I’m trying to write sort of a short-and-sweet authentication
permissions system. As it is right now, I know how I think I want it
to work but I’m having trouble making it escape the controller action
that was running if validation fails.

Controller in some action:
if belongs_to_current_user?(@article)
# User must have permission to edit their own article
permission_required(“article”, “edit”)
else
# User must have permission to edit other’s articles
permission_required(“article”, “edit-a”)
end

Application controller:

Denies access to unauthorized users.

def permission_required(cont, code)
unless permission?(cont, code)
flash[:warning] = “You don’t have the permission required for
access to this function”
redirect_to home_url
return false
end
end

The “return false” I have there, I want it cancel processing from the
action in my controller but it only cancels processing from the rest
of the permission_required method.

I’m at a loss as to how to put code safely after calling
permission_required in my controller, without worrying about it
getting executed anyway after the user is redirected.