Reputation: 695
skip authorization for specific controllers using pundit in rails 4
I am using rails 4, devise for authentication and Pundit for authorization. I have restricted my application to check for authorization on every controller by below code.
class ApplicationController < ActionController::Base
include Pundit
after_action :verify_authorized
#.....
end
However, i want to skip authorization for two specific controllers in my application (they are open to public, users do not need to sign in). How can i achieve it without removing verify_authorized in ApplicationController ?
Upvotes: 10
Views: 13033
Answers (2)
Reputation: 10054
I'm working with Rails 5 and I wanted to skip authorization in just one action but not the whole controller. So, what you can do according to the documentation is to use skip_authorization feature in the controller action as shown below:
class Admin::DashboardController < Admin::BaseController
def index
@organizers = Organizer.count
@sponsors = Sponsor.count
@brochures = Brochure.count
skip_authorization
end
def sponsors_approve
# some statements...
end
def organizers_approve
# some statements...
end
end
In this controller the only one action to be skipped is index, the other ones must be authorized.
I hope it could be useful for somebody else.
Upvotes: 9
Related Questions
- What is the DRY way to restrict an entire controller with Pundit in Rails?
- Pundit::AuthorizationNotPerformedError with Devise controller
- Pundit: Authorize specific resource to differently named controller
- Skip pundit scope on one controller
- Skip authorize at a specific point inside a Rails method
- Skipping Pundit authorization with Minitest
- Authorization settings using pundit gem rails
- Pundit: authorize actions within namespaced controllers
- How to set up authorization policies for two controllers using Pundit?
- Using Pundit for authorizing controllers