I am trying to install Rack-mini-profiler on my ROR application. I installed the gem and the profiler works great in development but I can't deauthorize specific requests for non admin users. I placed the following code in my ApplicationController before_filter
def authorize_mini_profiler
if current_user.nil?
Rack::MiniProfiler.deauthorize_request
return
elsif is_admin_user
Rack::MiniProfiler.authorize_request
return
end
Rack::MiniProfiler.deauthorize_request
end
In debug I saw that the deauthorize method is called but the profiler is still displayed.
I even tried using this code
def authorize_mini_profiler
Rack::MiniProfiler.deauthorize_request
end
but still, every request by any user displays the profiler.
Does anyone knows what might be the problem?
Well, for those who run into the same problem...
Deeper debugging found that the gem is configured for ignoring the authorization mechanism on init. In order to enable profiling only on some cases (e.g. non production or only for admin users) you need to override the default configuration in application.rb
(or preferably some specific config file):
Rack::MiniProfiler.config.authorization_mode = :whitelist if Rails.env.production?
otherwise the configuration is set to :allowall