kolbykskk
Reputation: 111
Need help authorizing index action with Pundit
I'm using Pundit and Devise on my app. My index action looks like this in my wikis_controller:
def index
@wikis = current_user.wikis
authorize @wikis
end
I'm trying to prevent un-signed-in users to access this index action but @wikis is getting set to undefined since there is no user logged in. In return, it's not authorizing.
How can I fix this?
Upvotes: 0
Views: 412
Answers (1)
Alexander Rühle
Reputation: 233
You can authorize against the model instead of an object.
The code
authorize Wiki
will trigger the index? action in your pundit policy without the user object. In addition, you can use a scope to filter the data on a another level https://github.com/varvet/pundit#scopes.
Upvotes: 1
Related Questions
- undefined method 'authorize' with Pundit
- Pundit::AuthorizationNotPerformedError in Rails
- Pundit::AuthorizationNotPerformedError with Devise controller
- Why are `scope`-oriented actions (particularly `index` actions) treated differently in Pundit?
- Pundit authorization in index
- Pundit Authorizing Index Action with Non-directly associated models
- Pundit Policy Restrict Index action and view to specific roles
- How do I restrict authorization to a user's resource index action using Pundit? I don't think the answer is scope
- Rails Pundit Authorization not performed
- Using Pundit for authorizing controllers