module Corral::ControllerAdditions::ClassMethods
Public Instance Methods
check_authorization(options = {})
click to toggle source
Add this to a controller to ensure it performs authorization through authorized
! or authorize_resource
call. If neither of these authorization methods are called, a Corral::AuthorizationNotPerformed
exception will be raised. This can be placed in ApplicationController to ensure all controller actions do authorization.
# File lib/corral/controller_additions.rb, line 7 def check_authorization(options = {}) self.after_action(options.slice(:only, :except)) do |controller| next if controller.instance_variable_defined?(:@_authorized) next if options[:if] && !controller.send(options[:if]) next if options[:unless] && controller.send(options[:unless]) raise AuthorizationNotPerformed, "This action failed the check_authorization because it did not authorize a resource. Add skip_authorization_check to bypass this check." end end
skip_authorization_check(*args)
click to toggle source
Call this in the class of a controller to skip the check_authorization
behavior on the actions. Any arguments are passed to the before_action
called.
# File lib/corral/controller_additions.rb, line 18 def skip_authorization_check(*args) self.before_action(*args) do |controller| controller.instance_variable_set(:@_authorized, true) end end