Module: Spree::Core::ControllerHelpers::Auth

Extended by:: ActiveSupport::Concern

Included in:: BaseController

Defined in:: lib/spree/core/controller_helpers/auth.rb

Instance Method Summary collapse

#current_ability ⇒ Object

Needs to be overriden so that we use Spree’s Ability rather than anyone else’s.
#ensure_api_key ⇒ Object

Need to generate an API key for a user due to some actions potentially requiring authentication to the Spree API.
#redirect_back_or_default(default) ⇒ Object
#store_location ⇒ Object
#try_spree_current_user ⇒ Object

proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user.
#unauthorized ⇒ Object

Redirect as appropriate when an access request fails.

Instance Method Details

#current_ability ⇒ `Object`

Needs to be overriden so that we use Spree’s Ability rather than anyone else’s.



17
18
19

# File 'lib/spree/core/controller_helpers/auth.rb', line 17

def current_ability
  @current_ability ||= Spree::Ability.new(try_spree_current_user)
end

#ensure_api_key ⇒ `Object`

Need to generate an API key for a user due to some actions potentially requiring authentication to the Spree API

# File 'lib/spree/core/controller_helpers/auth.rb', line 64

def ensure_api_key
  if user = try_spree_current_user
    if user.respond_to?(:spree_api_key) && user.spree_api_key.blank?
      user.generate_spree_api_key!
    end
  end
end

#redirect_back_or_default(default) ⇒ `Object`

# File 'lib/spree/core/controller_helpers/auth.rb', line 57

def redirect_back_or_default(default)
  redirect_to(session["spree_user_return_to"] || default)
  session["spree_user_return_to"] = nil
end

#store_location ⇒ `Object`

# File 'lib/spree/core/controller_helpers/auth.rb', line 35

def store_location
  # disallow return to login, logout, signup pages
  authentication_routes = [:spree_signup_path, :spree_login_path, :spree_logout_path]
  disallowed_urls = []
  authentication_routes.each do |route|
    if respond_to?(route)
      disallowed_urls << send(route)
    end
  end

  disallowed_urls.map!{ |url| url[/\/\w+$/] }
  unless disallowed_urls.include?(request.fullpath)
    session['spree_user_return_to'] = request.fullpath.gsub('//', '/')
  end
end

#try_spree_current_user ⇒ `Object`

proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user



53
54
55

# File 'lib/spree/core/controller_helpers/auth.rb', line 53

def try_spree_current_user
  respond_to?(:spree_current_user) ? spree_current_user : nil
end

#unauthorized ⇒ `Object`

Redirect as appropriate when an access request fails. The default action is to redirect to the login screen. Override this method in your controllers if you want to have special behavior in case the user is not authorized to access the requested action. For example, a popup window might simply close itself.

# File 'lib/spree/core/controller_helpers/auth.rb', line 24

def unauthorized
  if try_spree_current_user
    flash[:error] = Spree.t(:authorization_failure)
    redirect_to '/unauthorized'
  else
    store_location
    url = spree.respond_to?(:login_path) ? spree.login_path : spree.root_path
    redirect_to url
  end
end

Module: Spree::Core::ControllerHelpers::Auth

Instance Method Summary collapse

Instance Method Details

#current_ability ⇒ Object

#ensure_api_key ⇒ Object

#redirect_back_or_default(default) ⇒ Object

#store_location ⇒ Object