Reputation: 1
add the check_authorization callback of CanCanCan to the Grape API
We are using grape api in our project. We used cancancan gem for authorization. Now we are thinking to add the check_authorization callback of CanCanCan to the Grape API. This ensures that each and every endpoint does a authorize! call (except if it’s explicitly skipped).
I added check_authorization in ApplicationController. But it seems does not make any impact.
class ApplicationController < ActionController::Base
check_authorization
end
in my resource file
desc 'Get a specific job post'
get ':id' do
job_post =
JobPost.accessible_by(current_ability).find(params[:id)
current_ability.authorize! :show, job_post
present job_post, with: Entities::JobPost
end
So far I understand, if any authorizaton is not declared in api file explicitly, check_authorzation method will triggers and raise cancan access denied. But I don't get any message if I don't authorize in job_post. suppose I comment this line
# current_ability.authorize! :show, job_post
and it should raise unauthorized, if check_authorization is triggered. But it seems application controller is not connected with grape apis.
Upvotes: 0
Views: 80
Answers (0)
Related Questions
- Understanding the Rails Authenticity Token
- Can't find the 'libpq-fe.h header when trying to install pg gem
- How do I get the current absolute URL in Ruby on Rails?
- Grape API + Grape Swagger versioning issue
- How to use grape-entity without grape-api?
- CanCan issues with Rails
- Request to Grape API for rails block other requests
- Rails Authority gem, trouble with 'show' action
- Rails POST doesnt extract any path, query or request parameters