Search code examples
ruby-on-railsdevisepundit

Need help authorizing index action with Pundit


I'm using Pundit and Devise on my app. My index action looks like this in my wikis_controller:

  def index
    @wikis = current_user.wikis
    authorize @wikis
  end

I'm trying to prevent un-signed-in users to access this index action but @wikis is getting set to undefined since there is no user logged in. In return, it's not authorizing.

How can I fix this?


Solution

  • You can authorize against the model instead of an object.

    The code

    authorize Wiki
    

    will trigger the index? action in your pundit policy without the user object. In addition, you can use a scope to filter the data on a another level https://github.com/varvet/pundit#scopes.