You’re not receiving notifications from this thread.
Pundit for RESTFUL actions on Model fields
Hey does anyone know how to use Pundit to control a users ability to edit a field. I'd like all users to be able to change simple things like their name but I want admins to be the only one's who can change the security things like 'roles' (as this determines what access they have to other parts of the app).
You'll want to set up the strong_params method to point to the Pundit scope for the user. That can return the list of fields you want to allow them to edit since it will be different for different types of users.
Check out this section in their readme. https://github.com/elabs/pundit#strong-parameters
Cheers I'll take a look into that. I did read the part on strong parameters but didn't realise it would be for action based authorisation.