CanCan is an authorization library for Ruby on Rails that defines the authorization of specific resources for multiple users.
If there is an instance where you want to ensure that a certain authorization is not forgotten, you can append the add check_authorization to the ApplicationController.
class ApplicationController < ActionController::Base
check_authorization
end
This will ensure that authorization takes place in every inherited controller action. If not, the following exception will be raised.
CanCan::AuthorizationNotPerformed
We can modify the permissions so that it is skipped on new objects using skip_authorization_check. This authorization can be skipped using :only, which only skips the properties stated, and :except, which skips all the properties except the ones stated.
The following code skips the authorization check for newly created objects:
class ApplicationController < ActionController::Base
skip_authorization_check :only =>[:new]
end
CanCan1.6 allows you to conditionally check authorizations when given a method. This is done by using the keyword :if and :unless.
Here is an example that allows access to a user who is tagged as admin:
class ApplicationController < ActionController::Base
check_authorization :if => :admin?
private
def admin?
request.subdomain == "admin"
end
end
Note:
check_authorizationonly ensures that the authorization is performed.
Free Resources