Pundit for RESTFUL actions on Model fields
Hey does anyone know how to use Pundit to control a users ability to edit a field. I'd like all users to be able to change simple things like their name but I want admins to be the only one's who can change the security things like 'roles' (as this determines what access they have to other parts of the app).
You'll want to set up the strong_params method to point to the Pundit scope for the user. That can return the list of fields you want to allow them to edit since it will be different for different types of users.
Check out this section in their readme. https://github.com/elabs/pundit#strong-parameters
Cheers I'll take a look into that. I did read the part on strong parameters but didn't realise it would be for action based authorisation.
Yeah, that's one of the nifty things that you can do with strong_params. It used to be that the allowed params were global, but in some cases you want to have different accepted attributes like this.