Check if current request is protected in Rails with CanCan

Question

I'm using the CanCan gem in my Rails app and want to check if the current request is a protected resource in my application.

So for example I have the following:

class AdminController < ApplicationController

  load_and_authorize_resource

end

How can I check if the request is protected by CanCan?

I can access the controller and action via params. I can't use the standard can? and cannot? helpers as they will check if the current_user has permission rather than if the action itself has a protection on it.

So for example:

class ApplicationController < ActionController::Base

  before_action :check_protected

  def check_protected
    if can? params[:action].to_sym, Object.const_get(params[:controller].classify)
      # resource is protected
    else
      # resource is not protected
    end
  end

end

^^ This won't work because it will always say false when no current_user or if the user doesn't have permission. I need to check if the resource itself is protected with CanCan.

If I had these examples:

class PostsController < AdminController

  def index
  end

end

class HomeController < ApplicationController

  def index
  end

end

The index for PostsController should be identifiable as protected, and the index for HomeController as unprotected.

Answer 1

CanCan uses CanCan::ControllerResource#skip? method to determine whether it should authorize resource or not. So I guess you may rely on it as follows:

  def check_protected
    if CanCan::ControllerResource.new(self).skip?(:authorize)
      # resource is not protected
    else
      # resource is protected
    end
  end

I've tried it in my sandbox and it worked for me