Module: Spree::Core::ControllerHelpers::Auth

Extended by:
ActiveSupport::Concern
Included in:
BaseController
Defined in:
lib/spree/core/controller_helpers/auth.rb

Class Attribute Summary collapse

Instance Method Summary collapse

Class Attribute Details

.unauthorized_redirectProc

Extension point for overriding behaviour of access denied errors. Default behaviour is to redirect to “/unauthorized” with a flash message.

Returns:

  • (Proc)

    action to take when access denied error is raised.



14
15
16
17
18
19
20
21
22
23
24
25
26
27
# File 'lib/spree/core/controller_helpers/auth.rb', line 14

included do
  before_action :set_guest_token
  helper_method :try_spree_current_user

  class_attribute :unauthorized_redirect
  self.unauthorized_redirect = -> do
    flash[:error] = Spree.t(:authorization_failure)
    redirect_to "/unauthorized"
  end

  rescue_from CanCan::AccessDenied do
    instance_exec(&unauthorized_redirect)
  end
end

Instance Method Details

#current_abilityObject

Needs to be overriden so that we use Spree's Ability rather than anyone else's.



30
31
32
# File 'lib/spree/core/controller_helpers/auth.rb', line 30

def current_ability
  @current_ability ||= Spree::Ability.new(try_spree_current_user)
end

#redirect_back_or_default(default) ⇒ Object



34
35
36
37
# File 'lib/spree/core/controller_helpers/auth.rb', line 34

def redirect_back_or_default(default)
  redirect_to(session["spree_user_return_to"] || default)
  session["spree_user_return_to"] = nil
end

#set_guest_tokenObject



39
40
41
42
43
# File 'lib/spree/core/controller_helpers/auth.rb', line 39

def set_guest_token
  unless cookies.signed[:guest_token].present?
    cookies.permanent.signed[:guest_token] = SecureRandom.urlsafe_base64(nil, false)
  end
end

#store_locationObject



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# File 'lib/spree/core/controller_helpers/auth.rb', line 45

def store_location
  # disallow return to login, logout, signup pages
  authentication_routes = [:spree_signup_path, :spree_login_path, :spree_logout_path]
  disallowed_urls = []
  authentication_routes.each do |route|
    if respond_to?(route)
      disallowed_urls << send(route)
    end
  end

  disallowed_urls.map!{ |url| url[/\/\w+$/] }
  unless disallowed_urls.include?(request.fullpath)
    session['spree_user_return_to'] = request.fullpath.gsub('//', '/')
  end
end

#try_spree_current_userObject

proxy method to possible spree_current_user method Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user



63
64
65
66
67
68
69
70
71
72
# File 'lib/spree/core/controller_helpers/auth.rb', line 63

def try_spree_current_user
  # This one will be defined by apps looking to hook into Spree
  # As per authentication_helpers.rb
  if respond_to?(:spree_current_user)
    spree_current_user
  # This one will be defined by Devise
  elsif respond_to?(:current_spree_user)
    current_spree_user
  end
end