> > >> On Monday, July 17, 2017 at 1:08:08 PM UTC+1, Ralph Shnelvar wrote: > > While I'm at it ... > > In > > authorize(@post) > > WHAT is being "authorize-d"? The @post ? The current_user ? The > controller action ? Something else ? > > All 3: this checks that the current user can perform a given action (inferred from controller action) upon the passed object.
It might be better phrased as "check_authorized" rather than "authorize", which sounds a bit like you are granting accessing rather than checking for access Fred Ralph > > > > On Monday, July 17, 2017 at 1:02:11 AM UTC-6, Ralph Shnelvar wrote: >> >> The best explanation I have found for the gestalt of Pundit is >> https://www.varvet.com/blog/simple-authorization-in-ruby-on-rails-apps/ >> >> And yet ... I don't get it. >> >> I can understand each statement in >> https://www.varvet.com/blog/simple-authorization-in-ruby-on-rails-apps/ ... >> but when I get to what the "authorize(@post)" in >> >> def create >> @post = Post.new(params[:post]) >> authorize(@post) >> … >> end >> >> does ... I don't get it. >> >> I'm trying to put together an English sentence for "authorize(@post)". >> Please tell me if I'm close. >> >> >> >> authorize(@post) >> means ... >> >> For the current user (i.e. current_user) and >> for the @post object >> throw a NotAuthorizedError exception if PostPolicy#create? returns false >> >> >> >> I think the "hidden" inputs to authorize come from the following sources: >> current_user from Devise's current_user >> @post is the self-evident argument to authorize >> PostPolicy is built from the name of the class of the >> object @post followed by the word "Policy" (i.e. @post.class.to_s + >> 'Policy') >> create? is built from params[:action]. That is, >> since we know we're in def create then params[:action] must be "create". >> >> How close am I? >> >> Ralph >> > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/a1c797c3-12df-48e8-a0ee-37f73f94f5a6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.