simo
Reputation: 24558
Rails 3.1, How to exclude authorize resource for devise controller?
I need to do some thing like that:
class ApplicationController < ActionController::Base
authorize_resource :unless => :devise_controller?
...
But, if I try to click on sign-up link, I get:
NameError in Devise::SessionsController#new
uninitialized constant Session
How can I skip authorize_resource for all the actions of devise_controller ? or any class that inherits devise_controller ?
What if there are many controllers to exclude ?
Any help will be more than appreciated, I don't need to pass an instance, just the class name
Upvotes: 2
Views: 1756
Answers (1)
bradgonesurfing
Reputation: 32172
I do
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :authenticate_user!
# Don't let controllers get away with
# any monkey business
check_authorization :unless => :devise_controller?
end
and it works for me and I am using CANCAN with rails 3.2
Upvotes: 4
Related Questions
- Rails: Ask user authentication before CanCan access denied
- Using cancan to prevent access to controller
- Using CanCan authorize_resource in odd controller
- Using CanCan to authorize_resource, but don't want it for all actions
- cancan skip_authorization_check for Devise authentication
- Nested resource authorization with devise and cancan
- Using Devise with CanCan
- Authorization on an association with CanCan,Devise and Rolify
- Devise/CanCan - Restricted Content
- authorizing users with cancan and devise