projects
/
rails.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
fc6209d
)
Ensure authorization checks happen for all controller methods
author
Andy Allan
<git@gravitystorm.co.uk>
Wed, 16 Jan 2019 10:45:13 +0000
(11:45 +0100)
committer
Andy Allan
<git@gravitystorm.co.uk>
Wed, 16 Jan 2019 10:45:13 +0000
(11:45 +0100)
app/controllers/application_controller.rb
patch
|
blob
|
history
diff --git
a/app/controllers/application_controller.rb
b/app/controllers/application_controller.rb
index 38758e1df4277031c64ee47b5242701890261793..fa6d432e9b06c7d07b3f071e5df68525748e9856 100644
(file)
--- a/
app/controllers/application_controller.rb
+++ b/
app/controllers/application_controller.rb
@@
-4,6
+4,7
@@
class ApplicationController < ActionController::Base
protect_from_forgery :with => :exception
rescue_from CanCan::AccessDenied, :with => :deny_access
+ check_authorization
before_action :fetch_body
around_action :better_errors_allow_inline, :if => proc { Rails.env.development? }