Stack Overflow
Stack Overflow

Questions tagged [pundit]

Pundit provides a set of helpers that guide Ruby programmer in leveraging regular Ruby classes and object oriented design patterns to build a simple, robust and scaleable authorization system.

439 questions
2
votes
2 answers

Rails Company-specific user permissions with Pundit

I'm actually not sure if this is a Pundit or general permissions architectural problem, but I setup a simple Pundit policy to restrict the actions a member within a company can perform. Users are joined as a Member to a company in a has_many,…
VegaStudios
  • 378
  • 1
  • 4
  • 22
2
votes
1 answer

How can you set up a multi-tenant Rails app without using subdomains?

I'm trying to create a SAAS e-commerce tool with a backend for staff that also allows customers to have accounts and checkout on the front end. I'm struggling with how to design this so that the Company, Account Owners, Staff, and Customers are all…
Lee McAlilly
  • 9,084
  • 12
  • 60
  • 94
2
votes
0 answers

How to use before_action methods of Pundit in rails grape api

I'm mounting Grape in my Rails project to build a RESTful API. Web applications application controller runs verify_authorized after every action. class ApplicationController < ActionController::Base include Pundit protect_from_forgery with:…
Akash Kinwad
  • 704
  • 2
  • 7
  • 22
2
votes
1 answer

Export all user policies using Pundit gem

How do I can retrieve all user policies and scopes using Pundit Gem? I need to return a json object with all user policies to check permissions in Frontend javascript templates. Using CanCanCan gem, I can do something like this: class Ability …
plcosta
  • 345
  • 4
  • 9
2
votes
1 answer

pundit rspec - uninitialized constant UserPolicy, why?

Looking for some help, Im a noob to Rspec and pundit, I was following an example to setup pundit and have the testing of it, but all the test are failing with NameError: uninitialized constant UserPolicy # ./spec/policies/user_policy_spec.rb:1:in…
Phil
  • 765
  • 2
  • 8
  • 26
2
votes
1 answer

How do I pass extra context to Pundit scopes?

I have a system where a User can be associated with many Portals, however a user's permissions may differ between portals. For example, a user might be able to see unpublished posts in one portal, but not in another portal. For methods like show?,…
Obversity
  • 567
  • 2
  • 9
  • 21
2
votes
1 answer

Create Pundit Policies to API controller methods

How to create Policies for API-Controller's using Pundit gem? Api controller path: /app/controllers/api/posts_controller.rb #posts_controller.rb class Api::PostsController < ApplicationController def create ...... end def update …
Chetan Datta
  • 447
  • 9
  • 19
2
votes
3 answers

The elegant way to permit parameters by current user's role in Ruby on Rails?

My application has 3 roles: :admin, :manager, :editor and allows all of them to create products. But these users do not have the same permitted params. :admin => params.require(:product).permit(:a, :b, :c, :d) :manager =>…
fongfan999
  • 2,565
  • 1
  • 12
  • 21
2
votes
1 answer

How different model use same sign in page in rails

This is my first rails app and I'm quite new to rails. I created a user model with devise, added roles(admin, owner) to the user model using pundit. user.rb class User < ApplicationRecord has_many :owners, dependent: :destroy enum role:…
sun
  • 1,832
  • 4
  • 19
  • 31
2
votes
1 answer

Rails/Pundit - Restrict certain attributes to certain user roles

So I'm using the Pundit gem to allow/disallow users to access routes, and it's working fine for that. I have a certain requirement where for users, both admin and non-admin can create a user, but only admin can restrict a user(Users are restricted…
Peter R
  • 3,185
  • 23
  • 43
2
votes
0 answers

How to stop Devise users editing other users with Pundit in Rails 5

I'm trying to figure out how to stop users from editing or deleting other users' information. I've used Devise to set up the users so don't have a users controller. The Users Policy is below. class PostPolicy < ApplicationPolicy def index? …
Caitlin Palmer-Bright
  • 58
  • 4
2
votes
1 answer

Rails 5 - Pundit Scopes

I am trying to learn how to use pundit with my Rails 5 app. I'm trying to follow the approach in this article. https://learn.co/lessons/devise_pundit_readme I am struggling to find a working result from this approach. Specifically, the line in my…
Mel
  • 2,481
  • 26
  • 113
  • 273
2
votes
1 answer

How do I restrict authorization to a user's resource index action using Pundit? I don't think the answer is scope

I'm struggling with authorization of an index action of a nested resource while using Pundit. Pundit is so slick and potentially easy, that I hate to have to cast it aside because I can't figure this out. I figure once I understand this part…
Lenocam
  • 331
  • 2
  • 17
2
votes
2 answers

ActionCable + Devise + Pundit + ApplicationController.render

I'm trying to render a template in a ActionJob to be broadcast via ActionCable. ApplicationController.render(partial: "messages/message", locals: { message: message }, assigns: { current_user: user}).squish In most instances, this works fine,…
Daniel Westendorf
  • 3,375
  • 18
  • 23
2
votes
3 answers

Is it possible to use single method to authorise multiple controller action in Rails Pundit?

I am created new rails application and I want to restrict user actions based on only one condition like record can be editable by owner(created_by) and sub-owner(Added by owner). I have models like App, User and controller like AppController. In…
Premanandh Selvakumarasamy
  • 1,332
  • 7
  • 27
1 2 3
29 30