Stack Overflow
Stack Overflow

Questions tagged [pundit]

Pundit provides a set of helpers that guide Ruby programmer in leveraging regular Ruby classes and object oriented design patterns to build a simple, robust and scaleable authorization system.

439 questions
3
votes
2 answers

Why pundit can't find policies in controller tests?

The controller: class UsersController < ApplicationController def index ... authorize User end ... The policy: class UserPolicy < ApplicationPolicy def index @user.admin? end end The test: class…
x-yuri
  • 16,722
  • 15
  • 114
  • 161
3
votes
1 answer

how can I read instance variable in rails controller action to pundit policy

controller show action def show @batch = Batch.find(params[:id]) @batch_id = @batch.id authorize @batch end pundit policy def show? puts @batch_id if !current_user.nil? && (current_user.role?('Student')) || …
Gopi Raju
  • 219
  • 3
  • 13
3
votes
1 answer

How do I create a spec which verifies Pundit rejects users that are not logged in?

I'm using the Pundit gem for authorization on my closed system Ruby on Rails application (using Rails 4.1.5 and Rspec 3.0) I've configured my application policy to raise an exception when the user is not defined as recommended in the Pundit…
TwiceB
  • 959
  • 7
  • 16
3
votes
1 answer

Rails/Pundit ArgumentError

In an exercise, I'm trying to create authorization such that a user needs to be either the post's owner or the general administrator, on top of being present and logged-in to update a post. I am trying to implement a pundit policy (using Devise for…
Jayzz55
  • 117
  • 2
  • 6
3
votes
3 answers

Using Pundit and getting Render and/or redirect were called multiple times

I'm getting the following error when a user isn't allowed to see a page with authorization rules by pundit: Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per…
Pavan Katepalli
  • 2,372
  • 4
  • 29
  • 52
3
votes
2 answers

devise 'authorize User' results in undefined method

I'm starting with the Rails 4.1 Pundit / Devise app from RailsApps.org and continue to get undefined method errors when 'authorize User' is called in the User controller. The user can register, log in, and edit their account info. When the Users…
user3799635
  • 45
  • 1
  • 8
3
votes
2 answers

Why does before_action :authorize fail with 'wrong number of arguments'?

I have set up Pundit together with Devise for authorization on my application. In one of my controllers, I have before_action :authorize. I then have the following test: describe SomeController do before(:each) do …
Dofs
  • 17,737
  • 28
  • 75
  • 123
3
votes
2 answers

Where is user.admin? defined in rails-devise-pundit starter app?

I used RailsApps rails-composer to create a rails-devise-pundit starter application. I am still a little new to ruby on rails and newer to devise, pundit and rails 4. I was looking at the code to learn how it works. There are many places in…
Mike F.
  • 69
  • 1
  • 9
3
votes
2 answers

Using policy helper in Pundit with no instance variable available

So I decided to give a try to pundit user authorization solution. I wonder how to use the policy helper in view where an instance variable might be nil, as in the simple case below: app/views/projects/index.html.slim h1 Projects (...) - if…
Kulbi
  • 961
  • 1
  • 10
  • 16
2
votes
1 answer

Pundit context access

An application defines a pundit user according to its context of shop def pundit_user CurrentContext.new(current_user, @shop) end In practice, the following policy for Contact class def initialize(user, contact) @user = user …
Jerome
  • 5,583
  • 3
  • 33
  • 76
2
votes
4 answers

In Ruby, can you decide from a main method to return or continue when calling a submethod?

I'm using Pundit gem for my authorization classes, where each controller action is checked against the model policy, to see if action is allowed by the user. These methods are sometimes becoming quite bloated and unreadable, because I'm checking…
bo-oz
  • 2,842
  • 2
  • 24
  • 44
2
votes
0 answers

How can i pass current_admin_user to pundit?

I don't use user only admin_user I tried to do as written here, but it doesn't work for me. ApplicationController: class ApplicationController < ActionController::Base include Pundit def pundit_user current_admin_user …
SsPay
  • 177
  • 1
  • 10
2
votes
1 answer

Pundit::NotAuthorizedError / Problem with pundit authorize

I'm trying to update user's adress in a form but i dont understant why i'm not authorize to perform, this is my code : class AddressesController < ApplicationController def update @address = current_user.addresses.last authorize @address …
Benoît Bargès
  • 43
  • 7
2
votes
1 answer

How to override policy class in view

I'm trying to use the Pundit gem which lets you override the policy class in the controller like this def create @publication = find_publication # @publication.class => Post authorize @publication, policy_class: PublicationPolicy …
vince
  • 2,374
  • 4
  • 23
  • 39
2
votes
2 answers

How can I avoid double render in this situation?

I have an issue with this code in my controller: class Api::V1::BaseController < ActionController::API include Pundit after_action :verify_authorized, except: :index after_action :verify_policy_scoped, only: :index rescue_from…
Broquel
  • 64
  • 9
1 2 3
29 30