Rails, CanCan and Best In Place editing

So here is a little gotcha and solution when using CanCan and Best In Place. With the default setup, if CanCan auth fails on a best in place edit you get a redirect to your default “Auth Failed” path and that page then tries to render as javascript.

that does not work all that well!

So here is my simple solution, if we get an auth denied on a XHR request, just return a generic error!

class ApplicationController < ActionController::Base
	protect_from_forgery
	check_authorization

	rescue_from CanCan::AccessDenied do |exception|
		if request.xhr?
			render :json => ['You are not authorised to do that.'], :status => :unprocessable_entity
		else
			redirect_to '/', :alert => exception.message
		end
	end
...
end