Method: CanCan::ControllerAdditions::ClassMethods#check_authorization

Defined in:
lib/cancan/controller_additions.rb

#check_authorization(options = {}) ⇒ Object

Add this to a controller to ensure it performs authorization through authorize! or authorize_resource call. If neither of these authorization methods are called, a CanCan::AuthorizationNotPerformed exception will be raised. This is normally added to the ApplicationController to ensure all controller actions do authorization.

class ApplicationController < ActionController::Base
  check_authorization
end

See skip_authorization_check to bypass this check on specific controller actions.

Options:

:only

Only applies to given actions.

:except

Does not apply to given actions.

:if

Supply the name of a controller method to be called. The authorization check only takes place if this returns true.

check_authorization :if => :admin_controller?
:unless

Supply the name of a controller method to be called. The authorization check only takes place if this returns false.

check_authorization :unless => :devise_controller?



265
266
267
268
269
270
271
272
273
274
275
276
277
 
# File 'lib/cancan/controller_additions.rb', line 265

def check_authorization(options = {})
  block = proc do |controller|
    next if controller.instance_variable_defined?(:@_authorized)
    next if options[:if] && !controller.send(options[:if])
    next if options[:unless] && controller.send(options[:unless])

    raise AuthorizationNotPerformed,
          'This action failed the check_authorization because it does not authorize_resource. ' \
          'Add skip_authorization_check to bypass this check.'
  end

  send(:after_action, options.slice(:only, :except), &block)
end