pundit

Rails API/Pundit: Strong parameters with ActiveModelSerializers

为君一笑 提交于 2019-12-11 14:55:33
问题 This section of Pundit section says that we could control which attributes are authorized to be updated. But it fails in case of the use of active_model_seriallizers gem: def post_params # originally geneated by scaffold #params.require(:post).permit(:title, :body, :user_id) #To deserialize with active_model_serializers ActiveModelSerializers::Deserialization.jsonapi_parse!( params, only: [:title, :body, :user] ) end If I modify the PostsController update action as Pundit suggested: def

Switching Apartment tenants in Active Admin

依然范特西╮ 提交于 2019-12-11 10:37:49
问题 This is an extension of my previous post: Active Admin and the Apartment Gem I thought I had this working but I am stuck. I have a Company model in the public schema as the tenant model and Locations in individual tenants. Here is my Active Admin location.rb file: ActiveAdmin.register Location do #Apartment::Tenant.switch!('abc') controller do #Apartment::Tenant.switch!('abc') before_filter do Apartment::Tenant.switch!('abc') skip_authorization skip_policy_scope end end end The skip

Serving files through a controller with carrierwave and restricts with Pundit gem on Post model

亡梦爱人 提交于 2019-12-11 05:44:04
问题 I'm trying to upload a file of a photo with carrierwave and restrict(for be protected of others who don't be allowed to watch that file and after do this action until the post be published) the file with pundit. So I create another controller for Attachments: class AttachmentsController < ApplicationController def show attachment = Attachment.find(params[:id]) authorize attachment, :show? send_file attachment.file.path, disposition: :inline end end My AttachmentPolicy: class AttachmentPolicy

Active Model Serializer and Pundit deleting records during a Show CRUD action

北战南征 提交于 2019-12-11 05:14:00
问题 Okay, something is seriously broken here... I am using Active Model Serializer and Pundit for my Rails 5 JSONAPI server and Ember for my frontend application. I have User model and Pundit policy for User model which prevent non-authors from viewing unpublished stories and chapters. At the moment, I am seeing a weird problem which goes like this: 1. UserA creates StoryA, and two published chapters Chapter1 and Chapter2 2. UserA then creates two unpublished chapters Chapter3 and Chapter4 3.

Rails 4 - pundit - how to write if statement to check user permissions

邮差的信 提交于 2019-12-11 01:08:08
问题 I'm trying to learn how to use pundit with my Rails 4 app. I have a potential use policy. The potential use table has an attribute called :user_id. I want users to be permitted to update instances if they created them. I'm trying to figure out how to get the update action to work. My current attempts are shown below. class PotentialUsePolicy < ApplicationPolicy attr_reader :user, :record def initialize(user, record) @user = user @record = record end def index? true if user.is_admin? end def

Why does before_action :authorize fail with 'wrong number of arguments'?

↘锁芯ラ 提交于 2019-12-10 18:29:45
问题 I have set up Pundit together with Devise for authorization on my application. In one of my controllers, I have before_action :authorize . I then have the following test: describe SomeController do before(:each) do login_user(FactoryGirl.create(:user, :user_type => :admin)) end describe "GET index" do it "it retrieves the index" do something = FactoryGirl.create(:Something) get :index assigns(:something).should eq([something]) end end end I receive the error: wrong number of arguments (0 for

Pundit::PolicyScopingNotPerformedError

扶醉桌前 提交于 2019-12-10 17:34:55
问题 I am fairly new to using this Pundit gem but seem to be having trouble understanding the policy system. From everything I have read it all appears to be correct though I am still getting an error Application Controller class ApplicationController < ActionController::Base include Pundit protect_from_forgery before_filter :authenticate_person! # Verify that controller actions are authorized. Optional, but good. after_filter :verify_authorized, except: :index after_filter :verify_policy_scoped,

Rails 4 - Pundit - how to write a scope

旧巷老猫 提交于 2019-12-10 11:09:19
问题 Im trying to learn how to use Pundit with Rails 4. I have been trying to learn this for the last 2 years and am slowly making a tiny bit of progress. I am also trying to learn how to write scopes. I'm still trying to figure out how to translate advice into plain english so that I can begin to understand. I'm getting stuck at the intersection of the scopes pundit policies use and the general scope class that I can write in a model. I have models for Uer, Profile and Project. The associations

Rails 4 - Pundit, Scopes: Getting Started

对着背影说爱祢 提交于 2019-12-08 20:15:30
I am really struggling in my efforts over the past 2+ years to try to learn how to use pundit. I am trying to write scoped policies, so that different users can receive objects based on the scope class that they fit into. I have asked several questions on the same topic previously, but I'm not getting any closer to a solution. My recent questions are: here , here , here , here , here and here . There are several others but these give the general picture, that I am struggling with the fundamentals of how to get started. I have a million problems with getting started and realise that after 4

Pundit with Rails plus User, Admin and Roles Models

徘徊边缘 提交于 2019-12-08 02:13:23
问题 Following on from Rails_admin: Should I have admin_user or user with admin role to manage users and admin panel I'm wanting to adopt Pundit for its policy elegance for an application. The application has both a User model and an Admin model - one for customers, the other for staff. It is also multi-tenanted, though that should not impact the problem terribly. I'd also like to have a separate Role model, allowing customers to mix-and-match their own "title" for a Role as they need. This again
订阅 pundit