My app allows some users to create products using Pundit
. But these users do not have the same permitted params
.
I can't delete the keys because the logic is very complex and it's hard to read.
How can I permit the params by their role? What is the best way to do it?
Thank you so much.
This should work
def user_params
list_allowed = [:email, :title, :last_name, :first_name, :phone]
list_allowed << :role << other_param << another_param if current_user.admin?
params.require(:user).permit(list_allowed)
end
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.