Module: Clearance::Authorization
- Extended by:
- ActiveSupport::Concern
- Included in:
- Controller
- Defined in:
- lib/clearance/authorization.rb
Instance Method Summary collapse
-
#authorize ⇒ Object
deprecated
Deprecated.
use #require_login
-
#deny_access(flash_message = nil) ⇒ Object
Responds to unauthorized requests in a manner fitting the request format.
-
#require_login ⇒ Object
Use as a
before_action
to require a user be signed in to proceed. -
#url_after_denied_access_when_signed_in ⇒ String
protected
Used as the redirect location when #deny_access is called and there is a currently signed in user.
-
#url_after_denied_access_when_signed_out ⇒ String
protected
Used as the redirect location when #deny_access is called and there is no currently signed in user.
Instance Method Details
#authorize ⇒ Object
use #require_login
27 28 29 30 31 32 33 |
# File 'lib/clearance/authorization.rb', line 27 def warn "[DEPRECATION] Clearance's `authorize` before_action is " + "deprecated. Use `require_login` instead. Be sure to update any " + "instances of `skip_before_action :authorize` or " + "`skip_before_action :authorize` as well" require_login end |
#deny_access(flash_message = nil) ⇒ Object
Responds to unauthorized requests in a manner fitting the request format.
js
, json
, and xml
requests will receive a 401 with no body. All
other formats will be redirected appropriately and can optionally have the
flash message set.
When redirecting, the originally requested url will be stored in the
session (session[:return_to]
), allowing it to be used as a redirect url
once the user has successfully signed in.
If there is a signed in user, the request will be redirected according to the value returned from #url_after_denied_access_when_signed_in.
If there is no signed in user, the request will be redirected according to the value returned from #url_after_denied_access_when_signed_out. For the exact redirect behavior, see #redirect_request.
52 53 54 55 56 57 |
# File 'lib/clearance/authorization.rb', line 52 def deny_access( = nil) respond_to do |format| format.any(:js, :json, :xml) { head :unauthorized } format.any { redirect_request() } end end |
#require_login ⇒ Object
Use as a before_action
to require a user be signed in to proceed.
Clearance::Authentication#signed_in? is used to determine if there is a signed in
user or not.
class PostsController < ApplicationController
before_action :require_login
def index
# ...
end
end
20 21 22 23 24 |
# File 'lib/clearance/authorization.rb', line 20 def require_login unless signed_in? deny_access(I18n.t("flashes.failure_when_not_signed_in")) end end |
#url_after_denied_access_when_signed_in ⇒ String (protected)
Used as the redirect location when #deny_access is called and there is a currently signed in user.
111 112 113 |
# File 'lib/clearance/authorization.rb', line 111 def url_after_denied_access_when_signed_in Clearance.configuration.redirect_url end |
#url_after_denied_access_when_signed_out ⇒ String (protected)
Used as the redirect location when #deny_access is called and there is no currently signed in user.
119 120 121 |
# File 'lib/clearance/authorization.rb', line 119 def url_after_denied_access_when_signed_out sign_in_url end |