Module: Controllers::TabAccessDeniable

Extended by:

ActiveSupport::Concern

Included in:

CrmController

Defined in:

app/concerns/controllers/tab_access_deniable.rb

Overview

TabAccessDeniable prevents endless redirect loops when authorization fails on lazy-loaded tab actions.

Problem:
When a tab action uses authorize!(:read, @resource) and the user doesn't have permission,
CanCan raises AccessDenied which triggers a redirect back to the parent page. The parent page
then tries to lazy-load the tab again via Turbo, creating an endless redirect loop.

Solution:
This concern intercepts CanCan::AccessDenied exceptions for tab actions (actions starting with "tab_")
and renders an inline access denied message instead of redirecting.

Usage:
Include this concern in any controller with lazy-loaded tab actions:

class DeliveriesController < CrmController
include Controllers::TabAccessDeniable
# ...
end

Or include it in CrmController to protect all CRM tab actions automatically.

Tab actions should continue using authorize! normally:

def tab_main
authorize!(:read, @delivery)
render layout: should_render_layout?
end