How to permit params by action and current user role in Rails with Pundit
Question
My app allows some users to create products using Pundit . But these users do not have the same permitted params .
I can't delete the keys because the logic is very complex and it's hard to read.
How can I permit the params by their role? What is the best way to do it?
Thank you so much.
1 answers
solution1
1 2018-01-13 20:52:48
This should work
def user_params
list_allowed = [:email, :title, :last_name, :first_name, :phone]
list_allowed << :role << other_param << another_param if current_user.admin?
params.require(:user).permit(list_allowed)
end
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
The elegant way to permit parameters by current user's role in Ruby on Rails?
Rails - Pundit - how to check for current_admin_user?
Rails 4 with Devise & Pundit - @user or @current_user
Pundit: Ensure current_user is user from params
Rails 4 + Strong params: How to permit everything?
Rails Strong Params how to Permit a nested Array
How to permit hash with rails strong params
How to use Rails Action Controller Nested Params to Permit a Specific Attributes Hash
Pass current_admin_user.id into permit_params
Rails Pundit access to the params or object
Related Tags