Make check_authorization conditional with block or options #284

ryanb opened this Issue Feb 22, 2011 · 3 comments


None yet

2 participants


Using engines like Devise with check_authorization causes issues because one cannot easily add authorization to those controllers. It would be nice if the check_authorization method allowed a block to dynamically customize the behavior. If it returned true it would perform the authorization. This makes it easy to skip the authorization check for Devise.

class ApplicationController < ActionController::Base
  check_authorization { |controller| !controller.devise_controller? }

One can also use kind_of? here to detect other controller engine classes.


I'm now wondering if this block's intention is clear here. It almost looks like the block is intended to perform the authorization check. Maybe it would be better to use :if and :unless options similar to validations in ActiveRecord

check_authorization :unless => lambda { |controller| controller.devise_controller? }

Even better, this could accept a symbol and call that method.

check_authorization :unless => :devise_controller?

Much cleaner and more readable.


adding :if and :unless options to check_authorization - closed by 80f1ab2


Very nice. In fact I found this commit while searching how to get my devise controller working right now. Thanks! :)

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment