Stack Overflow
Stack Overflow

Questions tagged [pundit]

Pundit provides a set of helpers that guide Ruby programmer in leveraging regular Ruby classes and object oriented design patterns to build a simple, robust and scaleable authorization system.

439 questions
8
votes
1 answer

Can pundit policies be loaded from database?

I like the simplicity of Pundit gem and I would like to make policies dynamic by storing them to database. Basically I'm looking for a way to be able to change policies without need to redeploy the application.
LukasMac
  • 848
  • 1
  • 8
  • 20
8
votes
1 answer

Ruby on Rails Pundit's current_user is nil in integration test

I'm using the gems pundit and devise. I have a delete link that only shows up if you are an admin. I have an integration test that I would like to verify that the delete link only shows up for admins. test 'comment delete link shows when it…
Jake Smith
  • 2,332
  • 1
  • 30
  • 68
8
votes
2 answers

Authorizing an array of ID's with the Pundit gem

I have a multiple select box for a has_many association. The params come in as: foo_ids: ["1", "2", "3"] Using strong parameters, I do not permit this attribute because I would like to authorize it myself so people cannot just put whatever they…
Logan Serman
  • 29,447
  • 27
  • 102
  • 141
7
votes
2 answers

How to test Pundit Scopes in Rspec?

I've got a pretty simple Pundit policy with a scope for different user roles. I can't figure out how to test it in Rspec. Specifically, I don't know how to tell the scope what user is logged in before accessing the scope. Here is what I've…
David Hempy
  • 5,373
  • 2
  • 40
  • 68
7
votes
2 answers

Pundit::AuthorizationNotPerformedError with Devise controller

I am fairly new to using this Pundit gem but seem to be having trouble understanding the policy system. I have added checks that Pundit has been called for authorization (verify_authorized) and for scoping (verfify_policy_scoped). However, this…
Boss Nass
  • 3,384
  • 9
  • 48
  • 90
7
votes
2 answers

How to get Active Admin to work with Pundit after login

I've added the configuration pundit addapter authorization to my application config.authorization_adapter = ActiveAdmin::PunditAdapter When I login with the admin@example.com credentials I'm getting this error. Pundit::NotDefinedError in…
user3787971
  • 457
  • 4
  • 22
7
votes
1 answer

Pundit- Index Method for Admin and Users

So, I'm trying to use the gem pundit. I'm just trying to figure out how to have an index view for users and admins. I want to render all results for an admin and only related posts for a user. I've googled and searched on github, but I'm not find…
AGirlThatCodes
  • 575
  • 7
  • 21
7
votes
2 answers

Rails_admin: Should I have admin_user or user with admin role to manage users and admin panel

In my rails application website visitors can sign up and create content. It uses devise with user model and everything works well. Now I want to use rails_admin for managing website resources and users etc and only people with administrative…
lightsaber
  • 1,481
  • 18
  • 37
6
votes
1 answer

How to avoid N+1 in Pundit policy for show?/update?/destroy?

I'm using ActiveAdmin gem together with Pundit (and Rolify) gem. This is how I wrote my policy (taken from: https://github.com/activeadmin/activeadmin/blob/master/spec/support/templates/policies/application_policy.rb): class ApplicationPolicy …
Viktor
  • 2,982
  • 27
  • 32
6
votes
3 answers

What is the DRY way to restrict an entire controller with Pundit in Rails?

I'm using Pundit with Rails, and I have a controller that I need to completely restrict from a specific user role. My roles are "Staff" and "Consumer." The staff should have full access to the controller, but the consumers should have no access. Is…
Lee McAlilly
  • 9,084
  • 12
  • 60
  • 94
6
votes
3 answers

Rails 4 - Pundit with Rolify - permitting a group of roles

I am trying to make an app with Rails 4. I have defined a series of roles with Rolify gem. Now, I want to use pundit to allow users with a role to do certain things. Where more than one type of role can do a thing, I have defined a group of…
Mel
  • 2,481
  • 26
  • 113
  • 273
6
votes
3 answers

Securely Display an Image Uploaded with paperclip gem

By Default: the paperclip gem stores all attachments within the public directory. I did not want to store the attachments within the public directory for security reasons, so I saved them within an uploads directory at the root of the app: class…
Neil
  • 4,578
  • 14
  • 70
  • 155
6
votes
2 answers

Implementing scopes in Pundit

I am using the Pundit gem (with Devise and Rolify) to restrict access to information based on logged-in user roles. At this time I have three roles for my User model defined: Admin, Client Admin, and Customer Admin. A User belongs_to a…
Rob E.
  • 194
  • 3
  • 17
5
votes
3 answers

Is there any way to mock Pundit policy authorize in request specs?

I am using Pundit for authorization on my Rails app and I am unit testing my requests. I have already successfully tested the policy but now I want to verify that my request is using that policy. I want to do it in a generic way, that I can use in…
Leticia Esperon
  • 2,499
  • 1
  • 18
  • 40
5
votes
1 answer

How do you invite another user to a "team" or "account" or "project" with Clearance and Pundit?

I have a Rails app with Clearance and Pundit and I'm trying to create "teams" where the "Team Leader" can invite other users to join their team. I would like to do something similar to devise_invitable, but with Clearance. Here is my plan for how…
Lee McAlilly
  • 9,084
  • 12
  • 60
  • 94
1
2
3
29 30