Skip to content
This repository

Devise 

eitoball edited this page · 4 revisions

You can bypass Cancan 2.0's authorization for Devise controllers similar to Cancan 1.6:

class ApplicationController < ActionController::Base
  protect_from_forgery
  enable_authorization :unless => :devise_controller?
end

It may be a good idea to specify the rescue from action:

rescue_from CanCan::Unauthorized do |exception|
    if current_user.nil?
      session[:next] = request.fullpath
      puts session[:next]
      redirect_to login_url, :alert => "You have to log in to continue."
    else
      #render :file => "#{Rails.root}/public/403.html", :status => 403
      if request.env["HTTP_REFERER"].present?
        redirect_to :back, :alert => exception.message
      else
        redirect_to root_url, :alert => exception.message
      end
    end
  end
Something went wrong with that request. Please try again.