Skip to main content

Pundit for RESTFUL actions on Model fields

Rails • Asked by Jay Killeen

Hey does anyone know how to use Pundit to control a users ability to edit a field. I'd like all users to be able to change simple things like their name but I want admins to be the only one's who can change the security things like 'roles' (as this determines what access they have to other parts of the app).

You'll want to set up the strong_params method to point to the Pundit scope for the user. That can return the list of fields you want to allow them to edit since it will be different for different types of users.

Check out this section in their readme.

Cheers I'll take a look into that. I did read the part on strong parameters but didn't realise it would be for action based authorisation.

Yeah, that's one of the nifty things that you can do with strong_params. It used to be that the allowed params were global, but in some cases you want to have different accepted attributes like this.

Login or Create An Account to join the conversation.

Subscribe to the newsletter

Join 27,623+ developers who get early access to new screencasts, articles, guides, updates, and more.

    By clicking this button, you agree to the GoRails Terms of Service and Privacy Policy.

    More of a social being? We're also on Twitter and YouTube.