Ask A Question

Notifications

You’re not receiving notifications from this thread.

Pundit for RESTFUL actions on Model fields

Jay Killeen asked in Rails

Hey does anyone know how to use Pundit to control a users ability to edit a field. I'd like all users to be able to change simple things like their name but I want admins to be the only one's who can change the security things like 'roles' (as this determines what access they have to other parts of the app).

Reply

You'll want to set up the strong_params method to point to the Pundit scope for the user. That can return the list of fields you want to allow them to edit since it will be different for different types of users.

Check out this section in their readme. https://github.com/elabs/pundit#strong-parameters

Reply

Cheers I'll take a look into that. I did read the part on strong parameters but didn't realise it would be for action based authorisation.

Reply

Yeah, that's one of the nifty things that you can do with strong_params. It used to be that the allowed params were global, but in some cases you want to have different accepted attributes like this.

Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 81,842+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more.

    © 2024 GoRails, LLC. All rights reserved.