module Can4::ControllerAdditions::ClassMethods
Public Instance Methods
check_authorization(*args)
click to toggle source
Add this to a controller to ensure it performs authorization through an {#authorize!} call.
If neither of these authorization methods are called, a {Can4::AuthorizationNotPerformed} exception will be raised.
This can be placed in your ApplicationController to ensure all controller actions perform authorization.
# File lib/can4/controller_additions.rb, line 37 def check_authorization(*args) after_action(*args) do |controller| next if controller.instance_variable_defined?(:@_authorized) raise AuthorizationNotPerformed, 'This action failed to check_authorization because it did not ' \ 'authorize a resource. Add skip_authorization_check to bypass ' \ 'this check.' end end
skip_authorization_check(*args)
click to toggle source
Call this in the class of a controller to skip the check_authorization
behavior on the actions. Arguments are the same as before_action
.
# File lib/can4/controller_additions.rb, line 50 def skip_authorization_check(*args) before_action(*args) do |controller| controller.instance_variable_set(:@_authorized, true) end end