All threads / Pundit for RESTFUL actions on Model fields

Ask A Question

Notifications

You’re not receiving notifications from this thread.

Pundit for RESTFUL actions on Model fields

Jay Killeen asked in Rails

Hey does anyone know how to use Pundit to control a users ability to edit a field. I'd like all users to be able to change simple things like their name but I want admins to be the only one's who can change the security things like 'roles' (as this determines what access they have to other parts of the app).

You'll want to set up the strong_params method to point to the Pundit scope for the user. That can return the list of fields you want to allow them to edit since it will be different for different types of users.

Check out this section in their readme. https://github.com/elabs/pundit#strong-parameters

Cheers I'll take a look into that. I did read the part on strong parameters but didn't realise it would be for action based authorisation.

Yeah, that's one of the nifty things that you can do with strong_params. It used to be that the allowed params were global, but in some cases you want to have different accepted attributes like this.

Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 38,558+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

    © 2020 GoRails, LLC. All rights reserved.