Stack Overflow
Stack Overflow

Questions tagged [pundit]

Pundit provides a set of helpers that guide Ruby programmer in leveraging regular Ruby classes and object oriented design patterns to build a simple, robust and scaleable authorization system.

439 questions
0
votes
2 answers

Ruby On Rails Pundit Gem Authorizing Dashboard

How would I provide pundit authorization for a dashboard controller which provides data from various models? My DashboardsController looks like this: class DashboardsController < ApplicationController before_action :authenticate_user! …
Rich
  • 590
  • 7
  • 20
0
votes
1 answer

Need help authorizing index action with Pundit

I'm using Pundit and Devise on my app. My index action looks like this in my wikis_controller: def index @wikis = current_user.wikis authorize @wikis end I'm trying to prevent un-signed-in users to access this index action but @wikis is…
kolbykskk
  • 111
  • 2
  • 9
0
votes
2 answers

Permissions for create comments on comment_policy_spec for a post with Pundit

[UPDATED:] I'm using Pundit and I'm facing problems when I try to use for a user who is permitted with a role(like manager) on posts to create a comment. I'm practicing to do in this way testing with RSpec and polymorphic association and I want to…
rld
  • 2,603
  • 2
  • 25
  • 39
0
votes
1 answer

Authorization of lit translation dashboard

I'm working on a project where I'm trying to use lit https://github.com/prograils/lit to organise my translation file. So I've installed the gem and done the it's working. The problem is that the dashboard is now available to any user. We use…
user2320239
  • 1,021
  • 2
  • 18
  • 43
0
votes
1 answer

How to implement a group/team permission system with Rails 5 and Pundit or other gem?

From what I understand of Pundit so far, it is geared more toward allowing the current user to perform certain actions on certain controllers, but how is it possible to extend this to cover if the user is part of a team or group that that would…
chrickso
  • 2,994
  • 5
  • 30
  • 53
0
votes
1 answer

How to permit params by action and current user role in Rails with Pundit

My app allows some users to create products using Pundit. But these users do not have the same permitted params. I can't delete the keys because the logic is very complex and it's hard to read. How can I permit the params by their role? What is the…
user9211984
0
votes
1 answer

problems for Category Policy Spec with pundit gem

so I do the association of the categories and posts through categorizations. And i'm trying to restrict the access with pundit gem and testing with RSpec for to show by a category the posts. Because with this association I have something like: c =…
rld
  • 2,603
  • 2
  • 25
  • 39
0
votes
1 answer

Pundit with has_one relationship

I have two models: User and Employer. Users have one Employer. I am using pundit for authorization. With a has_one relationship how would I authorize the new and create actions? Ideally the user couldn't even go to the form if they have already…
danielsmith1789
  • 1,056
  • 1
  • 12
  • 25
0
votes
1 answer

Security when uploading images with Carrierwave

I'm using carrierwave for upload images. And I saw how to configuring file permissions like this: CarrierWave.configure do |config| config.permissions = 0666 config.directory_permissions = 0777 config.storage = :file end But I don't…
rld
  • 2,603
  • 2
  • 25
  • 39
0
votes
2 answers

Rails: Hide "Edit" and "Destroy" unless logged in as Admin

I'm brand new to rails, and am creating a simple glossary app using Rails 5 with gems Devise and Pundit. I generated an Admin model with Devise; that's the only role that needs to be logged in. I installed Pundit to create policies that would allow…
Vesper Annstas
  • 88
  • 12
0
votes
1 answer

Pundit - rails authorization: one policy for all models

I have large number of models and I need one policy (applicationPolicy) to handle their common actions. Do I need to create a policy class for each model?
user3301870
  • 21
  • 1
0
votes
1 answer

How to isolate a query inside a scope from pundit policy scope?

I'm using Rails 5 + Pundit gem and trying to fetch some chats with policy scope and model scope. Model scope has a query inside it and the problem is that policy scope applies to this inner query. The question is how to isolate the query from outer…
Anton Grigoryev
  • 1,199
  • 11
  • 20
0
votes
1 answer

Rails Pundit RSpec

I am using Pundit with Devise and think I am missing something pretty basic on RSpec. I have a simple policy that lets a user who owns the model, view it. But I have no idea how to write a FactoryBot factory for it. My policy works fine, when I…
Laurie
  • 162
  • 1
  • 11
0
votes
3 answers

Rails active record where OR clause with grandparent property

I've got a Rails Pundit Policy scope which I'm trying to figure out. If I have these 3 models: User - has many stories Story - belongs to a user and has many chapters Chapter - belongs to a story I want any user to be able to view any published…
Zhang
  • 11,549
  • 7
  • 57
  • 87
0
votes
2 answers

Rails gem pundit

I have the following hash: MAPPING = { create: [:admin], update: [:admin], delete: [:admin], index: [:all] } And I need to create pundit method dynamically in the policy class. I need to search the mapping hash all items that have admin…
gui12344455
  • 23
  • 3
1 2 3
29 30