at.
Reputation: 52500
Using CanCan to authorize_resource, but don't want it for all actions
I'm using Devise and CanCan with Rails 4. Both working great, but I don't want either to be in effect for 2 specific actions of a controller. So I do the following for Devise:
before_filter :authenticate_user!, except: [:check_in_list, :check_in]
This requires the user to be logged in for all exceptions except the check_in_list and check_in actions. Works exactly as I intended. The problem is when I add authorize_resource:
before_filter :authenticate_user!, except: [:check_in_list, :check_in]
authorize_resource
Now if I try to go to the check_in_list or check_in pages, it redirects me to log in. Is there something similar to the except option for authorize_resource?
Upvotes: 2
Views: 2199
Answers (2)
MikeZ
Reputation: 495
According to gem documentation https://github.com/ryanb/cancan/wiki/authorizing-controller-actions you can use skip_authorize_resource:
skip_authorize_resource only: [:check_in_list, :check_in]
Upvotes: 3
Related Questions
- authorizing specific controller action using cancancan
- CanCan skip authorization for some action
- Authorize controller actions with cancan in rails
- Using CanCan authorize_resource in odd controller
- Cancan Authorizing Controller Action in Nested Resources
- cancan skip_authorization_check for Devise authentication
- Rails 3 CanCan Authorizing Scoped Ownership
- Rails authorization: Can I just add a before_filter for all actions? without using Cancan
- Rails 3.1, How to exclude authorize resource for devise controller?
- Skipping one rails action in CanCan