Permitting parameter values on Pundit

[cesartalves]

I was checking the documentation and it seems that we're able to permit certain param keys for the controllers. Is the ability to also permit certain values something that we'd be interested in supporting?

Super rough Sudo-code:

# app/policies/post_policy.rb
class PostPolicy < ApplicationPolicy
  def permitted_attributes(params)
    if user.admin? || user.owner_of?(post)
      @params = params.require(:post).permit(:title, :body, :tag_list)

      raise Pundit::NotAuthorizedError if @params[:title].include?('[Admin area]') # unlikely use-case, but you get the idea

      @params
    else
     params.require(:post).permit(:title)
    end
  end
end

Would love to put some hours into this if it's something we find interesting!

[dgmstuart]

This is an interesting idea, but we'd like Pundit to be focussed on what it does best so we're avoiding adding new features like this. To be honest I feel like even the permitted_attributes helper is significantly stretching the limits of what Pundit should be responsible for, and if anything we'd want to consider removing the permitted_attributes helper.