Stack Overflow
Stack Overflow

Questions tagged [pundit]

Pundit provides a set of helpers that guide Ruby programmer in leveraging regular Ruby classes and object oriented design patterns to build a simple, robust and scaleable authorization system.

439 questions
0
votes
1 answer

Authorization with pundit

User has package. User belongs to package and package has many users.One to many relation between user and package. Gold, silver,bronze are packages. So how can we authorize the user of silver package can add 100 posts per month , gold package user…
User101
  • 55
  • 1
  • 10
0
votes
0 answers

pundit rails - how to user .has_role? in another table other than role?

In using rails I run in to a situation where I have to use my own tables in authorizing the user rather that using the default role and user tables (i.e. user.has_role? on role table,). how do I implement (authorize) using my own created tables in…
mox-du
  • 107
  • 9
0
votes
1 answer

Rails 5 - Pundit - index resolve scope method

I have been trying for 3 years to learn how to use pundit with my Rails app. I have a proposal model, that I'm trying to use to show an index of proposals based on a set of rules that I'm trying to define in a resolve method. My latest attempt is…
Mel
  • 2,481
  • 26
  • 113
  • 273
0
votes
1 answer

Scope for nested resources using pundit resolve method

I am referring to my own question Rails Nested Resources with Pundit Allowing Index and finally came up with a working solution but is there not any much better solution defining scope.where(?) or scope.select(?) in the property_policy? How to get…
nicodo
  • 47
  • 7
0
votes
1 answer

Rails admin and pundit - Ensure only admins can see admin dashboard

I'm using the gem rails admin and pundit. I'm trying to ensure that only admin users can see the admin dashboard, but I've never used pundit before. I feel as though this must be a well documented answer but I can't seem to find what I'm looking for…
Bitwise
  • 8,021
  • 22
  • 70
  • 161
0
votes
1 answer

Rails 5 - Pundit - authorisation for nested resource

I am trying to figure out how to use Pundit with my Rails 5 app. I have models for Proposal, Potential and User. The associations are: Proposal has_many :potentials, inverse_of: :proposal accepts_nested_attributes_for :potentials, reject_if:…
Mel
  • 2,481
  • 26
  • 113
  • 273
0
votes
1 answer

Rails Pundit allow published content to be viewed by others while preventing others from viewing user's info

Okay, so I have a User, Book and Chapter entities in my system. If an author (User entity) publishes a book as well as a chapter, then it's available for the public to see. Let's call author Jim. That means if another normal user, named Tycus, wants…
Zhang
  • 11,549
  • 7
  • 57
  • 87
0
votes
0 answers

Is this RSpec spec actually proving that my Pundit Policy is restricting access to the show action?

I'm struggling to understand Pundit generally, but specifically how to test it. I've gotten my test to pass by ignoring some things from examples online that seemed to have no effect on what I was doing or didn't seem to be having the right info…
Lenocam
  • 331
  • 2
  • 17
0
votes
1 answer

Do I need authorization if all resources derive from current_user?

All CRUD actions in my controller are done on resources that belong to current_user, i.e. an authenticated user. E.g. @post = current_user.posts.create(title: "My title") @posts = current_user.posts.where(archived: false) When I have authorization…
Fellow Stranger
  • 32,129
  • 35
  • 168
  • 232
0
votes
0 answers

pundit returning incorrect values

I have this Application Policy: class ApplicationPolicy attr_reader :user, :record def initialize(user, record) @user = user @record = record end ... def create? user && user.admin? end def update? create? …
Oskar Jedvert
  • 183
  • 1
  • 1
  • 6
0
votes
1 answer

Multiple users authenticating and authorizing

I am a bit confused with Authorizing and Authenticating at the moment. First I need to tell you about my project. It will have two main models: Users and Pros. Users are people requesting a service. Pros are people offering services. Pros can have…
Maxence
  • 2,029
  • 4
  • 18
  • 37
0
votes
1 answer

Rails Pundit mini test assert_response Pundit::NotAuthorizedError

I am using Rails 5 API, Pundit and all is going well. I am trying to test this specific case where if you're not the resource owner, you should not be able to view that user's info. So I got a few user fixture sample data, Sarah and Jim are two of…
Zhang
  • 11,549
  • 7
  • 57
  • 87
0
votes
1 answer

Authorization settings using pundit gem rails

I'm new at rails so bear with me pls. My problem is so specific. I'm creating a User blog, where they could put any posts. So Users has a blogs, and blogs has posts. So when user create a blog, all posts in his blog should be written by him. Other…
Damir Nurgaliev
  • 341
  • 5
  • 19
0
votes
1 answer

How to use pundit policy check within tabulatr2 data definition?

I'm using tabulatr2 to handle table alike data. However I can't wrap my head around how to include pundit's policy checks in tabulatr2's data definition. So I have something akin to class MystuffTabulatrData < Tabulatr::Data column :blah buttons…
mlt
  • 1,595
  • 2
  • 21
  • 52
0
votes
1 answer

Ruby - Rails 4 - Pundit - Policy and authorization error for a route #index_fr?

Sorry, I didn't see another place to ask a question about Pundit... Thank you for your help. I am working on a Ruby on rails API and I would like to create an url (.../api/v1/attractions/fr) list some information about one of my models. But I've got…
Clémentine Houx
  • 1
  • 1
1 2 3
29 30