Geek Answers Handbook

Pandita Health Policy

I use pundit for access control in the admin section of my application. I have a panel controller that looks like this:

class Admin::DashboardsController < AdminController def index @total_revenue = Order.total_revenue authorize :dashboards, :index? end ... end

and a policy that looks like this:

 class DashboardPolicy < Struct.new(:user, :dashboard) def index? true end end

When I try to access /admin/dashboards/ , I get Pundit::NotDefinedError, unable to find policy SymbolPolicy for dashboards

I also tried namespacing policy and got the same error.

+7
ruby-on-rails access-control ruby-on-rails-4 pundit
source share
6 answers

Jizak's answer didn't help me, I found the following solution for mute policies with names, a trick with the first argument [: admin ,: policy].

  class Admin::HomeController < AdminController def dashboard authorize [:admin, :home], :dashboard? end end

And then for policy:

 Admin::HomePolicy < AdminPolicy def dashboard? return false unless user && user.admin? true end end
+9
source share

I have such a headless policy:

application / policy / admin / statistic_policy.rb

 class Admin::StatisticPolicy < Struct.new(:user, :statistic) def show? user.admin? end end

application / controllers / admin / statistics_controller.rb

 class Admin::StatisticsController < Admin::ApplicationController def show per_today Time.zone.now authorize :statistics, :show? end ... end

and it works for me.

Try updating gem because these changes are new ( https://github.com/elabs/pundit/issues/77 ). Remove Gemfile.lock from the project and run 'bundle install'.

+4
source share

I had the same issue recently. The problem I ran into was that the controller did not have a model.

Remember that Pundit is model-based authorization, not just controller-based.

Before creating the Admin class (in models), I got the same error as you. Also, pay attention to the authorization statement in the action of the control panel in the controller.

Controllers / admin _controller.rb

 class AdminController < ApplicationController after_action :verify_authorized def dashboard authorize Admin, :dashboard? end end

models /admin.rb

 class Admin def self.policy_class AdminPolicy end end

policy / admin _policy

 class AdminPolicy < Struct.new(:user, :admin) def dashboard? user.admin? end end
+2
source share

I managed to use Pundit for actions with name controllers, regardless of the model, using this:

In my / private / scrapers _controller.rb I have

 module Private class ScrapersController < Private::PrivateApplicationController # Pundit authorizations before_action { authorize [:private, :scrapers] } def index end ...

And then in the policy / private / scrapers _policy.rb

 class Private::ScrapersPolicy < ApplicationPolicy def index? return true if user.has_role?(:super_admin) return false end end

This will prevent any user who is not: super_admin from visiting the scrapers # index or any other action in the controller

To ban only the index explicitly, you can use:

 before_action { authorize [:private, :scrapers], :index? }
+2
source share

Check out the yout pundit version. You may need to run the “batch update package” because the headless policies have been merged for mastering quite recently, and before that you had to install pundit from github: “elabs / pundit” to use them.

Problem described

United politicians voiceless

+1
source share

if you just want to display the landing page for the control panel index #, for example, where there is no need to authorize users, you can just skip authorization, for example

dashboard_controller.rb

 class DashboardController < ApplicationController def index skip_policy_scope end end

And so you don’t need to create a DashboardPolicy at all.

0
source share

More articles:


All Articles