyone seen or created a why of doing this? im thinking it may be possible to tie into…
Tom T
- 432
- 1
- 7
- 21
1
vote
0 answers
Pundit Multiple Roles Index Spec
I have the following spec, policy and controller. For some reason, my permissions' index spec for business user is not passing, but it works on the front-end. My spec might be wrong or I might be overlooking something. Many thanks in advance for…
AGirlThatCodes
- 575
- 7
- 21
1
vote
1 answer
Index View Restrictions for Various Roles using Pundit
I'm trying to create a show view for three roles. Admin, super user, and user. An admin should see all of the users. A super user should see only users and a user should not see anyone. When I used the commented out policy method in the resolve for…
AGirlThatCodes
- 575
- 7
- 21
1
vote
1 answer
Access current_user from a gem
You may have heard of Pundit. https://github.com/elabs/pundit Basically, it's an authorization gem.
What I want to know is, how does it access the variable current_user inside its classes?
I don't know how, but @user and user are both equal somehow…
Starkers
- 10,273
- 21
- 95
- 158
1
vote
1 answer
How to show specific parameters based on auth using pundit?
Say I have a User model that has a username and a full_name. I want to render a user object using Active Model Serializer and only render specific parameters based on if the current_user is nil or logged in. Since I'm using pundit as well, I was…
Derek
- 11,980
- 26
- 103
- 162