Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add extension point for handling access denied. #179

Merged
merged 2 commits into from
Jul 16, 2015
Merged

Add extension point for handling access denied. #179

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
219c6c8
Add extension point for handling access denied.
adammathys Jul 15, 2015
4e2bb1f
Add yardoc for unauthorized_redirect attribute.
adammathys Jul 16, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 8 additions & 20 deletions core/lib/spree/core/controller_helpers/auth.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,14 @@ module Auth
before_filter :set_guest_token
helper_method :try_spree_current_user

rescue_from CanCan::AccessDenied do |exception|
redirect_unauthorized_access
class_attribute :unauthorized_redirect
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you provide some documentation for this?

self.unauthorized_redirect = -> do
flash[:error] = Spree.t(:authorization_failure)
redirect_to "/unauthorized"
end

rescue_from CanCan::AccessDenied do
instance_exec &unauthorized_redirect
end
end

Expand Down Expand Up @@ -59,24 +65,6 @@ def try_spree_current_user
nil
end
end

# Redirect as appropriate when an access request fails. The default action is to redirect to the login screen.
# Override this method in your controllers if you want to have special behavior in case the user is not authorized
# to access the requested action. For example, a popup window might simply close itself.
def redirect_unauthorized_access
if try_spree_current_user
flash[:error] = Spree.t(:authorization_failure)
redirect_to '/unauthorized'
else
store_location
if respond_to?(:spree_login_path)
redirect_to spree_login_path
else
redirect_to '/unauthorized'
end
end
end

end
end
end
Expand Down
29 changes: 0 additions & 29 deletions core/spec/lib/spree/core/controller_helpers/auth_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,33 +63,4 @@ def index
expect(controller.try_spree_current_user).to eq nil
end
end

describe '#redirect_unauthorized_access' do
controller(FakesController) do
def index; redirect_unauthorized_access; end
end
context 'when logged in' do
before do
allow(controller).to receive_messages(try_spree_current_user: double('User', id: 1, last_incomplete_spree_order: nil))
end
it 'redirects unauthorized path' do
get :index
expect(response).to redirect_to('/unauthorized')
end
end
context 'when guest user' do
before do
allow(controller).to receive_messages(try_spree_current_user: nil)
end
it 'redirects login path' do
allow(controller).to receive_messages(spree_login_path: '/login')
get :index
expect(response).to redirect_to('/login')
end
it 'redirects root path' do
get :index
expect(response).to redirect_to('/unauthorized')
end
end
end
end