Closed westonganger closed 10 years ago
nathanl
commented
10 years ago Your Rails controllers won't automatically restrict any actions. Even if we could automatically determine that the FooController should authorize_actions_for Foo, I think that would be undesirable, because users wouldn't always want that behavior. Eg, engines like Devise or Dossier would have their actions restricted unexpectedly, and you'd have to work to undo it.
Does this update make the documentation clearer?
westonganger
commented
10 years ago I would mention something about the controller part in the beginning of the Wiring it Up section of the readme maybe after User and Model. It could be short and sweet just like those two code blocks.
nathanl
commented
10 years ago I looked back over it, but I'm going to keep the current order for now; the order is based on the hierarchy in the "Contents" section, and I think it makes the most sense to discuss the pieces the controller logic depends on before showing usage in the controller.
It seems to me that the authorizations are not being applied unless I specify authorize_actions_for Model
In the documentation it says it should automatically apply it unless I needed a more specific configuration.