Authorization should perhaps work similar to authentication, in that you can skip it per controller action.
Currently authentication and authorization is implemented by including modules:
class ApplicationController < ActionController::Base
include Godmin::ApplicationController
include Godmin::Authentication
include Godmin::Authorization
end
Authentication can be disabled per controller/action by doing:
class ArticlesController < ApplicationController
include Godmin::ResourceController
skip_before_action :authenticate_admin_user
end
Authorization can not be disabled. We could enable this in a similar way. Perhaps we could do something like this:
class ArticlesController < ApplicationController
include Godmin::ResourceController
skip_before_action :enable_authentication, only: [...]
skip_before_action :enable_authorization, only: [...]
end
These before actions could set instance variables that could be checked by ApplicationController#authentication_enabled? and ApplicationController#authorization_enabled?.
You could of course also override authorization_enabled? in your controller, but if you only need it for a particular action it would perhaps make sense to leverage the existing skip_before_action function that already has this built in.
Authorization should perhaps work similar to authentication, in that you can skip it per controller action.
Currently authentication and authorization is implemented by including modules:
Authentication can be disabled per controller/action by doing:
Authorization can not be disabled. We could enable this in a similar way. Perhaps we could do something like this:
These before actions could set instance variables that could be checked by
ApplicationController#authentication_enabled?
andApplicationController#authorization_enabled?
.You could of course also override
authorization_enabled?
in your controller, but if you only need it for a particular action it would perhaps make sense to leverage the existingskip_before_action
function that already has this built in.