You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Pundit is all about conventions, and having params nested under a key is, like it or not, a very strong convention in the Rails world. It's really easy to override permitted_attributes to do whatever you want in your controller. If you're building an API which uses root level params, that's what you should do IMO. We can bend over backwards trying to accomodate all possible ways people might use Pundit, but I don't think that's a good idea.
Rather see Pundit as a set of ideas, and if they don't suit you somehow, it's easy to override them.
I'm using Pundit in my API, and was going to try to filter parameters based on user role.
My issue is that instead of my requests being like the following for updating a user:
They are formatted like this:
The default method for permitted_attributes in Pundit source is here:
It would be great to have an options hash for this method that could specify something like not to use the
.require(name)
part.The text was updated successfully, but these errors were encountered: