Set up Pundit

Gemfile

@@ -109,3 +109,5 @@ gem "omniauth-rails_csrf_protection", "~> 1.0"
 gem "net-smtp"
 gem "net-imap"
 gem "net-pop"
+
+gem "pundit", "~> 2.2"

Gemfile.lock

@@ -304,6 +304,8 @@ GEM
     public_suffix (4.0.7)
     puma (6.0.0)
       nio4r (~> 2.0)
+    pundit (2.2.0)
+      activesupport (>= 3.0.0)
     questiongenerator (1.0.0)
     racc (1.6.0)
     rack (2.2.4)
@@ -550,6 +552,7 @@ DEPENDENCIES
   pg
   pghero
   puma
+  pundit (~> 2.2)
   questiongenerator (~> 1.0)
   rails (~> 6.1)
   rails-controller-testing

app/controllers/application_controller.rb

@@ -1,4 +1,5 @@
 class ApplicationController < ActionController::Base
+  include Pundit::Authorization
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception