pundit rails 5 can't enforce create method restrictions

Course Queries Syllabus Queries 2 years ago

0 1 0 0 0 tuteeHUB earn credit +10 pts

5 Star Rating 1 Rating

Posted on 16 Aug 2022, this text provides information on Syllabus Queries related to Course Queries. Please note that while accuracy is prioritized, the data presented might not be entirely correct or up-to-date. This information is offered for general knowledge and informational purposes only, and should not be considered as a substitute for professional advice.

Take Quiz To Earn Credits!

Turn Your Knowledge into Earnings.

tuteehub_quiz

Answers (1)

Post Answer
profilepic.png
manpreet Tuteehub forum best answer Best Answer 2 years ago


everytime I submit a form here (that I scaffolded) localhost:3000/syllabus_requests/new

The rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized from my ApplicationController.rb file gets raised and I'm not sure why because in the policy class I have a create? method and it returns true

i'm using ruby '2.3.1' gem 'rails', '~> 5.0.0', '>= 5.0.0.1' gem 'pundit', '~> 1.1'

I have a policy

class SyllabusRequestPolicy < ApplicationPolicy
  attr_reader :current_user, :model

  def initialize(current_user, model)
    @current_user = current_user || User.new
    @model = model #this is the syllabus_request record from the syllabus_requests table as a rails model object
  end

  def index?
    @current_user.role == "admin"
  end

  def show?
    @current_user.role == "admin" 
  end

  def create?
    true
  end

  def edit?
    @current_user.role == "admin"
  end

  def update?
    @current_user.role == "admin"
  end

  def destroy?
    @current_user.role == "admin"
  end

end

I have a controller

class SyllabusRequestsController < ApplicationController
  before_action :set_syllabus_request, only: [:show, :edit, :update, :destroy]

  # GET /syllabus_requests
  # GET /syllabus_requests.json
  def index
    @syllabus_requests = SyllabusRequest.all
    authorize @syllabus_requests
  end

  # GET /syllabus_requests/1
  # GET /syllabus_requests/1.json
  def show
    authorize @syllabus_request
  end

  # GET /syllabus_requests/new
  def new
    @syllabus_request = SyllabusRequest.new
    authorize @syllabus_request
  end

  # GET /syllabus_requests/1/edit
  def edit
    authorize @syllabus_request
  end

  # POST /syllabus_requests
  # POST /syllabus_requests.json
  def create
    @syllabus_request = SyllabusRequest.new(syllabus_request_params)
    authorize @syllabus_request

    respond_to do |format|
      if @syllabus_request.save
        format.html { redirect_to @syllabus_request, notice: 'Syllabus request was successfully created.' }
        format.json { render :show, status: :created, location: @syllabus_request }
      else
        format.html { render :new }
        format.json { render json: @syllabus_request.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /syllabus_requests/1
  # PATCH/PUT /syllabus_requests/1.json
  def update
    authorize @syllabus_request

    respond_to do |
                                                
                                                
0 views
0 shares

No matter what stage you're at in your education or career, TuteeHub will help you reach the next level that you're aiming for. Simply,Choose a subject/topic and get started in self-paced practice sessions to improve your knowledge and scores.