The best explanation I have found for the gestalt of Pundit is 

And yet ... I don't get it.

I can understand each statement in ... 
but when I get to what the "authorize(@post)" in

def create
  @post =[:post])

does ... I don't get it.

I'm trying to put together an English sentence for "authorize(@post)".  
Please tell me if I'm close.

means ...

For the current user (i.e. current_user) and
for the @post object
throw a NotAuthorizedError exception if PostPolicy#create? returns false

I think the "hidden" inputs to authorize come from the following sources:
current_user             from Devise's current_user
@post                       is the self-evident argument to authorize
PostPolicy                 is built from the name of the class of the 
object @post followed by the word "Policy" (i.e. @post.class.to_s + 
create?                      is built from params[:action].  That is, since 
we know we're in def create then params[:action] must be "create".

How close am I?


You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to