Menu
It appears that Pundit policy does not access session parameters. As constructs does not reconize session as a valid variable or method. Is there any way to access session or other params?
class MyModelPolicy
def create?
@contructs = Construct.where(['id = ?', session[:construct_id]]).all
end
end
608
I'm a contributor to Pundit. Policies by default only has access to the current user and the record you're checking permissions for.
You can use the context pattern defined in the Pundit docs. Start with creating a user context class in your app/model directory accepting all the contextual parameters you need, in this case session.
class UserContext
attr_reader :user, :session
def initialize(user, session)
@user = user
@session = session
end
end
Then you can override the user record used by pundit with an instance of your UserContext class.
class ApplicationController
include Pundit
def pundit_user
UserContext.new(current_user, session)
end
end
Finish by making your application policy accept the context. If you want to stay compliant with your old policies, delegate those methods to the context.
class ApplicationPolicy
attr_reader :context, :user, :session
def initialize(context, record)
@context = context
@record = record
end
delegate :user, to: :context
delegate :session, to: :context
...
end
Now you can access session inside your policies.
65
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
