Rails/Pundit ArgumentError (wrong number of argume

2019-07-16 14:52发布

问题:

I've been banging my head against this a day. I am trying to implement a pundit policy(using Devise for authentication) for a model called Design that belongs to a User which has many designs. Should create and new be excepted from authorize after action as well? It seems like this should work. Help much appreciated

I keep running into

ArgumentError (wrong number of arguments (2 for 0)):

when creating a new design(where the 'debugger' is). I think that it is passing a valid @design into the policy finder. It may be the way I have set up the scope in the policy.

Here is the designs controller:

class DesignsController < ApplicationController
  before_filter :authenticate_user!
  before_action :set_design, only: [:show, :edit, :update, :destroy]
  after_action :verify_authorized, except: [:index, :new]

  # GET /designs
  # GET /designs.json
  def index
    @designs = policy_scope(Design)

  end

  # GET /designs/1
  # GET /designs/1.json
  def show
  end

  # GET /designs/new
  def new
    @design = Design.new  

  end

  # GET /designs/1/edit
  def edit
  end

  # POST /designs
  # POST /designs.json
  def create
    @design = Design.new(design_params)
     @design.user_id = current_user.id

    respond_to do |format|
      if @design.save
        format.html { redirect_to @design, notice: 'Design was successfully created.' }
        format.json { render :show, status: :created, location: @design }
      else
        format.html { render :new }
        format.json { render json: @design.errors, status: :unprocessable_entity }
      end
    end
    debugger // This is where it throws the exception
    authorize @design
  end

  # PATCH/PUT /designs/1
  # PATCH/PUT /designs/1.json
  def update
    respond_to do |format|
      if @design.update(design_params)
        format.html { redirect_to @design, notice: 'Design was successfully updated.' }
        format.json { render :show, status: :ok, location: @design }
      else
        format.html { render :edit }
        format.json { render json: @design.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /designs/1
  # DELETE /designs/1.json
  def destroy
    @design.destroy
    respond_to do |format|
      format.html { redirect_to designs_url, notice: 'Design was successfully destroyed.' }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_design
      @design = Design.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def design_params
      params.require(:design).permit(:name, :description, :design_model, :certification_for_distribution, :manufacturing_test)
    end
end

Here is the Designs Policy Class

class DesignPolicy 

  class Scope<DesignPolicy
    attr_reader :user, :scope

    def initialize(user,scope)
      @user = user
      @scope = scope
    end

    def resolve
      if user.admin?

        @scope.all
      else

        @scope.all.where(user_id: user.id)
      end
    end
  end

  def index?
    debugger
    true
  end

  def new?
    debugger
    @current_user != nil
  end

  def create?
    @current_user != nil
    new?
  end



end

回答1:

  1. The scope should not inherit from DesignPolicy https://github.com/elabs/pundit#scopes
  2. You need to setup DesignPolicy to have an initialize method as well https://github.com/elabs/pundit#policies

If you have them inheriting from ApplicationPolicy, then you don't need to have the initialize methods setup in each policy. The pundit documentation is excellent, I reference it almost every day. As long as you know about classes and inheritance in Ruby, you should have no problem.