Handle authentication

If your application uses authentication, for example with Devise gem, you probably want to prevent access to popovers if there is no authenticated user.

Since the popover is rendered by a controller that inherits from your ApplicationController, you can do it by raising a custom error from the popover and catching it to respond with the appropriate status:

# app/popovers/application_popover.rb

class ApplicationPopover < Coupdoeil::Popover
  UnauthenticatedError = Class.new(StandardError)

  before_action :reject_unauthenticated_user!

  private

  def reject_unauthenticated_user!
    raise UnauthenticatedError unless controller.user_signed_in?
  end
end

# app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
  rescue_from ApplicationPopover::UnauthenticatedError do
    head :forbidden
  end
end

It uses the controller method that returns the instance of Coupdoeil::PopoversController that is rendering the popover, which inherits from ApplicationController, You can therefore check user authentication on it, here in the example with the method provided by Devise.

You might need to restart your server for the rescue_from to take effect, as it doesn’t seem to be reloaded at runtime.

Redirection won’t work because Coupdoeil will follow it and render the content of the redirection location in the popover. But authentication errors on popover should not happen in normal flow in your app so this is not a big deal.