I am using Pundit to deal with authorizations. I want my user's profiles to be visible by everyone so in my user_policy.rb, I have:
def show?
true # Anyone can view a show
end
In my users/show.html.erb, the "edit profile" button is displayed only if:
<% if policy(@user).update? %>
<!-- show edit button -->
<% end %>
The issue is that when I try to access a profile and I'm not logged in, Pundit is looking for a "user":
def update?
record == user || user.admin == true # Only user creator can update it
end
I have an error saying that user is nil so admin is undefined. I wanted to do this:
def update?
if user_signed_in?
record == user || user.admin == true # Only user creator can update it
else
false
end
end
but user_signed_in? is a devise helper, not accessible in Pundit. Is there an equivalent I could use or a better way to do this ?
Couldn't you just check that user variable exists first?
def update?
user && (record == user || user.admin == true) # Only user creator can update it
end