ruby on rails - I'm struggling to understand how to use Pundit. Any help would be greatly appreciated -


i've been trying wrap head around concept of policy, seems straightforward enough--a policy set of rules access system privileges , resources determined.

simple enough.

so, in order user within system access list of, say, every other user within system, they'd require necessary credentials (e.g., maybe being administrator or being logged in registered user). i'm struggling understand @ basic level how use pundit accomplish this. case documentation lots of open-source software i've attempted learn, pundit documentation seems @ best allude how tool should work not provide full , concrete example of basic use case. i'm looking here "hello world" example don't spend 3 or 4 days piecing confused , half-working implementation myself small this. furthermore, examples pundit provide serve confuse matters worse.

i've created test application attempts use devise (which seem understand , able use enough) , pundit in combination. far:

  • a user can register site.
  • a user can log in , log out.

now, i'd do--which basic , shouldn't have furrowing brow soon--is restrict user's access users index page based on whether logged system, , it's here i'm stuck.

what have tried far?

  • i've installed pundit per documentation.
  • i've included pundit in application_controller.rb

  • i've generated user policy, looks this:

    class userpolicy < applicationpolicy   class scope < scope     puts "inside userpolicy scope."     attr_reader :user      def initialize(user)       @user = user     end      def index       puts "you've hit index."     end      def resolve       scope     end   end end   class userscontroller < applicationcontroller   before_filter :authenticate_user!   after_action :verify_authorized   def index     @users = user.all     authorize current_user   end end

at point, i'm lost how associate two--the userpolicy class , userscontroller.

i seem @ least able print console message "inside userpolicy scope." otherwise see following error message in browser:

"not allowed index? #"

what missing and, if nothing else, gap in own knowledge that's making , other rails-related tools difficult learn? i'm professional software engineer (historically, i've been front-end engineer , have within last couple of years been working become full-stack engineer), find myself getting stuck far open-source tools one.

pundit plain ruby objects set in rails structure.

i think confusion trying authorize user, think of more resource perspective. limiting users access object via restful action. scopes limit can see, instance, admin scope.all, single user not allowed or able scope on users controller.

in application policy define helpers group types of users. here example. 

class ticketpolicy < applicationpolicy   class scope < struct.new(:user, :scope)      def resolve        #allows government see organization        # allows citizens see nothing        if user.government?          scope.where(:organization_id => user.organization_id)        else          scope.where(:id => 0)        end      end   end     def index?     is_government   end    def show?     is_government && is_inside_organization(@record)   end    def create?     is_government && is_inside_organization(@record)   end    def new?     is_government && is_inside_organization(@record)   end    def update?     is_government && is_inside_organization(@record)   end    def edit?     if user.employee?       return is_mine(@record) && is_inside_organization(@record)     end     is_government && is_inside_organization(@record)   end    def destroy?     false   end end

this limits access groups/roles , in controller call

authorize @thing

then pundit take care of access based on policy.


Comments

Post a Comment

Popular posts from this blog

c# - Validate object ID from GET to POST -

i have method allows user access comment have made on site. have post method lets them update comment. my normal solution send entire comment model through, let them update it, update on database when post back. involve sending commentid through in hiddenfor , can manipulated. how can verify commentid sent in get method same i'm getting in post , not able alter comment wish? how can verify commentid sent in method same i'm getting in post? basically have validate following things in post - user logged-in user. authenticated users post comments. commentid in post , should valid commentid , should present in database. userid associated logged-in user should same userid associated comment . comment should contain userid column, can check @ time of update. to make sure update happens comment has been sent in get - hold commentid in session , in post action compare commentid value in session .
Read more

node.js - Custom Model Validator SailsJS -

when using custom model validator checks record within model. return within spread doesn't seem end control flow. //post.js model /** * custom validator **/ types: { isuservalid: function(user_id) { var promise = require('bluebird'); promise.all([ user.findone({id: user_id}) ]) .spread(function(user) { console.log(user); if (user === null || user === undefined) { console.log('failed'); return false; }else{ console.log('passed'); return true; } }); } }, my response standard validation failed response. { "error": "e_validation", "status": 400, "summary": "1 attribute invalid", "model": "post", "invalidattributes": { "owner": [ { "rule": "isuservalid", ...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more