I'm trying to write sort of a short-and-sweet authentication permissions system. As it is right now, I know how I think I want it to work but I'm having trouble making it escape the controller action that was running if validation fails.
Controller in some action: if belongs_to_current_user?(@article) # User must have permission to edit their own article permission_required("article", "edit") else # User must have permission to edit other's articles permission_required("article", "edit-a") end
Application controller: # Denies access to unauthorized users. def permission_required(cont, code) unless permission?(cont, code) flash[:warning] = "You don't have the permission required for access to this function" redirect_to home_url return false end end
The "return false" I have there, I want it cancel processing from the action in my controller but it only cancels processing from the rest of the permission_required method.
I'm at a loss as to how to put code safely after calling permission_required in my controller, without worrying about it getting executed anyway after the user is redirected.