I am building a rails API and I'm using pundit for authorizations to the API. I am trying to define current_user for pundit with this method:
def pundit_user
User.find_by_other_means
end
I tried implementing it as a private method in my API base controller but it gives me this error:
"exception": "#<NoMethodError: undefined method `find_by_other_means' for #<Class:0x00007f9d25463768>\nDid you mean? find_or_create_by>"
Then I tried implementing it on my application controller and it gives me the following error:
"exception": "#<NameError: undefined local variable or method `current_user' for #<Api::V1::NewsController:0x00007f9d2516b038>>"
How can I define current_user in pundit?
You can define your own current_user in ApplicationController, or use pundit_user - as mentioned in the documentation
Related
I need to call Pundit authorization in a Rails Presenter.
I included Pundit so I can call policy function.
But Pundit does not know current_user.
(Rails 6 / Devise / Pundit)
Is there a way to do this ?
app/presenter/cause_presenter.rb
class CausePresenter < BasePresenter
include Pundit
def cause_tree_line
# Here I want to call policy or authorize
end
end
Result :
NameError (undefined local variable or method `current_user' for #<Tools::CausePresenter:0x00007f3f408b2050>
Thanks for your help.
I am getting the following error in Rails:
undefined local variable or method `current_user' for #<UserController:0x0000000458d708> Did you mean? #current_user
The code fragment corresponding to that error is:
authorize #current_user
As you can see, I clearly mean #current_user like the error message suggests, and I also use #current_user like the error message suggests. Why is Rails thinking I mean a local unexisting variable when I expect it to be global? The authorize method is from Pundit.
I added a print statement to verify if the global variable exists, and the following code effectively prints out a valid User:
p #current_user
authorize #current_user
To use Pundit, you must define current_user (or pundit_user): https://github.com/elabs/pundit/blob/master/lib/pundit.rb#L270
When you do authorize #current_user, that is assuring that the current_user can perform actions on #current_user using the UserPolicy.
In a create method in a controller I have:
if logged_in_admin?
#invitation.set_ids
In the Invitation model:
def set_ids
self.person_one_id = current_user.id
end
current_user is a method in app/helpers/sessions_helper.rb and defines the currently logged in user. I use this method successfully in many controller methods. However, for the use case above I get the error message undefined local variable or method 'current_user' for #<Invitation:0x007f699086bf40>.
Why do I get this error message? Is this because this time I'm using the helper method in a model file and is this not allowed? If such is not allowed, what would be the best way to securely set person_one_id for #invitation equal to the id of the currently logged in user?
current_user not available in a model layer(it's MVC, your helpers on the CV layer and model know nothing about the current_user helper). Pass user_id from your helper as argument:
some_helper.rb
def my_helper
if logged_in_admin?
#invitation.set_ids(current_user.id)
# .....
model.rb:
def set_ids(user_id)
self.person_one_id = user_id
end
You have to add the following line to your ApplicationController:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
include SessionsHelper
end
Now you should be able to use the methods inside your controllers / models.
I am trying to move some code out of my controller and into a service object. How do I access the devise sign_in helper method from the service object.
class CompleteAccountRegistration
def self.call(account_id, plan_id)
#account = Account.find(account_id)
self.create_user_account
self.create_subscription(plan_id)
sign_in(User.find(#account.owner_id))
end
I am getting the following error in my tests.
NoMethodError:
undefined method `sign_in' for CompleteAccountRegistration:Class
Including Devise::Controllers::SignInOut in your service object does the trick!
Fist of all I'm newbie to rails.
I have this in SessionsController:
def method
sign_in 'user'
end
And this in SessionsHelper:
def sing_in(user)
......
end
So Googling and reading some answers on stackoverflow let me to try something like this:
Including the 'SessionsHelper' to the SessionsController and even tried to put it in 'ApplicationController' like this:
class ApplicationController < ActionController::Base
protect_from_forgery
include SessionsHelper
def handle_unverified_requests
sign_out
super
end
end
But I'm getting
NoMethodError : undefined method `sign_in' for SessionsController:0x007eff2004fcd8
Also few questions:
1) What's the point/difference in putting few methods in Heplers and few in Controllers? Is it a security issue or what?
2) I also tried puting the sign_in method in the SessionsController as i read in stackoverflow that methods defined in controllers can be accessed in views. so to avoid any problems in the views I used
helper_method
but still the same NoMethodError
3) THe best and easy way to access the helper methods in controllers?
So where am I going wrong.
I'm using Rails 3.2.11 and Ruby 2.0.0p0
Looks like a typo: your helper method is 'sing_in' instead of 'sign_in'.