redactor-rails icon indicating copy to clipboard operation
redactor-rails copied to clipboard

Published 20 hours ago verified publisher icon SammyLin

Add skip_authorization_check seems to be required...

Open chrxs opened this issue 11 years ago • 8 comments

I'm using the redactor-rails in an admin section for an app, when a user logs in and then can edit content.

When I try to upload an image, I get the error:

This action failed the check_authorization because it does not authorize_resource.
Add skip_authorization_check to bypass this check.

Is there a way around this? Or something I'm doing wrong?

cheers

  • Chris

chrxs avatar Aug 16 '13 14:08 chrxs

I'm having the same issue. How can I bypass this?

holgersindbaek avatar Aug 21 '13 15:08 holgersindbaek

@chrxs @SammyLin What did you end up doing?

holgersindbaek avatar Aug 21 '13 19:08 holgersindbaek

+1

Averethel avatar Aug 26 '13 14:08 Averethel

@Averethel Hi Sakwerda. Do you have a temporary solution to this one?

holgersindbaek avatar Aug 26 '13 14:08 holgersindbaek

I ended up with quite ugly workaround. I defined: redactor_controller? method in my ApplicationController returning true for redactor controllers (it was simple checking if controller is in the redactor namespace). Then according to CanCan documentation I added ``check_authorization unless: :redactor_controller?` which did a trick.

Other option would be to define a module adding skip_authorization_check and include it in the base redactor controller.

Or you can disable check_authorization. After all it's only a development help so you can live without it on production.

Averethel avatar Aug 26 '13 14:08 Averethel

THanks for the quick response. I'll look into it.

Should be relatively easy to fix in the real gem though. Shouldn't it?

All the best

Holger Sindbaek Holgersindbaek.com (http://Holgersindbaek.com)

Co-founder Uninkd.com (http://Uninkd.com) Meer.li (http://Meer.li)

On Monday, August 26, 2013 at 4:48 PM, Krzysztof Sakwerda wrote:

I ended up with quite ugly workaround. I defined: redactor_controller? method in my ApplicationController returning true for redactor controllers (it was simple checking if controller is in the redactor namespace). Then according to CanCan documentation I added `check_authorization unless: :redactor_controller? which did a trick.
Other option would be to define a module adding skip_authorization_check and include it in the base redactor controller. Or you can disable check_authorization. After all it's only a development help so you can live without it on production.

— Reply to this email directly or view it on GitHub (https://github.com/SammyLin/redactor-rails/issues/81#issuecomment-23267442).

holgersindbaek avatar Aug 26 '13 14:08 holgersindbaek

You're welcome. That's true. I guess point is that not everyone is using CanCan ;)

Averethel avatar Aug 26 '13 14:08 Averethel

Has a better solution been found for this?

lucasklaassen avatar Jun 11 '15 03:06 lucasklaassen