Closed JenniferMB closed 3 years ago
@JenniferMB that's an interesting question!
I think you could simply add the reorder
method to your Pundit policy for the affected model, either mark it as true
or add some permission logic.
eg:
def reorder
true # or some actual permissions
end
You could also override the controller and skip the authorization. The controller is not namespaced in this gem, so you would need to copy in all the code which would pose a problem when the gem is updated.
Perhaps an easier way, although slightly hacky, would be to do this at the ApplicationController level
class ApplicationController
if self.class == SortableController
skip_authorization # could also be `skip_policy_scope`
end
...
end
Neither of these are tested, but would be interested to hear what solution you go with.
I had already tried the first suggestion unsuccessfully, the second one wasn't effective, either
To resolve the Pundit authorization error, I had to make a copy of the SortableController from the gem, add a before_action :authenticate_user and in the reorder method add skip_authorization.
This wiki can be of help for you.
You can patch SortableController
without copying from gem.
Thank you @itmammoth, yes this should work:
Create config/initializers/rails_sortable.rb.
Rails.configuration.to_prepare do
SortableController.class_eval do
skip_authorization
end
end
How do I resolve Pundit::AuthorizationNotPerformedError in SortableController#reorder? Must I override the controller in my application code in order to add the authorize command to the reorder method?