You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
for example , I have two models with the has_many relations:
Goods has_many Orders
I want to ensure only the Goods' owner can modify the orders.
I created two policy classes
classGoodsPolicydefadmin?# some approach to judge weather the user is an admin and can modify the goods.endendclassOrderPolicydefedit?authorize@order.goods,:admin?endend
To use the authorize method in a policy class, I must add this to the OrderPolicy class:
includePunditdefcurrent_user@userend
My question is that this is an right usage of Pundit? Or there is an more ideal approach?
BR.
The text was updated successfully, but these errors were encountered:
There are others here better informed on the best practice for what you're trying to do, but there's definitely no need to call authorize from within the policy.
Hi
for example , I have two models with the has_many relations:
I want to ensure only the Goods' owner can modify the orders.
I created two policy classes
To use the
authorize
method in a policy class, I must add this to theOrderPolicy
class:My question is that this is an right usage of Pundit? Or there is an more ideal approach?
BR.
The text was updated successfully, but these errors were encountered: