Replies: 6 comments 1 reply
-
I think, it isn't connected with Pundit because of no view layer in this gem and the whole view part is on the application side. |
Beta Was this translation helpful? Give feedback.
-
@wafcio there's documentation in https://github.com/varvet/pundit#rescuing-a-denied-authorization-in-rails referencing code that doesn't work in Rails when using Turbo. It could be useful to have an up to date example. |
Beta Was this translation helpful? Give feedback.
-
@nickjj so it is only about adapting example code. It doesn't require any changes in gem. |
Beta Was this translation helpful? Give feedback.
-
Looks like in part the issue is that the format isn't set by the time the rescue from is called as per this SO. |
Beta Was this translation helpful? Give feedback.
-
I think this issue is better of as an discussion or stackoverflow question its about pundit is just plain old ruby currently turbo doesn't support rendering notice on redirect hotwired/turbo#897 the best think you could do is implement 403 and do a full page reload and also the example in readme is taken from this I think https://guides.rubyonrails.org/action_controller_overview.html#rescue-from as for me I think currently my plan is just do full page render from public folder liek when rails handle 404 or 500 |
Beta Was this translation helpful? Give feedback.
-
I feel this is outside the scope of what Pundit wants to tell you to do. Moving this to a discussion instead. |
Beta Was this translation helpful? Give feedback.
-
In a perfect world I would like to do something like this:
And then if someone tried to perform an action they can't do, they would get a flash message on their current page / frame without a redirect.
With the above code using Pundit v2.2.0, on authorization failure no alert message gets shown and no redirect happens. The request gets executed as the
html
format which I verified by printing a message to the terminal in that block.As is Pundit doesn’t send the request as a
turbo_stream
so that format never gets a chance to execute. Is there a current workaround or official plans to support Hotwire Turbo Frames and Steams given it's a Rails 7 default?Thanks!
Beta Was this translation helpful? Give feedback.
All reactions