Module: Spree::Core::ControllerHelpers::Auth Private

Extended by:
ActiveSupport::Concern
Included in:
BaseController
Defined in:
lib/spree/core/controller_helpers/auth.rb

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

Class Attribute Summary collapse

Instance Method Summary collapse

Class Attribute Details

.unauthorized_redirectProc

Extension point for overriding behaviour of access denied errors. Default behaviour is to redirect to “/unauthorized” with a flash message.

Returns:

  • (Proc)

    action to take when access denied error is raised.



14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/spree/core/controller_helpers/auth.rb', line 14

included do
  before_action :set_guest_token
  helper_method :try_spree_current_user

  class_attribute :unauthorized_redirect
  self.unauthorized_redirect = -> do
    flash[:error] = Spree.t(:authorization_failure)
    redirect_to "/unauthorized"
  end

  rescue_from CanCan::AccessDenied do
    instance_exec(&unauthorized_redirect)
  end
end

Instance Method Details

#current_abilityObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Needs to be overriden so that we use Spree’s Ability rather than anyone else’s.



30
31
32
 
# File 'lib/spree/core/controller_helpers/auth.rb', line 30

def current_ability
  @current_ability ||= Spree::Ability.new(try_spree_current_user)
end

#redirect_back_or_default(default) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



34
35
36
37
 
# File 'lib/spree/core/controller_helpers/auth.rb', line 34

def redirect_back_or_default(default)
  redirect_to(session["spree_user_return_to"] || default)
  session["spree_user_return_to"] = nil
end

#set_guest_tokenObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



39
40
41
42
43
 
# File 'lib/spree/core/controller_helpers/auth.rb', line 39

def set_guest_token
  unless cookies.signed[:guest_token].present?
    cookies.permanent.signed[:guest_token] = SecureRandom.urlsafe_base64(nil, false)
  end
end

#store_locationObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'lib/spree/core/controller_helpers/auth.rb', line 45

def store_location
  # disallow return to login, logout, signup pages
  authentication_routes = [:spree_signup_path, :spree_login_path, :spree_logout_path]
  disallowed_urls = []
  authentication_routes.each do |route|
    if respond_to?(route)
      disallowed_urls << send(route)
    end
  end

  disallowed_urls.map!{ |url| url[/\/\w+$/] }
  unless disallowed_urls.include?(request.fullpath)
    session['spree_user_return_to'] = request.fullpath.gsub('//', '/')
  end
end

#try_spree_current_userObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user



63
64
65
66
67
68
69
70
71
72
 
# File 'lib/spree/core/controller_helpers/auth.rb', line 63

def try_spree_current_user
  # This one will be defined by apps looking to hook into Spree
  # As per authentication_helpers.rb
  if respond_to?(:spree_current_user)
    spree_current_user
  # This one will be defined by Devise
  elsif respond_to?(:current_spree_user)
    current_spree_user
            end
end