Method: CanCan::ControllerAdditions::ClassMethods#check_authorization

Defined in:: lib/cancan/controller_additions.rb

#check_authorization(options = {}) ⇒ `Object`

Add this to a controller to ensure it performs authorization through authorized! or authorize_resource call. If neither of these authorization methods are called, a CanCan::AuthorizationNotPerformed exception will be raised. This is normally added to the ApplicationController to ensure all controller actions do authorization.

class ApplicationController < ActionController::Base
  check_authorization
end

See skip_authorization_check to bypass this check on specific controller actions.

Options:

:only

Only applies to given actions.

:except

Does not apply to given actions.

:if

Supply the name of a controller method to be called. The authorization check only takes place if this returns true.

check_authorization :if => :admin_controller?

:unless

Supply the name of a controller method to be called. The authorization check only takes place if this returns false.

check_authorization :unless => :devise_controller?

# File 'lib/cancan/controller_additions.rb', line 251

def check_authorization(options = {})
  self.after_filter(options.slice(:only, :except)) do |controller|
    next if controller.instance_variable_defined?(:@_authorized)
    next if options[:if] && !controller.send(options[:if])
    next if options[:unless] && controller.send(options[:unless])
    raise AuthorizationNotPerformed, "This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check."
  end
end

Method: CanCan::ControllerAdditions::ClassMethods#check_authorization

#check_authorization(options = {}) ⇒ Object

#check_authorization(options = {}) ⇒ `Object`