On Monday, July 17, 2017 at 8:02:11 AM UTC+1, Ralph Shnelvar wrote: > > > authorize(@post) > means ... > > For the current user (i.e. current_user) and > for the @post object > throw a NotAuthorizedError exception if PostPolicy#create? returns false > > > > I think the "hidden" inputs to authorize come from the following sources: > current_user from Devise's current_user > @post is the self-evident argument to authorize > PostPolicy is built from the name of the class of the > object @post followed by the word "Policy" (i.e. @post.class.to_s + > 'Policy') > create? is built from params[:action]. That is, > since we know we're in def create then params[:action] must be "create". > > > sounds about right. This is described in the pundit readme ( https://github.com/elabs/pundit )
Fred -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/3fbc3aec-8f47-4d6a-8fc7-26248b94be0f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
