Module: LcpRuby::AuthorizedController
- Extended by:
- ActiveSupport::Concern
- Included in:
- ResourcesController
- Defined in:
- lib/lcp_ruby/authorized_controller.rb
Overview
Enables Pundit’s ‘after_action :verify_authorized` framework guarantee on LCP controllers — every action must call `authorize` (or `skip_authorization` explicitly) or the request raises `Pundit::AuthorizationNotPerformedError` in dev/test, surfacing gateless paths the boot validator can’t reach.
Composes with ‘LcpRuby::Controller::Authorization` (which provides the dynamic-policy `authorize` override and the tracker primitives — `verify_authorized`, `skip_authorization`, etc.). This concern only adds the `after_action` hook plus a Devise opt-out predicate.
See docs/design/authorization_hardening.md § “Layer 4 —Controller-level verify_authorized” and § “AuthorizedController concern shape and skip-list taxonomy”.