Skip authorization checks for amf controller
authorAndy Allan <git@gravitystorm.co.uk>
Wed, 9 Jan 2019 09:26:12 +0000 (10:26 +0100)
committerAndy Allan <git@gravitystorm.co.uk>
Wed, 9 Jan 2019 09:26:12 +0000 (10:26 +0100)
app/controllers/amf_controller.rb

index 4f6adae5da6b08dd38b763f5aff392e53d359ce2..fdad432a8d44802c592e309f54e95d0d9a334f4c 100644 (file)
@@ -41,6 +41,11 @@ class AmfController < ApplicationController
   skip_before_action :verify_authenticity_token
   before_action :check_api_writable
 
+  # AMF Controller implements its own authentication and authorization checks
+  # completely independently of the rest of the codebase, so best just to let
+  # it keep doing its own thing.
+  skip_authorization_check
+
   # Main AMF handlers: process the raw AMF string (using AMF library) and
   # calls each action (private method) accordingly.