search

varvet / godmin

Admin framework for Rails 5+
http://godmin-sandbox.herokuapp.com
MIT License
486 stars 51 forks source link

Allow skip authorization per controller action #226

Closed jensljungblad closed 6 years ago

jensljungblad commented 7 years ago

Authorization should perhaps work similar to authentication, in that you can skip it per controller action.

Currently authentication and authorization is implemented by including modules:

class ApplicationController < ActionController::Base
  include Godmin::ApplicationController
  include Godmin::Authentication
  include Godmin::Authorization
end

Authentication can be disabled per controller/action by doing:

class ArticlesController < ApplicationController
  include Godmin::ResourceController

  skip_before_action :authenticate_admin_user
end

Authorization can not be disabled. We could enable this in a similar way. Perhaps we could do something like this:

class ArticlesController < ApplicationController
  include Godmin::ResourceController

  skip_before_action :enable_authentication, only: [...]
  skip_before_action :enable_authorization, only: [...]
end

These before actions could set instance variables that could be checked by ApplicationController#authentication_enabled? and ApplicationController#authorization_enabled?.

You could of course also override authorization_enabled? in your controller, but if you only need it for a particular action it would perhaps make sense to leverage the existing skip_before_action function that already has this built in.

jensljungblad commented 7 years ago

Added some code to test this here: https://github.com/varvet/godmin/pull/231