module Corral::ControllerAdditions::ClassMethods

Public Instance Methods

check_authorization(options = {}) click to toggle source

Add this to a controller to ensure it performs authorization through authorized! or authorize_resource call. If neither of these authorization methods are called, a Corral::AuthorizationNotPerformed exception will be raised. This can be placed in ApplicationController to ensure all controller actions do authorization.

# File lib/corral/controller_additions.rb, line 7
def check_authorization(options = {})
  self.after_action(options.slice(:only, :except)) do |controller|
    next if controller.instance_variable_defined?(:@_authorized)
    next if options[:if] && !controller.send(options[:if])
    next if options[:unless] && controller.send(options[:unless])
    raise AuthorizationNotPerformed, "This action failed the check_authorization because it did not authorize a resource. Add skip_authorization_check to bypass this check."
  end
end
skip_authorization_check(*args) click to toggle source

Call this in the class of a controller to skip the check_authorization behavior on the actions. Any arguments are passed to the before_action called.

# File lib/corral/controller_additions.rb, line 18
def skip_authorization_check(*args)
  self.before_action(*args) do |controller|
    controller.instance_variable_set(:@_authorized, true)
  end
end