I have read in several forums the way in which I can use pundit to create an ACL module and everyone says it is easy to use but it is the date that I can not solve my problem.
Basically I have this
1.- Add the gem gem 'pundit'
2.- Run bundle install
3.- Add the following line in my application_controller.rb include Pundit
4.- Before proceeding I mention that I have a namespace, for example
namespace :tg do
resources :client_has_rooms
end
5.- My policy therefore I have it in app/policies/tg/client_has_room_policy.rb and this is your code
class Tg::ClientHasRoomPolicy
attr_reader :user, :client_has_room
def initialize(user, client_has_room)
@user = user
@chr = client_has_room
end
def index?
false
end
def update?
if user.admin?
true
else
false
end
end
end
I have declared the index method and false, and in the update method the role admin does not exist, just to test and not allow me to update the database, in fact these are the roles that I manage, I attach the my user model code
class User < ActiveRecord::Base
enum role: [:No, :Reservaciones, :Ventas, :Contabilidad, :Jefe, :Administrador]
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
def active_for_authentication?
super && role != 'No'
end
after_initialize :set_default_role, :if => :new_record?
def set_default_role
self.role ||= :No
end
end
I do not know how to start, or where to look, because I do not mark any error, but for example if in the system I am logged in with the role of Ventas , it allows me to do all the options, when clearly in my policy for ClientHasRoom I have defined that only the user "admin" can update.
I would appreciate the help