module Can4::ControllerAdditions::ClassMethods

Public Instance Methods

check_authorization(*args) click to toggle source

Add this to a controller to ensure it performs authorization through an {#authorize!} call.

If neither of these authorization methods are called, a {Can4::AuthorizationNotPerformed} exception will be raised.

This can be placed in your ApplicationController to ensure all controller actions perform authorization.

# File lib/can4/controller_additions.rb, line 37
def check_authorization(*args)
  after_action(*args) do |controller|
    next if controller.instance_variable_defined?(:@_authorized)

    raise AuthorizationNotPerformed,
      'This action failed to check_authorization because it did not ' \
      'authorize a resource. Add skip_authorization_check to bypass ' \
      'this check.'
  end
end
skip_authorization_check(*args) click to toggle source

Call this in the class of a controller to skip the check_authorization behavior on the actions. Arguments are the same as before_action.

# File lib/can4/controller_additions.rb, line 50
def skip_authorization_check(*args)
  before_action(*args) do |controller|
    controller.instance_variable_set(:@_authorized, true)
  end
end