Pundit provides a set of helpers that guide Ruby programmer in leveraging regular Ruby classes and object oriented design patterns to build a simple, robust and scaleable authorization system.
Questions tagged [pundit]
439 questions
3
votes
1 answer
How Pundit passes current_user to authorize method?
Pundit's authorize takes 3 arguments, but in the controller you just need to pass 2, current_user is passed automatically. How is current_user passed?
I looked at Pundit's code, but couldn't figure it out.
rkm
- 47
- 2
3
votes
4 answers
Is it possible to use pundit authorization with graphql
I want to do something like this:
authorize record, :some_action
In resolving a graphql field or mutation(example is mutation)
module Mutations::CreateLink
CreateLink = GraphQL::Relay::Mutation.define do
name "CreateLink"
input_field…
TamRock
- 1,490
- 1
- 11
- 27
3
votes
1 answer
Do I have to define all methods in Pundit policy?
I have a Project policy that only super or admin can have access to.
It looks like this now:
class ProjectPolicy < ApplicationPolicy
def index?
super_or_admin?
end
def new?
super_or_admin?
end
def create?
super_or_admin?
…
resting
- 16,287
- 16
- 59
- 90
3
votes
4 answers
Rails testing: ensure authorization (Pundit) is enforced in all controllers and actions
I'm writing RSpec tests for a Rails 4.2 application which uses Pundit for authorization.
I'd like to test whether authorization is enforced in all actions of all controllers, to avoid unintentionally providing public access to sensitive data in case…
BrunoF
- 3,239
- 26
- 39
3
votes
1 answer
Skipping Pundit authorization with Minitest
I have tests setup for Pundit no problem using:
https://github.com/ksimmons/policy-assertions
In my case I have my Pundit / Devise system supplemented with an enrollment type system to add roles etc.
When I test my controllers I want to skip the…
Dan Tappin
- 2,692
- 3
- 37
- 77
3
votes
2 answers
How does Ruby namespace the parent class of a nested class
While working with the Ruby gem Pundit, I realized I was unsure of the way some namespacing works within Ruby and I do not like mysteries/uncertainties in my mind.
Pundit suggests you set up an application_policy.rb as so:
class ApplicationPolicy
…
mackshkatz
- 861
- 8
- 19
3
votes
1 answer
Rails 5 - using Pundit Scopes with Statesman state machine: structurally incompatible?
After many years of trying to learn how to use pundit scopes in my Rails app, I have just received an insight into why I can't get it working. Apparently, Pundit can't run an SQL query where one of the query parameters is a statesman state.
The…
Mel
- 2,481
- 26
- 113
- 273
3
votes
1 answer
Pundit policy error undefined method `image' for nil:NilClass
I have been stuck with this issue for quite some time now and not sure what I am doing wrong.
I am using Rails 4.2.5.1, Pundit 1.1.0 and Devise.
I have a blog post which displays the following:
title
author username
image
sanitized excerpt (on…
Nate
- 71
- 8
3
votes
3 answers
Rails 4 - Pundit - scoped policy for index
I am trying to learn how to use Pundit with my Rails 4 app.
I have the following models:
class User < ActiveRecord::Base
has_one :profile
has_many :eois
end
class Profile < ActiveRecord::Base
belongs_to :user
has_many :projects, dependent:…
Mel
- 2,481
- 26
- 113
- 273
3
votes
1 answer
Rails Enum issue on Has_many, through...method cannot be called from my controller
I have a Relationship model in which i establish a following relationship between users and projects. In this relationship model i use enum to distinguish the type of relationship the user has with the project (basically establishing a "role").
Now…
BB500
- 549
- 2
- 6
- 24
3
votes
1 answer
Testing a controller action by an authorized user when using Pundit
How do you test a controller action (eg. show) for an authorized user when the app uses Pundit for authorization.
Info:
class PlansController < ApplicationController
before_action :authenticate_user!
def show
@plan =…
domtiedom
- 61
- 5
3
votes
2 answers
Rails 4 + Pundit : join model authorization in has_many :through association
In my Rails app, there are 3 models, defined by a has_many :through association:
class User < ActiveRecord::Base
has_many :administrations
has_many :calendars, through: :administrations
end
class Calendar < ActiveRecord::Base
has_many…
Thibaud Clement
- 6,607
- 10
- 50
- 103
3
votes
0 answers
Pundit, Devise - Authorization with multiple devise models
Setting up authorization for two separate Devise models in a Rails application. Only the current signed in medical_student should be able to edit or delete their profile. Other medical_students should be able to view other medical_students and…
William Holt
- 549
- 4
- 14
3
votes
0 answers
Github style permissions - Multi-tenant or complex Authorizations?
I’m building a multi-tenant application using Rails 4, Postgres, and Devise. Act as Tenant is being used for the partitioning, and devise for authentication. I haven’t chosen an authorization scheme, but leaning towards Pundit.
I had a feature…
pchowdhry
- 303
- 5
- 12
3
votes
1 answer
Using Pundit for all-access "super_admin" role
I'm wondering the best/simplest way to give a user "super_admin" access using the Pundit gem -- or, what's the simplest way to give a user access to all controller actions across the site?
I realize I can edit the policy file for each controller,…
FireDragon
- 9,325
- 4
- 27
- 34