Module: Clearance::Authorization

Extended by:
ActiveSupport::Concern
Included in:
Controller
Defined in:
lib/clearance/authorization.rb

Instance Method Summary collapse

Instance Method Details

#deny_access(flash_message = nil) ⇒ Object

Responds to unauthorized requests in a manner fitting the request format. js, json, and xml requests will receive a 401 with no body. All other formats will be redirected appropriately and can optionally have the flash message set.

When redirecting, the originally requested url will be stored in the session (session[:return_to]), allowing it to be used as a redirect url once the user has successfully signed in.

If there is a signed in user, the request will be redirected according to the value returned from #url_after_denied_access_when_signed_in.

If there is no signed in user, the request will be redirected according to the value returned from #url_after_denied_access_when_signed_out. For the exact redirect behavior, see #redirect_request.

Parameters:

  • flash_message (String) (defaults to: nil)


43
44
45
46
47
48
# File 'lib/clearance/authorization.rb', line 43

def deny_access(flash_message = nil)
  respond_to do |format|
    format.any(:js, :json, :xml) { head :unauthorized }
    format.any { redirect_request(flash_message) }
  end
end

#require_loginObject

Use as a before_action to require a user be signed in to proceed. Clearance::Authentication#signed_in? is used to determine if there is a signed in user or not.

class PostsController < ApplicationController
  before_action :require_login

  def index
    # ...
  end
end


20
21
22
23
24
# File 'lib/clearance/authorization.rb', line 20

def 
  unless signed_in?
    deny_access(I18n.t("flashes.failure_when_not_signed_in"))
  end
end

#url_after_denied_access_when_signed_inString (protected)

Used as the redirect location when #deny_access is called and there is a currently signed in user.

Returns:

  • (String)


108
109
110
# File 'lib/clearance/authorization.rb', line 108

def url_after_denied_access_when_signed_in
  Clearance.configuration.redirect_url
end

#url_after_denied_access_when_signed_outString (protected)

Used as the redirect location when #deny_access is called and there is no currently signed in user.

Returns:

  • (String)


116
117
118
# File 'lib/clearance/authorization.rb', line 116

def url_after_denied_access_when_signed_out
  Clearance.configuration.url_after_denied_access_when_signed_out || 
end