Module: Spree::Core::ControllerHelpers::Auth
- Extended by:
- ActiveSupport::Concern
- Included in:
- BaseController
- Defined in:
- lib/spree/core/controller_helpers/auth.rb
Class Attribute Summary collapse
-
.unauthorized_redirect ⇒ Proc
Extension point for overriding behaviour of access denied errors.
Instance Method Summary collapse
-
#current_ability ⇒ Object
Needs to be overriden so that we use Spree’s Ability rather than anyone else’s.
- #redirect_back_or_default(default) ⇒ Object
- #set_guest_token ⇒ Object
- #store_location ⇒ Object
-
#try_spree_current_user ⇒ Object
proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user.
Class Attribute Details
.unauthorized_redirect ⇒ Proc
Extension point for overriding behaviour of access denied errors. Default behaviour is to redirect back or to “/unauthorized” with a flash message.
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 18 included do before_action :set_guest_token helper_method :try_spree_current_user class_attribute :unauthorized_redirect self. = -> do flash[:error] = I18n.t('spree.authorization_failure') if Spree::Config. redirect_back(fallback_location: "/unauthorized") else Spree::Deprecation.warn <<-WARN.strip_heredoc, caller Having Spree::Config.redirect_back_on_unauthorized set to `false` is deprecated and will not be supported in Solidus 3.0. Please change this configuration to `true` and be sure that your application does not break trying to redirect back when there is an unauthorized access. WARN redirect_to "/unauthorized" end end rescue_from CanCan::AccessDenied do instance_exec(&) end end |
Instance Method Details
#current_ability ⇒ Object
Needs to be overriden so that we use Spree’s Ability rather than anyone else’s.
47 48 49 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 47 def current_ability @current_ability ||= Spree::Ability.new(try_spree_current_user) end |
#redirect_back_or_default(default) ⇒ Object
51 52 53 54 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 51 def redirect_back_or_default(default) redirect_to(session["spree_user_return_to"] || default) session["spree_user_return_to"] = nil end |
#set_guest_token ⇒ Object
56 57 58 59 60 61 62 63 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 56 def set_guest_token unless .signed[:guest_token].present? .permanent.signed[:guest_token] = Spree::Config[:guest_token_cookie_options].merge( value: SecureRandom.urlsafe_base64(nil, false), httponly: true ) end end |
#store_location ⇒ Object
65 66 67 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 65 def store_location Spree::UserLastUrlStorer.new(self).store_location end |
#try_spree_current_user ⇒ Object
proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user
71 72 73 74 75 76 77 78 79 80 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 71 def try_spree_current_user # This one will be defined by apps looking to hook into Spree # As per authentication_helpers.rb if respond_to?(:spree_current_user, true) spree_current_user # This one will be defined by Devise elsif respond_to?(:current_spree_user, true) current_spree_user end end |