Pundit skip_authorization not working via direct before_action

Question

I have a test that looks like this

test 'should get new' do
  get new_organization_url
  assert_response :success
end

When I run this test I get an error

Error:
OrganizationsControllerTest#test_should_get_new:
Pundit::AuthorizationNotPerformedError

In my organizations_controller I was using

before_action :skip_authorization, only: [:create, :new]

Something odd I've noticed, if I implement the skip_authorization as

before_action :skip_auth, only: [:create, :new]
  
def skip_auth
  skip_authorization
end

This test passes. What's the difference, what am I missing?

score 0 · Answer 1 · answered Jul 08 '20 at 12:37

This was happening because my organizations_controller had a concern that was mixing in some logic and using before_action :skip_authorization, only: [:index]

To fix this issue I updated my application_controller to use

after_action :verify_authorized, except: :index
after_action :verify_policy_scoped, only: :index

And also learned I can't use the same method in two different before_actions (the :only arrays are not merged)

Pundit skip_authorization not working via direct before_action

1 Answers1