You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have the following problem:
For some actions (like update?) certain users can update a field to some specific values, some other users cannot. Think of it as a condition like this:
ifpost.published?# params[:post][:state] must be in 'draft'elsifpost.published? && user.admin?# params[:post][:state] must be in 'draft', 'deleted'end
Rails does not provide such a mechanism to filter for specific values, and I think that pundit doesn't. This is quite complicated, but I can't work around this requirement. I was thinking to add some helper to my ApplicationPolicy like filtered_params(params) that would do this.
Should I try that? Should I keep it out of authorization? This makes policies a bit more complex, but the methods to check the current user permissions are in the policies, so I think it makes more sense. Should Pundit itself provide something like this?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I have the following problem:
For some actions (like
update?) certain users can update a field to some specific values, some other users cannot. Think of it as a condition like this:Rails does not provide such a mechanism to filter for specific values, and I think that pundit doesn't. This is quite complicated, but I can't work around this requirement. I was thinking to add some helper to my
ApplicationPolicylikefiltered_params(params)that would do this.Should I try that? Should I keep it out of authorization? This makes policies a bit more complex, but the methods to check the current user permissions are in the policies, so I think it makes more sense. Should Pundit itself provide something like this?
Beta Was this translation helpful? Give feedback.
All reactions