Module: Pundit::Plus::Authorization

Defined in:

lib/pundit/plus/authorization.rb

Overview

This module adds to the Pundit::Authorization module so that anywhere it is included will also receive the methods added in this.

Instance Method Summary

• #params_for_action(record, action = action_name) ⇒ Object

  Return the params that are required or permitted for the given action.

Instance Method Details

#params_for_action(record, action = action_name) ⇒ Object

Return the params that are required or permitted for the given action.

Define a method in your policy class called ‘params_for_#action` to return the params for that action. If no such method exists, then `permitted_attributes` is called to return the params.

In your policy, define the relevant method to receive parameters and specify permitted or required parameters.

Examples:

class MyPolicy < ApplicationPolicy
   def params_for_create(params)
     params.require(:user).permit(*permitted_attributes_for_create).tap do |permitted|
       permitted.require(:special_value)
     end
   end
 end

# File 'lib/pundit/plus/authorization.rb', line 27

def params_for_action(record, action = action_name)
  if policy(record).respond_to?(:"params_for_#{action}")
    policy(record).send(:"params_for_#{action}", params)
  else
    permitted_attributes(record, action)
  end
end