Question
If I have user object and user has one basicinfo. In user show action I have:
https://stackoverflow.com/questions/19930538
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiandef show
@user = User.find params[:id]
authorize @user
end
And in show.html.erb I must show user's basicinfo, such as:
User name is: <%= @user.basicinfo.name %>
In this case should I also authorize basicinfo in user show action?
def show
@user = User.find params[:id]
authorize @user
authorize @user.basicinfo, :show?
end
Solution
The authorization applies to the entire action.
If you want to filter out some elements in the view you can do so on an ad hoc basis, basically applying whatever attribute you are using in the xxxPolicy class (which is not provided above)
Handling user authorization is possibly too complicated via Pundit
def initialize(user, user)
I definitely do filtering in the views when it comes to user actions
