diff --git a/app/controllers/admin/auth_controller.rb b/app/controllers/admin/auth_controller.rb index 6c8f07f..afc039f 100644 --- a/app/controllers/admin/auth_controller.rb +++ b/app/controllers/admin/auth_controller.rb @@ -3,6 +3,10 @@ module Admin class AuthController < AdminController skip_before_action :authorize_user + # bypass pundit lockdowns for auth requests. + after_action :skip_policy_scope + after_action :skip_authorization + def login end diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index d8a0b69..b152c8e 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -4,8 +4,8 @@ class AdminController < ApplicationController layout 'admin' before_action :authorize_user - # after_action :verify_authorized, except: :index - # after_action :verify_policy_scoped, only: :index + after_action :verify_authorized, except: :index + after_action :verify_policy_scoped, only: :index rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized