Make check_authorization conditional with block or options #284

Closed
ryanb opened this Issue Feb 22, 2011 · 3 comments

Projects

None yet

2 participants

@ryanb
Owner

Using engines like Devise with check_authorization causes issues because one cannot easily add authorization to those controllers. It would be nice if the check_authorization method allowed a block to dynamically customize the behavior. If it returned true it would perform the authorization. This makes it easy to skip the authorization check for Devise.

class ApplicationController < ActionController::Base
  check_authorization { |controller| !controller.devise_controller? }
end

One can also use kind_of? here to detect other controller engine classes.

@ryanb
Owner

I'm now wondering if this block's intention is clear here. It almost looks like the block is intended to perform the authorization check. Maybe it would be better to use :if and :unless options similar to validations in ActiveRecord

check_authorization :unless => lambda { |controller| controller.devise_controller? }

Even better, this could accept a symbol and call that method.

check_authorization :unless => :devise_controller?

Much cleaner and more readable.

@ryanb
Owner

adding :if and :unless options to check_authorization - closed by 80f1ab2

@multimulti

Very nice. In fact I found this commit while searching how to get my devise controller working right now. Thanks! :)

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment