Module: CurrentScope::MutationGuard
- Extended by:
- ActiveSupport::Concern
- Included in:
- ApplicationController, Guard
- Defined in:
- lib/current_scope/mutation_guard.rb
Overview
The read-only-while-impersonating gate. A SEPARATE before_action from the permission check, on purpose: the engine's management UI does skip_before_action :current_scope_check!, and a gate folded into that check would exempt the highest-value surface (grid/role/grant mutations). Guard includes this so the gate runs BEFORE the permission check; the engine ApplicationController includes it directly so skipping the permission check never skips the gate.
An impersonated session is read-only by default: any non-GET/HEAD request is denied while a real actor stands behind a different effective subject. The endpoints that MUST run while impersonating — a host's stop-impersonation, sign-out, and sign-in actions — opt out with:
skip_before_action :current_scope_mutation_guard!
(Method spoofing is not a concern: Rack::MethodOverride only upgrades POST, and mutating actions are verb-pinned by routing.)