There are many posts about Devise and the lack of availability of "current_user" for use in models. There are numerous work arounds posted here and elsewhere. However, i haven't found the answer to "why" in any of the posts. Is this a security issue? If not, why?
Because you don't have access to a session variable inside a model, it's not a Devise issue or something related to security. It's related to the MVC pattern used in Rails.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With