pundit

Im trying to learn how to use Pundit with Rails 4. I have been trying to learn this for the last 2 years and am slowly making a tiny bit of progress. I am also trying to learn how to write scopes. I'm still trying to figure out how to translate advice into plain english so that I can begin to understand. I'm getting stuck at the intersection of the scopes pundit policies use and the general scope class that I can write in a model. I have models for Uer, Profile and Project. The associations are: User has_one :profile Profile belongs_to :user has_many :projects Project belongs_to :profile I am

I've been banging my head against this a day. I am trying to implement a pundit policy(using Devise for authentication) for a model called Design that belongs to a User which has many designs. Should create and new be excepted from authorize after action as well? It seems like this should work. Help much appreciated I keep running into ArgumentError (wrong number of arguments (2 for 0)): when creating a new design(where the 'debugger' is). I think that it is passing a valid @design into the policy finder. It may be the way I have set up the scope in the policy. Here is the designs controller:

Following on from Rails_admin: Should I have admin_user or user with admin role to manage users and admin panel I'm wanting to adopt Pundit for its policy elegance for an application. The application has both a User model and an Admin model - one for customers, the other for staff. It is also multi-tenanted, though that should not impact the problem terribly. I'd also like to have a separate Role model, allowing customers to mix-and-match their own "title" for a Role as they need. This again shouldn't be terribly difficult in implementation. The hard part is the support for the Pundit Policies

I'm trying to create a show view for three roles. Admin, super user, and user. An admin should see all of the users. A super user should see only users and a user should not see anyone. When I used the commented out policy method in the resolve for else user.super_user? would give me unsupported: TrueClass error. Any suggestions are welcomed. Users Controller def index @users = policy_scope(User) authorize User end User Policy class UserPolicy attr_reader :current_user, :model def initialize(current_user, model) @current_user = current_user @user = model end class Scope attr_reader :user,

In my rails application website visitors can sign up and create content. It uses devise with user model and everything works well. Now I want to use rails_admin for managing website resources and users etc and only people with administrative previllages should be able to access it. Should I create a separate AdminUser model for admin panel access or use User model with role of admin, and use some authorization library to manage access. If I user only one model then I want users to be redirected to admin panel after signin if user is admin and if not then I want user to be redirected to their

By Default: the paperclip gem stores all attachments within the public directory. I did not want to store the attachments within the public directory for security reasons, so I saved them within an uploads directory at the root of the app: class Post < ActiveRecord::Base belongs_to :user has_attached_file :some_image, path: ":rails_root/uploads/:attachment/:id/:style/:filename" do_not_validate_attachment_file_type :some_image end I did not specify the url option because I do not want a url for each image attachment. If a url is specified: then ANYONE with that url can access the image. This is