Getting CanCan::AuthorizationNotPerformed when creating comments

[davidkariuki]

I'm getting

CanCan::AuthorizationNotPerformed in Admin::CommentsController#create 
This action failed the check_authorization because it does not authorize_resource. 
Add skip_authorization_check to bypass this check.

when I try to post a comment. The weird thing is that comments are created anyway. I have check_authorization in my application controller so every action needs to be authorized but I'm not sure how to authorize Admin::CommentsController#create.

[jpmckinney]

I don't think check_authorization is safe to use with ActiveAdmin for this reason.

[davidkariuki]

So there's no solution for this?

[jpmckinney]

Have you tried skip_authorization_check or adding an :if or :unless option to check_authorization? See https://github.com/ryanb/cancan/wiki/Ensure-Authorization

[davidkariuki]

Yup that did the trick. I wish there was a different way though because this means that I can't use cancan to manage who can comment.

# application_controller.rb

before_filter :check_authorization, :unless => :admin_comments_controller?

def admin_comments_controller?
  controller_path == 'admin/comments'
end

[xxEoD2242]

So, I'm not sure if you have found a solution to this or still need a solution, but I solved a similar issue the following way:

From my understanding, CanCan is looking for particular resources to authorize when using that callback for every action. Therefore, in ActiveAdmin, it doesn't explicitly create model files for certain models. I had one for a different app and simply created a model for the controller action I was trying to create. I would recommend explicitly creating a comments model file and see if that does the trick for the admin controller.

[dorianmariecom]

here is how i did it

  check_authorization unless: :admin_controller?

  def admin_controller?
    request.path.starts_with?("/admin")
  end