auth controller needs no pundit

2016-09-21 15:20:43 -05:00 · 2016-09-21 15:20:43 -05:00 · d3205a6080
commit d3205a6080
parent 75a4fbf71a
2 changed files with 6 additions and 2 deletions
--- a/app/controllers/admin/auth_controller.rb
+++ b/app/controllers/admin/auth_controller.rb
@ -3,6 +3,10 @@ module Admin
  class AuthController < AdminController
    skip_before_action :authorize_user

+    # bypass pundit lockdowns for auth requests.
+    after_action :skip_policy_scope
+    after_action :skip_authorization
+
    def login
    end

--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@ -4,8 +4,8 @@ class AdminController < ApplicationController
  layout 'admin'
  before_action :authorize_user

-  # after_action :verify_authorized, except: :index
-  # after_action :verify_policy_scoped, only: :index
+  after_action :verify_authorized, except: :index
+  after_action :verify_policy_scoped, only: :index

  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized