I'm trying to figure out how to use Pundit in my Rails 4 app.
I have a project model, with a projects controller that has a new action in it:
def new
# a bunch of stuff in the new action that I don't think is very relevant here
end
I then have a project policy in my policies folder that has:
def new?
false
# create?
end
def create?
false
end
I expect that I should not be able to type url/projects/new in my website because the policy shouldn't allow it. But, I can, and the form renders and I can save it.
Does anyone see what I've done wrong in setting this up?
Few things to check because you didn't mention them in your question:
Add include Pundit to the controller
Add authorize [model_instance] in new action and create action
The official https://github.com/elabs/pundit should give you plenty of instruction.