Pundit-Index Method for Admin and Users

So, I'm trying to use a pearl. I'm just trying to figure out how to have an index for users and administrators. I want to do all the results for the administrator and only related messages for the user. I searched googled and searched on github, but I had no luck. What do I need to include in my policy and controller?

source

class PostsPolicy attr_reader :current_user, :model def initialize(current_user, model) @current_user = current_user @post = model end def index? @current_user.admin? end end 

controller

 class PostsController < ApplicationController before_filter :load_user before_filter :authenticate_user! after_action :verify_authorized def index @posts = Post.order('title').page(params[:page]).per(25) authorize User end private def load_user @user = User.find_by_id(params[:user_id]) end end 

second update

 class PostsPolicy class Scope attr_reader :user, :scope def initialize(user, scope) @user = user @scope = scope end def resolve if user.admin? scope.all else scope.where(user: user) end end end end 

controller

 class PostsController < ApplicationController before_filter :load_user before_filter :authenticate_user! after_action :verify_authorized def index @posts = policy_scope(Post).order('title').page(params[:page]).per(25) authorize User end private def load_user @user = User.find_by_id(params[:user_id]) end end 

third update

 class PostPolicy class Scope attr_reader :user, :scope def initialize(user, scope) @user = user @scope = scope end def resolve if user.admin? scope.all else scope.where(user: user) end end end def index? user.admin? || user.posts.count > 0 end end 

controller

 class PostsController < ApplicationController before_filter :load_user before_filter :authenticate_user! after_action :verify_authorized def index @posts = policy_scope(Post).order('title').page(params[:page]).per(25) authorize User end private def load_user @user = User.find_by_id(params[:user_id]) end end 

** final update with working code **

 class PostPolicy attr_reader :user, :model def initialize(user, model) @user = user @post = model end class Scope attr_reader :user, :scope def initialize(user, scope) @user = user @scope = scope end def resolve if user.admin? scope.all else scope.where(user: user) end end end def index? user.admin? || user.posts.count end end 

controller

 class PostsController < ApplicationController before_filter :load_user before_filter :authenticate_user! after_action :verify_authorized def index @posts = policy_scope(Post).order('title').page(params[:page]).per(25) authorize Post end private def load_user @user = User.find_by_id(params[:user_id]) end end 
+5
source share
1 answer

What you are looking for is a scope:

 class PostsPolicy class Scope attr_reader :user, :scope def initialize(user, scope) @user = user @scope = scope end def resolve if user.admin? scope.all else scope.where(user: user) end end end end 

Then in your controller

 def index @posts = policy_scope(Post).order('title').page(params[:page]).per(25) authorize User end 

Edit

As a side note, authorize User probably won't serve you well in the long run. You essentially create an index policy that should serve each index. If you want to allow visibility on the index page, you can do something similar in your policy:

 def index? user.admin? || user.posts.count > 0 end 

Assuming the relationship is set up, you should call authorize Post in your index controller before your policy_scope.

+7
source

Source: https://habr.com/ru/post/1208777/


All Articles