Module: Spree::Core::ControllerHelpers::Auth
- Extended by:
- ActiveSupport::Concern
- Included in:
- BaseController
- Defined in:
- lib/spree/core/controller_helpers/auth.rb
Class Attribute Summary collapse
-
.unauthorized_redirect ⇒ Proc
Extension point for overriding behaviour of access denied errors.
Instance Method Summary collapse
-
#current_ability ⇒ Object
Needs to be overriden so that we use Spree’s Ability rather than anyone else’s.
- #redirect_back_or_default(default) ⇒ Object
- #set_guest_token ⇒ Object
- #store_location ⇒ Object
-
#try_spree_current_user ⇒ Object
proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user.
Class Attribute Details
.unauthorized_redirect ⇒ Proc
Extension point for overriding behaviour of access denied errors. Default behaviour is to redirect to “/unauthorized” with a flash message.
18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 18 included do before_action :set_guest_token helper_method :try_spree_current_user class_attribute :unauthorized_redirect self. = -> do flash[:error] = I18n.t('spree.authorization_failure') redirect_to "/unauthorized" end rescue_from CanCan::AccessDenied do instance_exec(&) end end |
Instance Method Details
#current_ability ⇒ Object
Needs to be overriden so that we use Spree’s Ability rather than anyone else’s.
34 35 36 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 34 def current_ability @current_ability ||= Spree::Ability.new(try_spree_current_user) end |
#redirect_back_or_default(default) ⇒ Object
38 39 40 41 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 38 def redirect_back_or_default(default) redirect_to(session["spree_user_return_to"] || default) session["spree_user_return_to"] = nil end |
#set_guest_token ⇒ Object
43 44 45 46 47 48 49 50 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 43 def set_guest_token unless .signed[:guest_token].present? .permanent.signed[:guest_token] = { value: SecureRandom.urlsafe_base64(nil, false), httponly: true } end end |
#store_location ⇒ Object
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 52 def store_location # disallow return to login, logout, signup pages authentication_routes = [:spree_signup_path, :spree_login_path, :spree_logout_path] disallowed_urls = [] authentication_routes.each do |route| if respond_to?(route) disallowed_urls << send(route) end end disallowed_urls.map!{ |url| url[/\/\w+$/] } unless disallowed_urls.include?(request.fullpath) session['spree_user_return_to'] = request.fullpath.gsub('//', '/') end end |
#try_spree_current_user ⇒ Object
proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user
70 71 72 73 74 75 76 77 78 79 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 70 def try_spree_current_user # This one will be defined by apps looking to hook into Spree # As per authentication_helpers.rb if respond_to?(:spree_current_user, true) spree_current_user # This one will be defined by Devise elsif respond_to?(:current_spree_user, true) current_spree_user end end |