Module: Spree::Core::ControllerHelpers::Auth

Extended by:
ActiveSupport::Concern
Included in:
BaseController
Defined in:
lib/spree/core/controller_helpers/auth.rb

Class Attribute Summary collapse

Instance Method Summary collapse

Class Attribute Details

.unauthorized_redirectProc

Extension point for overriding behaviour of access denied errors. Default behaviour is to redirect back or to “/unauthorized” with a flash message.

Returns:

  • (Proc)

    action to take when access denied error is raised.



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/spree/core/controller_helpers/auth.rb', line 18

included do
  before_action :set_guest_token
  helper_method :try_spree_current_user

  class_attribute :unauthorized_redirect
  self.unauthorized_redirect = -> do
    flash[:error] = I18n.t('spree.authorization_failure')
    if Spree::Config.redirect_back_on_unauthorized
      redirect_back(fallback_location: "/unauthorized")
    else
      Spree::Deprecation.warn <<-WARN.strip_heredoc, caller
        Having Spree::Config.redirect_back_on_unauthorized set
        to `false` is deprecated and will not be supported in Solidus 3.0.

        Please change this configuration to `true` and be sure that your
        application does not break trying to redirect back when there is
        an unauthorized access.
      WARN

      redirect_to "/unauthorized"
    end
  end

  rescue_from CanCan::AccessDenied do
    instance_exec(&unauthorized_redirect)
  end
end

Instance Method Details

#current_abilityObject

Needs to be overriden so that we use Spree’s Ability rather than anyone else’s.



47
48
49
 
# File 'lib/spree/core/controller_helpers/auth.rb', line 47

def current_ability
  @current_ability ||= Spree::Ability.new(try_spree_current_user)
end

#redirect_back_or_default(default) ⇒ Object 



51
52
53
54
 
# File 'lib/spree/core/controller_helpers/auth.rb', line 51

def redirect_back_or_default(default)
  redirect_to(session["spree_user_return_to"] || default)
  session["spree_user_return_to"] = nil
end

#set_guest_tokenObject 



56
57
58
59
60
61
62
63
 
# File 'lib/spree/core/controller_helpers/auth.rb', line 56

def set_guest_token
  unless cookies.signed[:guest_token].present?
    cookies.permanent.signed[:guest_token] = Spree::Config[:guest_token_cookie_options].merge(
      value: SecureRandom.urlsafe_base64(nil, false),
      httponly: true
    )
  end
end

#store_locationObject 



65
66
67
 
# File 'lib/spree/core/controller_helpers/auth.rb', line 65

def store_location
  Spree::UserLastUrlStorer.new(self).store_location
end

#try_spree_current_userObject

proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user



71
72
73
74
75
76
77
78
79
80
 
# File 'lib/spree/core/controller_helpers/auth.rb', line 71

def try_spree_current_user
  # This one will be defined by apps looking to hook into Spree
  # As per authentication_helpers.rb
  if respond_to?(:spree_current_user, true)
    spree_current_user
  # This one will be defined by Devise
  elsif respond_to?(:current_spree_user, true)
    current_spree_user
  end
end