Module: Spree::Core::ControllerHelpers::Auth

Extended by:

ActiveSupport::Concern

Included in:

BaseController

Defined in:

app/helpers/spree/core/controller_helpers/auth.rb

Class Attribute Summary

• .unauthorized_redirect ⇒ Proc

  Extension point for overriding behaviour of access denied errors.

Instance Method Summary

• #current_ability ⇒ Object

  Needs to be overriden so that we use Spree’s Ability rather than anyone else’s.

• #handle_unauthorized_access ⇒ Object
• #redirect_back_or_default(default) ⇒ Object
• #set_guest_token ⇒ Object
• #spree_current_user ⇒ Object

  Auth extensions are expected to define it, otherwise it’s a no-op.

• #store_location ⇒ Object

Class Attribute Details

.unauthorized_redirect ⇒ Proc

Extension point for overriding behaviour of access denied errors. Default behaviour is to redirect back or to “/unauthorized” with a flash message.

Returns:

• (Proc) —

  action to take when access denied error is raised.

# File 'app/helpers/spree/core/controller_helpers/auth.rb', line 18

included do
  before_action :set_guest_token
  helper_method :spree_current_user

  class_attribute :unauthorized_redirect
  deprecate :unauthorized_redirect= => "Use a custom Spree::Config.unauthorized_redirect_handler_class instead", :deprecator => Spree.deprecator

  rescue_from CanCan::AccessDenied, with: :handle_unauthorized_access
end

Instance Method Details

#current_ability ⇒ Object

Needs to be overriden so that we use Spree’s Ability rather than anyone else’s.

# File 'app/helpers/spree/core/controller_helpers/auth.rb', line 29

def current_ability
  @current_ability ||= Spree::Ability.new(spree_current_user)
end

#handle_unauthorized_access ⇒ Object

# File 'app/helpers/spree/core/controller_helpers/auth.rb', line 56

def handle_unauthorized_access
  if unauthorized_redirect
    instance_exec(&unauthorized_redirect)
  else
    Spree::Config.unauthorized_redirect_handler_class.new(self).call
  end
end

#redirect_back_or_default(default) ⇒ Object

# File 'app/helpers/spree/core/controller_helpers/auth.rb', line 33

def redirect_back_or_default(default)
  redirect_to(session["spree_user_return_to"] || default)
  session["spree_user_return_to"] = nil
end

#set_guest_token ⇒ Object

# File 'app/helpers/spree/core/controller_helpers/auth.rb', line 38

def set_guest_token
  if cookies.signed[:guest_token].blank?
    cookies.permanent.signed[:guest_token] = Spree::Config[:guest_token_cookie_options].merge(
      value: SecureRandom.urlsafe_base64(nil, false),
      httponly: true
    )
  end
end

#spree_current_user ⇒ Object

Auth extensions are expected to define it, otherwise it’s a no-op

# File 'app/helpers/spree/core/controller_helpers/auth.rb', line 52

def spree_current_user
  defined?(super) ? super : nil
end

#store_location ⇒ Object

# File 'app/helpers/spree/core/controller_helpers/auth.rb', line 47

def store_location
  Spree::UserLastUrlStorer.new(self).store_location
end