Skip to content
Extensions and helpers for Pundit
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib version bump Aug 13, 2016
spec Add support for permitted_attributes (#7) Aug 13, 2016
.gitignore 100% test coverage with simplecov Feb 10, 2016
.rspec initial commit Feb 9, 2016
.travis.yml maintenance update Apr 23, 2019
Gemfile maintenance update Apr 23, 2019
LICENSE initial commit Feb 9, 2016
README.md maintenance update Apr 23, 2019
Runfile update dependencies Apr 1, 2017
config.ru spec: initial take on improved specs Feb 9, 2016
pundit_extra.gemspec maintenance update Apr 23, 2019

README.md

PunditExtra

Gem Version Build Status Maintainability


This library borrows functionality from CanCan(Can) and adds it to Pundit.

  • can? and cannot? view helpers
  • load_resource, authorize_resource, load_and_authorize_resource and skip_authorization controller filters

The design intentions were:

  1. To ease the transition from CanCanCan to Pundit.
  2. To reduce boilerplate code in controller methods.
  3. To keep things simple and intentionally avoid dealing with edge cases or endless magical options you need to memorize.

Install

Add to your Gemfile:

gem 'pundit_extra'

Add to your ApplicationController:

class ApplicationController < ActionController::Base
  include Pundit
  include PunditExtra
end

View Helpers: can? and cannot?

You can use the convenience methods can? and cannot? in any controller and view.

  • if can? :assign, @task is the same as Pundit's policy(@task).assign?
  • if can? :index, Task is the same as Pundit's policy(Task).index?
  • if cannot? :assign, @task is the opposite of can?

Autoload and Authorize Resource

You can add these to your controllers to automatically load the resource and/or authorize it.

class TasksController < ApplicationController
  before_action :authenticate_user!
  load_resource except: [:index, :create]
  authorize_resource except: [:create]
end

The load_resource filter will create the appropriate instance variable based on the current action.

The authorize_resource filter will call Pundit's authorize @model in each action.

You can use except: :action, or only: :action to limit the filter to a given action or an array of actions.

Example:

class TasksController < ApplicationController
  before_action :authenticate_user!
  load_resource except: [:edit, :complete]
  authorize_resource except: :index

  def index
    # this happens automatically
    # @tasks = policy_scope(Task)
  end

  def show
    # this happens automatically
    # @task = Task.find params[:id]
    # authorize @task
  end

  def new
    # this happens automatically
    # @task = Task.new
    # authorize @task
  end

  def create
    # this happens automatically
    # @task = Task.new task_params
    # authorize @task
  end

end

In addition, you can use:

  • load_and_authorize_resource which is a combination shortcut for load_resource and authorize_resource
  • skip_authorization which sends skip_authorization and skip_policy_scope to Pundit for all (or the specified) actions.

Credits

Thanks for building awesome stuff.


You can’t perform that action at this time.