I am creating and updating objects, my controller has:
def create
@mymodel = MyModel.create mymodel_params
authorize @mymodel
end
I need to authorize create so I have added authorize @mymodel but surely this should come first? The problem is what parameter do I give authorize?
I could do
authorize :mymodel
but it seems that this is not the way Pundit is supposed to be used inside controllers that have associated policies. What is the correct way to authorize here? Apologies if I missed it in the docs.
Wouldn't you be able to do:
def create
@mymodel = MyModel.new
authorize @mymodel
@mymodel.update_attributes(mymodel_params)
end