The best explanation I have found for the gestalt of Pundit is
And yet ... I don't get it.
I can understand each statement in
but when I get to what the "authorize(@post)" in
@post = Post.new(params[:post])
does ... I don't get it.
I'm trying to put together an English sentence for "authorize(@post)".
Please tell me if I'm close.
For the current user (i.e. current_user) and
for the @post object
throw a NotAuthorizedError exception if PostPolicy#create? returns false
I think the "hidden" inputs to authorize come from the following sources:
current_user from Devise's current_user
@post is the self-evident argument to authorize
PostPolicy is built from the name of the class of the
object @post followed by the word "Policy" (i.e. @post.class.to_s +
create? is built from params[:action]. That is, since
we know we're in def create then params[:action] must be "create".
How close am I?
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.