Ruby on Rails
Monday, July 17, 2017
While I'm at it ...
In
WHAT is being "authorize-d"? The @post ? The current_user ? The controller action ? Something else ?
Ralph
On Monday, July 17, 2017 at 1:02:11 AM UTC-6, Ralph Shnelvar wrote:
-- In
authorize(@post)
Ralph
On Monday, July 17, 2017 at 1:02:11 AM UTC-6, Ralph Shnelvar wrote:
The best explanation I have found for the gestalt of Pundit is https://www.varvet.com/blog/simple-authorization-in-ruby- on-rails-apps/ And yet ... I don't get it.I can understand each statement in https://www.varvet.com/blog/simple-authorization-in-ruby- ... but when I get to what the "authorize(@post)" inon-rails-apps/ does ... I don't get it.
def create
@post = Post.new(params[:post])
authorize(@post)
…
endI'm trying to put together an English sentence for "authorize(@post)". Please tell me if I'm close.
authorize(@post)means ...For the current user (i.e. current_user) andfor the @post objectthrow aNotAuthorizedError
exception if PostPolicy#create? returns falseI think the "hidden" inputs to authorize come from the following sources:current_user from Devise's current_user@post is the self-evident argument to authorizePostPolicy is built from the name of the class of the object @post followed by the word "Policy" (i.e. @post.class.to_s + 'Policy')create? is built from params[:action]. That is, since we know we're in def create then params[:action] must be "create".How close am I?Ralph
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/a1ae7041-b259-4b07-8101-a02d71935bb2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment