skip authorization for specific controllers using pundit in rails 4

Asked 23/5, 2015 at 1:37 Answered 3/6, 2017 at 5:23

I am using rails 4, devise for authentication and Pundit for authorization. I have restricted my application to check for authorization on every controller by below code.

class ApplicationController < ActionController::Base
  include Pundit
  after_action :verify_authorized
  #.....
end

However, i want to skip authorization for two specific controllers in my application (they are open to public, users do not need to sign in). How can i achieve it without removing verify_authorized in ApplicationController ?

Vtol answered 23/5, 2015 at 1:37 Comment(0)

skip_after_action :verify_authorized

Junette answered 23/5, 2015 at 1:43 Comment(0)

I'm working with Rails 5 and I wanted to skip authorization in just one action but not the whole controller. So, what you can do according to the documentation is to use skip_authorization feature in the controller action as shown below:

class Admin::DashboardController < Admin::BaseController
    def index
        @organizers = Organizer.count
        @sponsors = Sponsor.count
        @brochures = Brochure.count

        skip_authorization
    end

    def sponsors_approve
        # some statements...
    end

    def organizers_approve
        # some statements...
    end
end

In this controller the only one action to be skipped is index, the other ones must be authorized.

I hope it could be useful for somebody else.

Tadeas answered 3/6, 2017 at 5:23 Comment(1)

Better use before_action :skip_authorization, only: :index, this way it's clear what you're doing and you don't have to copy anything if you decide you wanna do this in any other action as well – Presently 10/2, 2020 at 11:28

Recommended topics

Hot tags