TL;DR
Basically, do I have to manually call authorize! in controller actions that aren't one of the 7 RESTful defaults, or does load_and_authorize_resource still do that for me in those non-standard actions?
Longer version:
I generated a controller via rails scaffold and then added several custom actions that do some random other things.
At the top of the controller, I have load_and_authorize_resource, which I believe will call authorize! in each of the actions.
Does it do that for every single action within the controller (including the custom ones), or only those that were generated by the scaffold? (i.e. index, show, new, edit, create, update, destroy)
I see from the cancancan docs:
Setting this for every action can be tedious, therefore the load_and_authorize_resource method is provided to automatically authorize all actions in a RESTful style resource controller.
But I'm not sure if that's just the 7 originals or others the developer adds as well
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
