Handle authentication
If your application uses authentication, for example with Devise gem, you probably want to prevent access to popovers if there is no authenticated user.
Since the popover is rendered by a controller that inherits from your ApplicationController
, you can do it by raising a custom error from the popover and catching it to respond with the appropriate status:
# app/popovers/application_popover.rb
class ApplicationPopover < Coupdoeil::Popover
UnauthenticatedError = Class.new(StandardError)
before_action :reject_unauthenticated_user!
private
def reject_unauthenticated_user!
raise UnauthenticatedError unless user_signed_in?
end
end
# app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
rescue_from ApplicationPopover::UnauthenticatedError do
head :forbidden
end
end
user_signed_in?
is a helper_method added by Devise
that is made available when rendering popovers. See documentation about helpers. It is available by default, but will be undefined if config option delegate_helper_methods
is set to false
.
You might need to restart your server for the rescue_from
to take effect, as it doesn’t seem to be reloaded at runtime.