Module: CurrentScope::MutationGuard

Extended by:
ActiveSupport::Concern
Included in:
ApplicationController, Guard
Defined in:
lib/current_scope/mutation_guard.rb

Overview

The read-only-while-impersonating gate. A SEPARATE before_action from the permission check, on purpose: the engine's management UI does skip_before_action :current_scope_check!, and a gate folded into that check would exempt the highest-value surface (grid/role/grant mutations). Guard includes this so the gate runs BEFORE the permission check; the engine ApplicationController includes it directly so skipping the permission check never skips the gate.

An impersonated session is read-only by default: any non-GET/HEAD request is denied while a real actor stands behind a different effective subject. The endpoints that MUST run while impersonating — a host's stop-impersonation, sign-out, and sign-in actions — opt out with:

skip_before_action :current_scope_mutation_guard!

(Method spoofing is not a concern: Rack::MethodOverride only upgrades POST, and mutating actions are verb-pinned by routing.)