Skip to content

Safeguard verify_authorized and controllers inheritance #733

New issue
New issue
Closed
Closed
Safeguard verify_authorized and controllers inheritance#733
@pjezusek

Description

@pjezusek
pjezusek
opened on Apr 6, 2022

Hello,

I have a problem with verify_authorized method when I'm using the inheritance in controllers. My project is divided into modules. Each module has a controller with some basic stuff and the rest controllers inherit from it. For example:

class SomeModuleController < ApplicationController
   after_action :verify_authorized

   before_action :authorize_access

   def authorize_access
      authorize :some_module, :access?
   end
end

class SomeModule::SomeController < SomeModuleController
   ...
   def show
      ....
      authorize @some, :show?
   end
   ...
end

And here comes the problem. When I run my tests I would like to also check if authorize @some, show? was not forgotten. But firstly I check (in the parent controller) if a user has an access to this module at all. In this way verify_authorized won't raise any error because there is always authorization in authorize_access method before any action.

I looked at the code and the only way for now which I see is to manage @_pundit_policy_authorized flag manually but maybe there is some 'official' way to achieve what I want.

Is there something I can do, to make this safeguard suitable for my architecture?

PS.: As this is my first question I would like to thank you for this great gem.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions