Method: CanCan::ControllerAdditions#authorize!

Defined in:: lib/cancan/controller_additions.rb

#authorize!(*args) ⇒ `Object`

Raises a CanCan::AccessDenied exception if the current_ability cannot perform the given action. This is usually called in a controller action or before filter to perform the authorization.

def show
  @article = Article.find(params[:id])
  authorize! :read, @article
end

A :message option can be passed to specify a different message.

authorize! :read, @article, :message => "Not authorized to read #{@article.name}"

You can also use I18n to customize the message. Action aliases defined in Ability work here.

en:
  unauthorized:
    manage:
      all: "Not authorized to %{action} %{subject}."
      user: "Not allowed to manage other user accounts."
    update:
      project: "Not allowed to update this project."

You can rescue from the exception in the controller to customize how unauthorized access is displayed to the user.

class ApplicationController < ActionController::Base
  rescue_from CanCan::AccessDenied do |exception|
    redirect_to root_url, :alert => exception.message
  end
end

See the CanCan::AccessDenied exception for more details on working with the exception.

See the load_and_authorize_resource method to automatically add the authorize! behavior to the default RESTful actions.

# File 'lib/cancan/controller_additions.rb', line 342

def authorize!(*args)
  @_authorized = true
  current_ability.authorize!(*args)
end

Method: CanCan::ControllerAdditions#authorize!

#authorize!(*args) ⇒ Object

#authorize!(*args) ⇒ `Object`