Stack Overflow
Stack Overflow

Questions tagged [pundit]

Pundit provides a set of helpers that guide Ruby programmer in leveraging regular Ruby classes and object oriented design patterns to build a simple, robust and scaleable authorization system.

439 questions
0
votes
1 answer

Using a pundit policy to restrict scope of objects of another class

I have a model called dispatch with is a join table that relates two other models, referral requests and clinicians. In my application, a staff user will create a referral request record which houses some details about what their patient is looking…
mike9182
  • 269
  • 1
  • 3
  • 17
0
votes
1 answer

Pundit Policy Scope Not implemented properly

I have a model called Referral Request and associated table and views. I have three user roles defined using enums: enum role: { staff: 0, clinician: 1, admin: 2 } Staff users belong to universities, and universities have many staff users. My…
mike9182
  • 269
  • 1
  • 3
  • 17
0
votes
1 answer

Rails pundit gem, permit view to non signed-in users

I'm using the pundit gem in order to give permissions to three different users(Admin, seller, viewer). Currently I got everything working, admin has access to everything, seller to his own products and viewer can just view the products. The only…
Theopap
  • 715
  • 1
  • 10
  • 33
0
votes
2 answers

Rails: Basic pundit gem setup for three users

I'm using devise and I followed this in order to setup three users (admin, seller, viewer). Each user has it's on model, session_controller, registration_conttroler and views folder with all the views associated to each user. Now I'm trying to…
Theopap
  • 715
  • 1
  • 10
  • 33
0
votes
1 answer

Pundit Policy Restrict Index action and view to specific roles

I am trying to use this pundit policy to not allow users with the role clinician to access the index action on the patients controller. The scope section is currently working as I'd hoped, but with the policy as currently written I can still access…
mike9182
  • 269
  • 1
  • 3
  • 17
0
votes
1 answer

Nested Resources For Pundit Policy

I'm still trying to wrap my head around Pundit policies. I think I'm close but I've wasted too much time trying to figure this out. My Posts policy works great, but trying to authorize comments, I am getting undefined…
Taylor A. Leach
  • 2,115
  • 4
  • 25
  • 43
0
votes
1 answer

Getting "unable to find policy" when using pundit and Rails 5

I'm using Rails 5 and want to use pundit for authorization of my objects. I have added the gem to my Gemfile and have placed this in my application_controller.rb file class ApplicationController < ActionController::Base # Needed for proper…
user7055375
0
votes
1 answer

Is this an un-secure way of using strong params for rails?

I'm relatively new to rails (and coding) and my understanding isn't 100% on this, I've tried to read strong params documentation on require, and am unable to solve the issue. I've created users and admins using Pundit for a site. I've created a…
Olliedee
  • 79
  • 2
  • 10
0
votes
1 answer

How to properly scope and optimize this model queries in Rails 5 with AR

I have an API with Rails 5.0.5 in API mode. On every controller request we respond with render json: using Active Model Serializers. We use postgresql as a database. Lets suppose this is my database: Given that all the queries need the user to be…
rccursach
  • 305
  • 3
  • 14
0
votes
1 answer

Rails5 - Undefined local variable but it's global

I am getting the following error in Rails: undefined local variable or method `current_user' for # Did you mean? @current_user The code fragment corresponding to that error is: authorize @current_user As you can…
Pieter De Clercq
  • 1,951
  • 1
  • 17
  • 29
0
votes
0 answers

How to respond with 403 (forbidden) for index action on nested resource?

Suppose we have the following setup in a ruby-on-rails (API) application: class User < ActiveRecord::Base has_many :posts has_many :friends, class_name: User # Via a joins table.... end class Post belongs_to :user end When visiting…
Tom Lord
  • 27,404
  • 4
  • 50
  • 77
0
votes
2 answers

Pundit scope published but not expired date condition

If I only want to return Proposals that are published but not expired, is this possible with Pundit? So far, I have this: class ProposalPolicy < ApplicationPolicy class Scope < Scope def resolve if @user.admin? scope.all …
Zhang
  • 11,549
  • 7
  • 57
  • 87
0
votes
1 answer

Rails Pundit how the policies are worknig?

I have a web application in ruby on rails with devise as the authentication and pundit as the authorization. I have a model user with an integer role attribute with values 0, 1, 2, for visitor, vip, and admin respectively. I also have a scaffold,…
Meysam Fozi
  • 13
  • 6
0
votes
1 answer

Getting boolean instead of record when authorizing with Pundit

According to the Pundit readme authorize should return the record, yet when I'm calling it I'm getting true. authorize returns the object passed to it, so you can chain it like this: Controller: def show @user = authorize…
max
  • 96,212
  • 14
  • 104
  • 165
0
votes
1 answer

Pundit with namespaced controllers

The policy_scope works perfectly finding the correct policy named Admin::RemittancePolicy but authorize method not. module Admin class RemittancesController < AdminController # :nodoc: ... def index @remittances =…
Bruno Wego
  • 2,099
  • 3
  • 21
  • 38
1 2 3
29 30