Comments (4)
Thank you for taking the time. authorize Expense
has solved the issue.
from pundit.
I'd guess that you have namespacing overrides somewhere in your code, probably something like this in your controller:
def authorize(record, query = nil)
super([:expense, record], query)
end
If so then that's probably the reason for your issue.
If that's not the case, then a reproduce example would help a lot! A github repo or gist that we can run that exhibits the problem
from pundit.
I managed to strip down my application to the basic form that will reproduce this issue. Github repo available here. Heroku app that will fire the exception when you press the export button is here.
from pundit.
Hi!
I believe I found your issue. I missed it in your first example code.
@expenses = Expense.find( params[:expense_ids] )
authorize @expenses
@expenses
here is an array of multiple records. When Pundit is passed an array like this the front items are assumed to be a namespace. This is the reason the lookup fails.
You either need to authorize Expense
, which will use export?
to authorize. If you need more context (e.g. which records are included?), perhaps modelling your export as an object on its own (ExportService
) and authorizing that might be an idea worth exploring.
from pundit.
Related Issues (20)
- [Request] Generate policy file when using scaffolding HOT 3
- Readme: update_attributes is deprecated
- policy_class and policy usage HOT 3
- Add `policy_class` parameter to `permitted_attributes` function HOT 3
- Manually specifying policy class via an instance method does not always work HOT 1
- Singular model class name vs. Plural module name HOT 3
- Split this into two methods?
- [Request] policy_scope should not alter joined table structure HOT 2
- Policy Finder `find` does not strip namespace. HOT 2
- Support authorization error flash messages when using turbo frames and streams? HOT 6
- Git tag for v2.3.0? HOT 1
- generator fails with ruby 3.2.0 HOT 6
- "include Pundit::Authorization" undefined ? HOT 3
- Enable custom description for permit matcher
- Do not use NotImplementedError HOT 1
- Rubygems version fully support Ruby 3.2
- Hook into Rails generators (scaffold, model) to generate policy classes HOT 3
- Helper policy_scope does not accept policy_scope_class HOT 1
- README for headless section is incorrect? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pundit.