Update pundit docs to include instructions for disabling the verify b…

…efore_actions
activeadmin · Jan 29, 2018 · 2066a56 · 2066a56
1 parent f71b375
commit 2066a56
Showing 1 changed file with 28 additions and 9 deletions.
diff --git a/docs/13-authorization-adapter.md b/docs/13-authorization-adapter.md
@@ -245,22 +245,41 @@ To view more details about the API's, visit project pages of
 
 ## Using the Pundit Adapter
 
-Active Admin provides an adapter out of the box also for
+Active Admin also provides an adapter out of the box for
 [Pundit](https://github.com/elabs/pundit).
 
-To use the Pundit adapter, simply update the configuration in the Active Admin
+To use the Pundit adapter, update the configuration in the Active Admin
 initializer:
 
 ```ruby
 config.authorization_adapter = ActiveAdmin::PunditAdapter
 ```
 
-You can simply use Pundit the way that you would expect and Active Admin will
-use it for authorization. Check Pundit's documentation to [set up Pundit in your
-application](https://github.com/elabs/pundit#installation). If you want to use
-batch actions just ensure that `destroy_all?` method is defined in your policy
-class. You can use this [template
+Once that's done, Active Admin will pick up your Pundit policies, and use
+them for authorization. For more information about setting up Pundit, see
+[their documention](https://github.com/elabs/pundit#installation).
+
+Pundit also has [verify_authorized and/or verify_policy_scoped
+methods](https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used)
+to enforce usage of `authorized` and `policy_scope`. This conflicts with Active
+Admin's authorization architecture, so if you're using those features, you'll
+want to disable them for Active Admin's controllers:
+
+```ruby
+class ApplicationController < ActionController::Base
+  include Pundit
+  after_action :verify_authorized, except: :index, unless: :active_admin_controller?
+  after_action :verify_policy_scoped, only: :index, unless: :active_admin_controller?
+
+  def active_admin_controller?
+    is_a?(ActiveAdmin::BaseController)
+  end
+end
+```
+
+If you want to use batch actions, ensure that `destroy_all?` method is defined
+in your policy class. You can use this [template
 policy](https://github.com/activeadmin/activeadmin/blob/master/spec/support/templates/policies/application_policy.rb)
-in your application instead of default one generated by Pundit's `rails g
-pundit:install` command.
+in your application instead of default one generated by Pundit's
+`rails g pundit:install` command.