I'm trying to update user's adress in a form but i dont understant why i'm not authorize to perform, this is my code :
class AddressesController < ApplicationController
def update
@address = current_user.addresses.last
authorize @address
@address.update!(address_params)
end
private
def address_params
params.require(:address).permit(:first_name, :last_name, :city, :country, :postcode, :phone_number, :street_address, :optional_address, :user_id)
end
end
class AddressPolicy < ApplicationPolicy
class Scope < Scope
def resolve
scope.all
end
def update?
true
end
end
end
and this is the error :
Pundit::NotAuthorizedError in AddressesController#update not allowed to update? this Address
You've defined the update? method within the nested Scope class, but it's supposed to be defined directly in the policy class.
Instead of this:
class AddressPolicy < ApplicationPolicy
class Scope < Scope
def resolve
scope.all
end
def update?
true
end
end
end
You need to do this:
class AddressPolicy < ApplicationPolicy
class Scope < Scope
def resolve
scope.all
end
end
def update?
true
end
end