Handle authentication

If your application uses authentication, for example with Devise gem, you probably want to prevent access to popovers if there is no authenticated user.

Since the popover is rendered by a controller that inherits from your ApplicationController, you can do it by raising a custom error from the popover and catching it to respond with the appropriate status:

# app/popovers/application_popover.rb

class ApplicationPopover < Coupdoeil::Popover
  UnauthenticatedError = Class.new(StandardError)

  before_action :reject_unauthenticated_user!

  private

  def reject_unauthenticated_user!
    raise UnauthenticatedError unless user_signed_in?
  end
end
# app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
  rescue_from ApplicationPopover::UnauthenticatedError do
    head :forbidden
  end
end

user_signed_in? is a helper_method added by Devise that is made available when rendering popovers. See documentation about helpers. It is available by default, but will be undefined if config option delegate_helper_methods is set to false.

You might need to restart your server for the rescue_from to take effect, as it doesn’t seem to be reloaded at runtime.