trestle icon indicating copy to clipboard operation
trestle copied to clipboard

Published 20 hours ago verified publisher icon TrestleAdmin

Authorization

Open martio opened this issue 8 years ago • 4 comments
trafficstars

How to use Pundit and Rolify?

martio avatar Sep 27 '17 07:09 martio

User authorization support via Pundit is fairly high on the list of priorities for https://github.com/TrestleAdmin/trestle-auth. However it isn't currently supported yet.

spohlenz avatar Sep 27 '17 11:09 spohlenz

Any easy way to fake it?

FreeApophis avatar Mar 01 '18 11:03 FreeApophis

You could try the following:

controller do
  include Pundit

  def update
    authorize instance
    super
  end
end

The exemple assumes that you have the correct policy object (app/policies).

svoboda-jan avatar Mar 01 '18 14:03 svoboda-jan

@spohlenz Also authorization is NOT authentication, I would recommed against mixing pundit specific things into trestle-auth. There shoud be for e.g. trestle-auth, trestle-devise and trestle-pundit.

Releveant and recommended reading: https://stackoverflow.com/questions/6556522/authentication-versus-authorization?answertab=active#tab-top

svoboda-jan avatar Mar 01 '18 22:03 svoboda-jan