rails_admin with cancan not catching access denied exception for redirect

It looks like ApplicationController isn't actually a parent of RailsAdmin::MainController by default. So, when RailsAdmin::MainController throws the CanCan::AccessDenied exception, it never actually touches ApplicationController, and the rescue block never kicks in.

You can explicitly declare ApplicationController as the parent for RailsAdmin::MainController in the rails_admin.rb config block with

config.parent_controller = 'ApplicationController'

You can also achieve this by extending the rails_admin controller. This is monkey patching, but can be useful if you don't want to set the parent controller to ApplicationController due to a particular reason.

Add following to config/initializers/rails_admin_cancan.rb file.

require 'rails_admin/main_controller'

module RailsAdmin

  class MainController < RailsAdmin::ApplicationController
    rescue_from CanCan::AccessDenied do |exception|
      flash[:alert] = 'Access denied.'
      redirect_to main_app.root_path
    end
  end
end

rails_admin with cancan not catching access denied exception for redirect

Tags:

Devise

Ruby On Rails 5

Rails Admin

Cancancan

Related

Recent Posts