Highest Voted 'pundit' Questions

4

votes

1 answer

Pundit authorizing current user

My policy for creating, updating & destroying "likes" requires the user to be logged in. I have worded the policy as follows: class LikePolicy < ApplicationPolicy def create? user && record.user_id == user.id end def update? create? …

ruby-on-rails pundit

asked Sep 07 '15 at 01:35

Dercni

1,216
3
18
38

4

votes

1 answer

Redirect to specific view if Pundit not authorized for show action

I have the following action for my proposals controller: def show @proposal = Proposal.find(params[:id]) authorize @proposal end I have the following policy: class ProposalPolicy attr_reader :current_user,…

ruby-on-rails ruby-on-rails-4 model-view-controller authorization pundit

asked Sep 01 '15 at 02:24

james

519
3
10
19

4

votes

2 answers

Pundit : Custom redirection within one user action

I'm trying to centralize authentification in pundit policies instead of having it in my controllers. It works well but I lost some flexibility in customizing redirection and flash message. How could I transfer the information about which…

ruby-on-rails redirect pundit

asked Aug 13 '15 at 08:33

Lilian Bich

41
5

4

votes

2 answers

Authorise user to edit a particular field using Pundit in Rails

I'm running Pundit in my Rails app for authorisation. I seem to be getting the hang of it all but want to know how to restrict the edit or update actions to a certain field. For example, a user can edit their user.first_name, user.mobile or…

ruby-on-rails authorization pundit

asked Mar 19 '15 at 06:59

Jay Killeen

2,832
6
39
66

4

votes

1 answer

Pundit authorizaton for files uploaded with Refile gem

How would I do authorization on files uploaded with Refile gem using Pundit? I have uploaded files which should be restricted to the user that uploaded them, but anyone with the url that Refile's attachment_url generates can access the file. Since…

ruby-on-rails pundit refile

asked Mar 01 '15 at 16:29

Jerome

43
3

4

votes

4 answers

How to make pundit policies more DRY?

In one of my project I started to using pundit gem and I have a very simply policy that looks like this: class CompanyPolicy < ApplicationPolicy def index? true if user.is_a? Administrator end def new? true if user.is_a?…

ruby-on-rails ruby pundit

asked Feb 16 '15 at 07:45

Mateusz Urbański

7,352
15
68
133

4

votes

3 answers

How to use a default app/policies/application_policy.rb?

When ever I create a new scaffold I'd like to use it the default pundit config which is available in app/policies/application_policy.rb. Without creating one model_name_policy.rb I always get unable to find policy errors. How can I use the defaults…

ruby-on-rails pundit

asked Dec 17 '14 at 09:48

wintermeyer

8,178
8
39
85

4

votes

3 answers

Rspec spec failing -- undefined method `permissions' for RSpec::ExampleGroups::UserPolicy:Class (NoMethodError)

I'm installing an app with Pundit authorization and when I try to run RSpec tests I get: undefined method `permissions' for RSpec::ExampleGroups::UserPolicy:Class (NoMethodError)

ruby-on-rails devise pundit

asked Sep 10 '14 at 11:53

gtheys

501
3
19

4

votes

1 answer

How to authorize ActiveAdmin resources with Pundit?

With CanCan, the load_and_authorize_resource helper method could be called in a global before_filter (in the application_controller). This would ensure that all ActiveAdmin controller actions too got authorized inherently. But with Pundit, there is…

ruby-on-rails activeadmin cancan pundit

asked May 06 '14 at 15:26

Anjan

1,613
1
19
25

3

votes

1 answer

Pundit Scope Involving Belongs_To Association

I have a Pundit policy for the Entity model and I'm trying to implement a scope. I have the following models: Entity belongs_to :project Project has_many :entities has_many :assignments has_many :account_users, through: :assignments,…

ruby-on-rails pundit

asked Jan 01 '22 at 19:53

jackerman09

2,492
5
29
46

3

votes

2 answers

OAuth install - how to create a session that persists across requests?

I'm trying to implement the OAuth protocol so I can access the Shopify API as a third party API service in my Rails 6 app. I'm able to get 3/4ths of the way through the OAuth process, but I can't seem to make the POST request to send from my Rails…

ruby-on-rails ruby oauth shopify pundit

asked Aug 13 '19 at 22:41

greenie-beans

440
1
5
15

3

votes

2 answers

Invalid Constructor Error for Pundit Policy Scopes when using OR (logical union) queries

I'm seeing this kind of error: Invalid # constructor is called but it's very strange because removing the or() method seems to bypass the error - but I need this method to find Groups that belong to a particular user AND find…

ruby-on-rails ruby scope authorization pundit

asked Dec 21 '18 at 19:58

g2n

31
3

3

votes

0 answers

Pundit is working correctly, but returning a 200 instead of 401 for unauthorized users

I have specs like this: it "should let a user destroy their own picture" do expect do delete :destroy, { id: p1.id } puts "\n\nOK resp\n#{response.status}\n\n\n" end.to change { Picture.count }.by(-1) end it "should not let a user…

ruby-on-rails pundit

asked Jul 04 '18 at 05:47

Peter R

3,185
23
43

3

votes

0 answers

Running Rspec tests on Pundit policies not cleaning up data after each test

Rails 5.2 Rspec 3.7 Pundit 1.10 The following Rspec test for my policy fails with an error: spec/policies/proofreader/dashboard describe Proofreader::DashboardPolicy do subject { described_class } context 'accessing the proofreader…

rspec ruby-on-rails-5 pundit

asked Feb 25 '18 at 04:10

chell

7,646
16
74
140

3

votes

2 answers

ApplicationController not rescuing Pundit Not Authorized Error

I'm using Rails 5.2, Pundit 1.1, and rails_admin 1.2 I have the following in my application_controller.rb: class ApplicationController < ActionController::Base protect_from_forgery with: :exception include Pundit rescue_from…

ruby-on-rails rails-admin pundit

asked Jan 20 '18 at 00:07

chell

7,646
16
74
140

Questions tagged [pundit]