Module: Spree::Core::ControllerHelpers::Auth
- Extended by:
- ActiveSupport::Concern
- Included in:
- BaseController
- Defined in:
- lib/spree/core/controller_helpers/auth.rb
Class Attribute Summary collapse
-
.unauthorized_redirect ⇒ Proc
Extension point for overriding behaviour of access denied errors.
Instance Method Summary collapse
-
#current_ability ⇒ Object
Needs to be overriden so that we use Spree’s Ability rather than anyone else’s.
- #redirect_back_or_default(default) ⇒ Object
- #set_guest_token ⇒ Object
- #store_location ⇒ Object
-
#try_spree_current_user ⇒ Object
proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user.
Class Attribute Details
.unauthorized_redirect ⇒ Proc
Extension point for overriding behaviour of access denied errors. Default behaviour is to redirect to “/unauthorized” with a flash message.
14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 14 included do before_filter :set_guest_token helper_method :try_spree_current_user class_attribute :unauthorized_redirect self. = -> do flash[:error] = Spree.t(:authorization_failure) redirect_to "/unauthorized" end rescue_from CanCan::AccessDenied do instance_exec & end end |
Instance Method Details
#current_ability ⇒ Object
Needs to be overriden so that we use Spree’s Ability rather than anyone else’s.
30 31 32 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 30 def current_ability @current_ability ||= Spree::Ability.new(try_spree_current_user) end |
#redirect_back_or_default(default) ⇒ Object
34 35 36 37 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 34 def redirect_back_or_default(default) redirect_to(session["spree_user_return_to"] || default) session["spree_user_return_to"] = nil end |
#set_guest_token ⇒ Object
39 40 41 42 43 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 39 def set_guest_token unless .signed[:guest_token].present? .permanent.signed[:guest_token] = SecureRandom.urlsafe_base64(nil, false) end end |
#store_location ⇒ Object
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 45 def store_location # disallow return to login, logout, signup pages authentication_routes = [:spree_signup_path, :spree_login_path, :spree_logout_path] disallowed_urls = [] authentication_routes.each do |route| if respond_to?(route) disallowed_urls << send(route) end end disallowed_urls.map!{ |url| url[/\/\w+$/] } unless disallowed_urls.include?(request.fullpath) session['spree_user_return_to'] = request.fullpath.gsub('//', '/') end end |
#try_spree_current_user ⇒ Object
proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user
63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/spree/core/controller_helpers/auth.rb', line 63 def try_spree_current_user # This one will be defined by apps looking to hook into Spree # As per authentication_helpers.rb if respond_to?(:spree_current_user) spree_current_user # This one will be defined by Devise elsif respond_to?(:current_spree_user) current_spree_user else nil end end |