Module: Spree::Core::ControllerHelpers::Auth
- Extended by:
- ActiveSupport::Concern
- Included in:
- BaseController
- Defined in:
- lib/spree/core/controller_helpers/auth.rb
Class Attribute Summary collapse
-
.unauthorized_redirect ⇒ Proc
Extension point for overriding behaviour of access denied errors.
Instance Method Summary collapse
-
#current_ability ⇒ Object
Needs to be overriden so that we use Spree's Ability rather than anyone else's.
- #redirect_back_or_default(default) ⇒ Object
- #set_guest_token ⇒ Object
-
#spree_current_user ⇒ Object
Auth extensions are expected to define it, otherwise it's a no-op.
- #store_location ⇒ Object
-
#try_spree_current_user ⇒ Object
proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user.
Class Attribute Details
.unauthorized_redirect ⇒ Proc
Extension point for overriding behaviour of access denied errors. Default behaviour is to redirect back or to “/unauthorized” with a flash message.
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 18 included do before_action :set_guest_token helper_method :try_spree_current_user helper_method :spree_current_user class_attribute :unauthorized_redirect self. = -> do flash[:error] = I18n.t('spree.authorization_failure') redirect_back(fallback_location: "/unauthorized") end rescue_from CanCan::AccessDenied do instance_exec(&) end end |
Instance Method Details
#current_ability ⇒ Object
Needs to be overriden so that we use Spree's Ability rather than anyone else's.
35 36 37 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 35 def current_ability @current_ability ||= Spree::Ability.new(spree_current_user) end |
#redirect_back_or_default(default) ⇒ Object
39 40 41 42 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 39 def redirect_back_or_default(default) redirect_to(session["spree_user_return_to"] || default) session["spree_user_return_to"] = nil end |
#set_guest_token ⇒ Object
44 45 46 47 48 49 50 51 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 44 def set_guest_token unless .signed[:guest_token].present? .permanent.signed[:guest_token] = Spree::Config[:guest_token_cookie_options].merge( value: SecureRandom.urlsafe_base64(nil, false), httponly: true ) end end |
#spree_current_user ⇒ Object
Auth extensions are expected to define it, otherwise it's a no-op
58 59 60 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 58 def spree_current_user defined?(super) ? super : nil end |
#store_location ⇒ Object
53 54 55 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 53 def store_location Spree::UserLastUrlStorer.new(self).store_location end |
#try_spree_current_user ⇒ Object
proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user
64 65 66 67 68 69 70 71 72 73 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 64 def try_spree_current_user # This one will be defined by apps looking to hook into Spree # As per authentication_helpers.rb if respond_to?(:spree_current_user, true) spree_current_user # This one will be defined by Devise elsif respond_to?(:current_spree_user, true) current_spree_user end end |