def show
authorize @photo
end
When you pass the authorize method an instance of Photo:
It assumes there is a class called PhotoPolicy in app/policies.
It assumes there is a method called current_user.
It passes current_user as the first argument and whatever you pass to authorize (in this case, photo) as the second argument to a new instance of PhotoPolicy.
It calls a method named after the action with a ? appended on the new policy instance.
If it gets back false, it raises Pundit::NotAuthorizedError.
Top comments (0)