Module: Spree::Core::ControllerHelpers::Auth

Extended by:
ActiveSupport::Concern
Included in:
BaseController
Defined in:
lib/spree/core/controller_helpers/auth.rb

Class Attribute Summary collapse

Instance Method Summary collapse

Class Attribute Details

.unauthorized_redirectProc

Extension point for overriding behaviour of access denied errors. Default behaviour is to redirect back or to “/unauthorized” with a flash message.

Returns:

  • (Proc)

    action to take when access denied error is raised.



18
19
20
21
22
23
24
25
26
27
28
29
30
31
# File 'lib/spree/core/controller_helpers/auth.rb', line 18

included do
  before_action :set_guest_token
  helper_method :spree_current_user

  class_attribute :unauthorized_redirect
  self.unauthorized_redirect = -> do
    flash[:error] = I18n.t('spree.authorization_failure')
    redirect_back(fallback_location: "/unauthorized")
  end

  rescue_from CanCan::AccessDenied do
    instance_exec(&unauthorized_redirect)
  end
end

Instance Method Details

#current_abilityObject

Needs to be overriden so that we use Spree’s Ability rather than anyone else’s.



34
35
36
# File 'lib/spree/core/controller_helpers/auth.rb', line 34

def current_ability
  @current_ability ||= Spree::Ability.new(spree_current_user)
end

#redirect_back_or_default(default) ⇒ Object



38
39
40
41
# File 'lib/spree/core/controller_helpers/auth.rb', line 38

def redirect_back_or_default(default)
  redirect_to(session["spree_user_return_to"] || default)
  session["spree_user_return_to"] = nil
end

#set_guest_tokenObject



43
44
45
46
47
48
49
50
# File 'lib/spree/core/controller_helpers/auth.rb', line 43

def set_guest_token
  unless cookies.signed[:guest_token].present?
    cookies.permanent.signed[:guest_token] = Spree::Config[:guest_token_cookie_options].merge(
      value: SecureRandom.urlsafe_base64(nil, false),
      httponly: true
    )
  end
end

#spree_current_userObject

Auth extensions are expected to define it, otherwise it’s a no-op



57
58
59
# File 'lib/spree/core/controller_helpers/auth.rb', line 57

def spree_current_user
  defined?(super) ? super : nil
end

#store_locationObject



52
53
54
# File 'lib/spree/core/controller_helpers/auth.rb', line 52

def store_location
  Spree::UserLastUrlStorer.new(self).store_location
end