Does load_and_authorize_resource authorize every single action in a controller, or just RESTful ones?

Question

TL;DR

Basically, do I have to manually call authorize! in controller actions that aren't one of the 7 RESTful defaults, or does load_and_authorize_resource still do that for me in those non-standard actions?

Longer version:

I generated a controller via rails scaffold and then added several custom actions that do some random other things.

At the top of the controller, I have load_and_authorize_resource, which I believe will call authorize! in each of the actions.

Does it do that for every single action within the controller (including the custom ones), or only those that were generated by the scaffold? (i.e. index, show, new, edit, create, update, destroy)

I see from the cancancan docs:

Setting this for every action can be tedious, therefore the load_and_authorize_resource method is provided to automatically authorize all actions in a RESTful style resource controller.

But I'm not sure if that's just the 7 originals or others the developer adds as well

score 0 · Answer 1 · answered Jan 23 '21 at 11:35

0

Simple answer is yes, it will apply to all actions in the controller

From cancancan docs on choosing actions:

By default this will apply to every action in the controller even if it is not one of the 7 RESTful actions.

answered Jan 23 '21 at 11:35

stevec

41,291
27
223
311

Does load_and_authorize_resource authorize every single action in a controller, or just RESTful ones?

1 Answers1

Linked