Module: Clearance::Authorization

Extended by:

ActiveSupport::Concern

Included in:

Controller

Defined in:

lib/clearance/authorization.rb

Instance Method Summary

• #deny_access(flash_message = nil) ⇒ Object

  Responds to unauthorized requests in a manner fitting the request format.

• #require_login ⇒ Object

  Use as a before_action to require a user be signed in to proceed.

• #url_after_denied_access_when_signed_in ⇒ String protected

  Used as the redirect location when #deny_access is called and there is a currently signed in user.

• #url_after_denied_access_when_signed_out ⇒ String protected

  Used as the redirect location when #deny_access is called and there is no currently signed in user.

Instance Method Details

#deny_access(flash_message = nil) ⇒ Object

Responds to unauthorized requests in a manner fitting the request format. js, json, and xml requests will receive a 401 with no body. All other formats will be redirected appropriately and can optionally have the flash message set.

When redirecting, the originally requested url will be stored in the session (session[:return_to]), allowing it to be used as a redirect url once the user has successfully signed in.

If there is a signed in user, the request will be redirected according to the value returned from #url_after_denied_access_when_signed_in.

If there is no signed in user, the request will be redirected according to the value returned from #url_after_denied_access_when_signed_out. For the exact redirect behavior, see #redirect_request.

Parameters:

• flash_message (String) (defaults to: nil)

# File 'lib/clearance/authorization.rb', line 43

def deny_access(flash_message = nil)
  respond_to do |format|
    format.any(:js, :json, :xml) { head :unauthorized }
    format.any { redirect_request(flash_message) }
  end
end

#require_login ⇒ Object

Use as a before_action to require a user be signed in to proceed. Clearance::Authentication#signed_in? is used to determine if there is a signed in user or not.

class PostsController < ApplicationController
  before_action :require_login

  def index
    # ...
  end
end

# File 'lib/clearance/authorization.rb', line 20

def require_login
  unless signed_in?
    deny_access(I18n.t("flashes.failure_when_not_signed_in"))
  end
end

#url_after_denied_access_when_signed_in ⇒ String (protected)

Used as the redirect location when #deny_access is called and there is a currently signed in user.

Returns:

• (String)

# File 'lib/clearance/authorization.rb', line 108

def url_after_denied_access_when_signed_in
  Clearance.configuration.redirect_url
end

#url_after_denied_access_when_signed_out ⇒ String (protected)

Used as the redirect location when #deny_access is called and there is no currently signed in user.

Returns:

• (String)

# File 'lib/clearance/authorization.rb', line 116

def url_after_denied_access_when_signed_out
  Clearance.configuration.url_after_denied_access_when_signed_out || sign_in_url
end