каждый раз, когда я отправляю здесь форму (которую я создал) localhost: 3000 / syllabus_requests / new
Rescue_fund Pundit :: NotAuthorizedError, с:: user_not_authorized
из моего файла ApplicationController.rb поднимается, и я не уверен, почему, потому что в классе политики у меня есть создание? метод, и он возвращает true
я использую
рубин '2.3.1'
gem 'rails', '~> 5.0.0', '> = 5.0.0.1'
драгоценный камень 'pundit', '~> 1.1'
У меня есть политика
class SyllabusRequestPolicy < ApplicationPolicy
attr_reader :current_user, :model
def initialize(current_user, model)
@current_user = current_user || User.new
@model = model #this is the syllabus_request record from the syllabus_requests table as a rails model object
end
def index?
@current_user.role == "admin"
end
def show?
@current_user.role == "admin"
end
def create?
true
end
def edit?
@current_user.role == "admin"
end
def update?
@current_user.role == "admin"
end
def destroy?
@current_user.role == "admin"
end
end
У меня есть контроллер
class SyllabusRequestsController < ApplicationController
before_action :set_syllabus_request, only: [:show, :edit, :update, :destroy]
# GET /syllabus_requests
# GET /syllabus_requests.json
def index
@syllabus_requests = SyllabusRequest.all
authorize @syllabus_requests
end
# GET /syllabus_requests/1
# GET /syllabus_requests/1.json
def show
authorize @syllabus_request
end
# GET /syllabus_requests/new
def new
@syllabus_request = SyllabusRequest.new
authorize @syllabus_request
end
# GET /syllabus_requests/1/edit
def edit
authorize @syllabus_request
end
# POST /syllabus_requests
# POST /syllabus_requests.json
def create
@syllabus_request = SyllabusRequest.new(syllabus_request_params)
authorize @syllabus_request
respond_to do |format|
if @syllabus_request.save
format.html { redirect_to @syllabus_request, notice: 'Syllabus request was successfully created.' }
format.json { render :show, status: :created, location: @syllabus_request }
else
format.html { render :new }
format.json { render json: @syllabus_request.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /syllabus_requests/1
# PATCH/PUT /syllabus_requests/1.json
def update
authorize @syllabus_request
respond_to do |format|
if @syllabus_request.update(syllabus_request_params)
format.html { redirect_to @syllabus_request, notice: 'Syllabus request was successfully updated.' }
format.json { render :show, status: :ok, location: @syllabus_request }
else
format.html { render :edit }
format.json { render json: @syllabus_request.errors, status: :unprocessable_entity }
end
end
end
# DELETE /syllabus_requests/1
# DELETE /syllabus_requests/1.json
def destroy
authorize @syllabus_request
@syllabus_request.destroy
respond_to do |format|
format.html { redirect_to syllabus_requests_url, notice: 'Syllabus request was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_syllabus_request
@syllabus_request = SyllabusRequest.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def syllabus_request_params
params.require(:syllabus_request).permit(:full_name, :email)
end
end
мой файл ApplicationPolicy.rb выглядит так
class ApplicationPolicy
attr_reader :user, :record
def initialize(user, record)
@user = user
@record = record
end
def index?
false
end
def show?
scope.where(:id => record.id).exists?
end
def create?
binding.pry # this should not hit if I'm overriding it
false
end
def new?
binding.pry
create?
end
def update?
false
end
def edit?
update?
end
def destroy?
false
end
def scope
Pundit.policy_scope!(user, record.class)
end
class Scope
attr_reader :user, :scope
def initialize(user, scope)
@user = user
@scope = scope
end
def resolve
scope
end
end
end
Мой ApplicationController.rb выглядит так
include Pundit
protect_from_forgery with: :exception
before_action :configure_permitted_parameters, if: :devise_controller?
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
devise_parameter_sanitizer.permit(:account_update, keys: [:name])
end
private
def user_not_authorized
# binding.pry
flash[:alert] = "You are not authorized to perform this action."
redirect_to(request.referrer || root_path)
end
end