Module: Can4::ControllerAdditions::ClassMethods

Defined in:: lib/can4/controller_additions.rb

Instance Method Summary collapse

#check_authorization(*args) ⇒ Object

Add this to a controller to ensure it performs authorization through an #authorize! call.
#skip_authorization_check(*args) ⇒ Object

Call this in the class of a controller to skip the check_authorization behavior on the actions.

Instance Method Details

#check_authorization(*args) ⇒ `Object`

Add this to a controller to ensure it performs authorization through an Can4::ControllerAdditions#authorize! call.

If neither of these authorization methods are called, a AuthorizationNotPerformed exception will be raised.

This can be placed in your ApplicationController to ensure all controller actions perform authorization.

# File 'lib/can4/controller_additions.rb', line 37

def check_authorization(*args)
  after_action(*args) do |controller|
    next if controller.instance_variable_defined?(:@_authorized)

    raise AuthorizationNotPerformed,
      'This action failed to check_authorization because it did not ' \
      'authorize a resource. Add skip_authorization_check to bypass ' \
      'this check.'
  end
end

#skip_authorization_check(*args) ⇒ `Object`

Call this in the class of a controller to skip the check_authorization behavior on the actions. Arguments are the same as before_action.

# File 'lib/can4/controller_additions.rb', line 50

def skip_authorization_check(*args)
  before_action(*args) do |controller|
    controller.instance_variable_set(:@_authorized, true)
  end
end