search

varvet / pundit

Minimal authorization through OO design and pure Ruby classes
MIT License
8.27k stars 629 forks source link

README for headless section is incorrect? #791

Closed Leee-xx closed 11 months ago

Leee-xx commented 11 months ago

The readme currently indicates that the headless record argument is the second one passed into #authorize, but the example shows it as the being the first arg. I assume it's supposed to be the first?

Note that the headless policy still needs to accept two arguments. The second argument will be the symbol :dashboard in this case, which is what is passed as the record to authorize below.

# In controllers
def show
authorize :dashboard, :show?
...
end

https://github.com/varvet/pundit#headless-policies

Linuus commented 11 months ago

The readme notes that the policy still needs to accept two arguments and the second one is the symbol you pass.

The policy:

# app/policies/dashboard_policy.rb
class DashboardPolicy
  attr_reader :user

  # `_record` in this example will be :dashboard
  def initialize(user, _record) # two arguments, and the second argument is :dashboard
    @user = user
  end

  def show?
    user.admin?
  end
end