I have 2 controller, 1 for user and 1 for admin.
controllers/articles_controller.rb
class ArticlesController < ActionController::Base
  ...
  def show 
    @article = Article.find(parmas[:id])
    authorize @article
  end
  ...
end
controllers/admin/articles_controller.rb
class Admin::ArticlesController < AdminController
  ...
  def show 
    @article = Article.find(parmas[:id])
    authorize @article
  end
  ...
end
And i have 2 file policy policies/article_policy.rb
class ArticlePolicy
  extend ActiveSupport::Autoload
  autoload :Admin
  attr_reader :user, :record
  def initialize(user, record)
    @user = user
    @record = record
  end
  def show?
    # allow show for every user. 
    true 
  end  
end
And one file policies/admin/article_policy.rb
class Admin::ArticlePolicy
  attr_reader :user, :record
  def initialize(user, record)
    @user = user
    @record = record
  end
  def show?
    # only show if use have role manager 
    user.manager? 
  end  
end
but when i use a account user to show articles at /admin/articles/1/. It show normaly, Should is "Access denied".
How to fix this? (I use gem pundit 1.10).
Use the authorize method to pass the namespace as a parameter.
class ArticlesController < ActionController::Base
  ...
  def show 
    @article = Article.find(parmas[:id])
    authorize [:admin, @article]
  end
  ...
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With