From d3205a60806c9ecdbe426623127dcf293fbcce6a Mon Sep 17 00:00:00 2001 From: Mark Moser Date: Wed, 21 Sep 2016 15:20:43 -0500 Subject: [PATCH] auth controller needs no pundit --- app/controllers/admin/auth_controller.rb | 4 ++++ app/controllers/admin_controller.rb | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/app/controllers/admin/auth_controller.rb b/app/controllers/admin/auth_controller.rb index 6c8f07f..afc039f 100644 --- a/app/controllers/admin/auth_controller.rb +++ b/app/controllers/admin/auth_controller.rb @@ -3,6 +3,10 @@ module Admin class AuthController < AdminController skip_before_action :authorize_user + # bypass pundit lockdowns for auth requests. + after_action :skip_policy_scope + after_action :skip_authorization + def login end diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index d8a0b69..b152c8e 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -4,8 +4,8 @@ class AdminController < ApplicationController layout 'admin' before_action :authorize_user - # after_action :verify_authorized, except: :index - # after_action :verify_policy_scoped, only: :index + after_action :verify_authorized, except: :index + after_action :verify_policy_scoped, only: :index rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized