-
Notifications
You must be signed in to change notification settings - Fork 623
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pundit + Gems like Devise, "right" way to handle it? #113
Comments
Not sure I understand the question. Devise is authentication only, so your only thing to do should be to define #pundit_user in your controller and define policies. |
When I followed the README examples, i.e. adding
to application_controller.rb, I get errors from the devise controllers unless I import all of them and authorise them. I do have a user policy but that doesn't seem to be enough for all the features in devise (sessions, confirm password functionality, forgot password functionality). I momentarily resolved this problem by removing that line from the application controller and just added it to the controllers for app specific stuff that I control. Alternatively I authorised the controllers themselves by importing them and doing authorise self in the methods. I hope this clarifies even just a little the current scenario. |
|
But once I removed it all the double render errors and the not authorised errors that were triggered in devise context (login, forgot password etc.) went away |
@guareschi it's not a problem to remove it. You can also add a conditional to the before filter to exclude Devise's controller, IIRC def verify_authorized
super unless inside_devise?
end Where |
@guareschi Does each of your controller actions really need to be authorized? If not, just put this this in the controllers that carry authorization logic, and avoid the |
@guareschi if you want to skip the verification when on the Devise controller you should try: before_action :verify_authorized, except: index, unless: :devise_controller? Worked for me |
To me works with |
@fangari Is the The version I used was: after_action :verify_authorized, unless: :devise_controller? |
now needs to be as follows I think:
|
What is the "right" way to handle models/controller policies when these classes come from a gem, like, say, Devise?
Having a solid example for a public auth gem like Devise would make for a great learning experience for those who are a bit more green in ruby and rails.
The text was updated successfully, but these errors were encountered: