Last Updated: February 25, 2016
·
3.864K
· maciejsmolinski

CanCan: Load and authorize resource under certain circumstances only

You might want to avoid overhead of putting

load_and_authorize_resource

in every controller that you want to authorize using CanCan by putting it inside ApplicationController

class ApplicationController < ActionController::Base
  load_and_authorize_resource
end

Unfortunately, this might cause your SessionsController (being used by Devise for example) and other controllers to break in some cases, e.g. on :destroy action.

Why not to try load_and_authorize_resource under certain circumstances only?

This might really help you:

class ApplicationController < ActionController::Base
  load_and_authorize_resource if: lambda { |controller| [:problems, :analyses].include? controller.controller_name.to_sym }
end