New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make check_authorization conditional with block or options #284

Closed
ryanb opened this Issue Feb 22, 2011 · 3 comments

Comments

Projects
None yet
2 participants
@ryanb
Owner

ryanb commented Feb 22, 2011

Using engines like Devise with check_authorization causes issues because one cannot easily add authorization to those controllers. It would be nice if the check_authorization method allowed a block to dynamically customize the behavior. If it returned true it would perform the authorization. This makes it easy to skip the authorization check for Devise.

class ApplicationController < ActionController::Base
  check_authorization { |controller| !controller.devise_controller? }
end

One can also use kind_of? here to detect other controller engine classes.

@ryanb

This comment has been minimized.

Show comment
Hide comment
@ryanb

ryanb Feb 22, 2011

Owner

I'm now wondering if this block's intention is clear here. It almost looks like the block is intended to perform the authorization check. Maybe it would be better to use :if and :unless options similar to validations in ActiveRecord

check_authorization :unless => lambda { |controller| controller.devise_controller? }

Even better, this could accept a symbol and call that method.

check_authorization :unless => :devise_controller?

Much cleaner and more readable.

Owner

ryanb commented Feb 22, 2011

I'm now wondering if this block's intention is clear here. It almost looks like the block is intended to perform the authorization check. Maybe it would be better to use :if and :unless options similar to validations in ActiveRecord

check_authorization :unless => lambda { |controller| controller.devise_controller? }

Even better, this could accept a symbol and call that method.

check_authorization :unless => :devise_controller?

Much cleaner and more readable.

@ryanb

This comment has been minimized.

Show comment
Hide comment
@ryanb

ryanb Mar 9, 2011

Owner

adding :if and :unless options to check_authorization - closed by 80f1ab2

Owner

ryanb commented Mar 9, 2011

adding :if and :unless options to check_authorization - closed by 80f1ab2

@multimulti

This comment has been minimized.

Show comment
Hide comment
@multimulti

multimulti Mar 10, 2011

Very nice. In fact I found this commit while searching how to get my devise controller working right now. Thanks! :)

multimulti commented Mar 10, 2011

Very nice. In fact I found this commit while searching how to get my devise controller working right now. Thanks! :)

This issue was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment