Merge pull request #1281 from mamhoff/allow-override-resource-authorize

Resource Controller: Allow overriding authorize_resource
AlchemyCMS · Jul 29, 2017 · 41acc37 · 41acc37
2 parents 7daea57 + ad8852b
commit 41acc37
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/app/controllers/alchemy/admin/resources_controller.rb b/app/controllers/alchemy/admin/resources_controller.rb
@@ -13,9 +13,7 @@ class ResourcesController < Alchemy::Admin::BaseController
       before_action :load_resource,
         only: [:show, :edit, :update, :destroy]
 
-      before_action do
-        authorize!(action_name.to_sym, resource_instance_variable || resource_handler.model)
-      end
+      before_action :authorize_resource
 
       def index
         @query = resource_handler.model.ransack(params[:q])
@@ -112,6 +110,10 @@ def load_resource
         instance_variable_set("@#{resource_handler.resource_name}", resource_handler.model.find(params[:id]))
       end
 
+      def authorize_resource
+        authorize!(action_name.to_sym, resource_instance_variable || resource_handler.model)
+      end
+
       # Permits all parameters as default!
       #
       # THIS IS INSECURE! Although only signed in admin users can send requests anyway, but we should change this.