Pundit provides a set of helpers that guide Ruby programmer in leveraging regular Ruby classes and object oriented design patterns to build a simple, robust and scaleable authorization system.
Questions tagged [pundit]
439 questions
0
votes
1 answer
Rails - Pundit - how to check for current_admin_user?
I am using Pundit for authorization for my User model.
My goal is to extend this to use my AdminUser model, specifically for my admin namespace.
By default, Pundit checks for a "user" or "current_user". How can I change this to check for a…
Kobius
- 674
- 7
- 28
0
votes
1 answer
Rails - using Pundit with a separate admin namespace
I currently have Devise and Pundit working great in a closed system that requires a user be logged in to see anything.
The new goal: How can I use Pundit to require an AdminUser be logged in to access the Admin namespace?
I have a separate AdminUser…
Kobius
- 674
- 7
- 28
0
votes
1 answer
Rails - Pundit, how to show controller index only for not logged in users
I'm using Pundit for my authorization, I'm brand new to it and have only previously worked with Cancan and Cancancan.
I have an index page that does not have a model. This page should ONLY be visible to not logged in users (guests only).
I can only…
Kobius
- 674
- 7
- 28
0
votes
2 answers
Ruby on Rails - pundit - unknown action for controller
this question is referring to this specific question.
I use pundit as my authorization gem and I want that only the user info that belongs to user X can be downloaded by user X. Right now i have http://localhost:3000/download.csv as my link to…
benl96
- 274
- 3
- 18
0
votes
1 answer
Rails Pundit unable to find policy of nil only on Create action after adding restrictions on some params
I've modified one of my Goal.rb model to only allow one field to be edited by admins. This model and all actions within it was working prior to this update. This update also works for the edit action, but on the create action…
Olliedee
- 79
- 2
- 10
0
votes
1 answer
Pundit - authorize not being called, but no error is being thrown
I'm using pundit for authorization. It's not working as expected, but when calling authorize no error is being thrown to say no method.
spec:
it "should let a user destroy their own picture" do
sign_in(user2)
expect do
delete :destroy, { id:…
Peter R
- 3,185
- 23
- 43
0
votes
1 answer
How do you use pundit for partial authorization
Consider the following block of ruby on rails code:
<% unless current_user %>
<%= card title: 'Things you can do', bodyless: true do %>
-
american-ninja-warrior- 7,397
- 11
- 46
- 80
0
votes
1 answer
Pundit Authorizing Index Action with Non-directly associated models
I am struggling to authorize an index for a model that doesn't have a direct relationship with my User model. Actually, I am struggling to wrap my head around the idea of Pundit scopes.
I understand that I can't authorize @sites within my…
Rich
- 590
- 7
- 20
0
votes
1 answer
How could I could refactor a Pundit Policy to make it more DRY?
I'm new to using Pundit with Rails and have a new policy for my Artist model that is working as I expect it to, but I'm not clear on a good way to refactor it to make it more DRY. Specifically, it seems that I'm calling authorize @artist way too…
Lee McAlilly
- 9,084
- 12
- 60
- 94
0
votes
1 answer
Skip authorize at a specific point inside a Rails method
I have an if else statement in which I check whether certain companies have been selected before. If a list is empty I want to pass @companies = "Empty" so I can use it to render a different view. Pundit however requires to be given a company.
Is…
Pimmesz
- 335
- 2
- 8
- 29
0
votes
1 answer
How a proper way to test with RSpec a unchecked checkbox in PostController
I'm doing this test controller with RSpec on post_controller, but I'm having difficult to evaluate the users who don't have permission for check the categories.
expect(posting.categories).to have_unchecked_field("Sports")
This test it's like a way…
rld
- 2,603
- 2
- 25
- 39
0
votes
2 answers
With Ruby on Rails 5, how can I have Pundit redirect back when not authorized to the same stored_location_for() Devise uses?
I have followed the Devise wiki on how to set up a store_user_location! method to redirect back to the previous page after sign_in/sign_out and would like to use this same method for redirecting with Pundit after a user_not_authorized is triggered…
chrickso
- 2,994
- 5
- 30
- 53
0
votes
1 answer
Rails rspec testing factorybot returning symbol
I would like to see if users have authorization to certain pages in my application. For this I am using rSpec and FactoryBot as my fixtures replacement.
I have two factories, one for the role which has_many users and a user that belongs_to a…
Trenton Tyler
- 1,692
- 3
- 24
- 53
0
votes
1 answer
Matcher for checkboxes on RSpec
I have a Post with checkboxes for Categories like post_categories
I was trying a matcher on RSpec like:
expect(page).not_to have_checkbox "Sports"
but this matcher not exist. I'm trying different ways. But I'm having difficult on which way is the…
rld
- 2,603
- 2
- 25
- 39
0
votes
3 answers
Pundit: Authorize specific resource to differently named controller
Let's say I am using the Pundit gem for authorization. I have the following controller:
class BlogsController < ApplicationController
before_action :check_authorization
...
private
def check_authorization
authorize :blog
…
Neil
- 4,578
- 14
- 70
- 155