Module: Can4::ControllerAdditions::ClassMethods
- Defined in:
- lib/can4/controller_additions.rb
Instance Method Summary collapse
-
#check_authorization(*args) ⇒ Object
Add this to a controller to ensure it performs authorization through an #authorize! call.
-
#skip_authorization_check(*args) ⇒ Object
Call this in the class of a controller to skip the check_authorization behavior on the actions.
Instance Method Details
#check_authorization(*args) ⇒ Object
Add this to a controller to ensure it performs authorization through an Can4::ControllerAdditions#authorize! call.
If neither of these authorization methods are called, a AuthorizationNotPerformed exception will be raised.
This can be placed in your ApplicationController to ensure all controller actions perform authorization.
37 38 39 40 41 42 43 44 45 46 |
# File 'lib/can4/controller_additions.rb', line 37 def (*args) after_action(*args) do |controller| next if controller.instance_variable_defined?(:@_authorized) raise AuthorizationNotPerformed, 'This action failed to check_authorization because it did not ' \ 'authorize a resource. Add skip_authorization_check to bypass ' \ 'this check.' end end |
#skip_authorization_check(*args) ⇒ Object
Call this in the class of a controller to skip the check_authorization behavior on the actions. Arguments are the same as before_action
.
50 51 52 53 54 |
# File 'lib/can4/controller_additions.rb', line 50 def (*args) before_action(*args) do |controller| controller.instance_variable_set(:@_authorized, true) end end |