module Clearance::Authorization
Public Instance Methods
Responds to unauthorized requests in a manner fitting the request format. `js`, `json`, and `xml` requests will receive a 401 with no body. All other formats will be redirected appropriately and can optionally have the flash message set.
When redirecting, the originally requested url will be stored in the session (`session`), allowing it to be used as a redirect url once the user has successfully signed in.
If there is a signed in user, the request will be redirected according to the value returned from {#url_after_denied_access_when_signed_in}.
If there is no signed in user, the request will be redirected according to the value returned from {#url_after_denied_access_when_signed_out}. For the exact redirect behavior, see {#redirect_request}.
@param [String] flash_message
# File lib/clearance/authorization.rb, line 43 def deny_access(flash_message = nil) respond_to do |format| format.any(:js, :json, :xml) { head :unauthorized } format.any { redirect_request(flash_message) } end end
Use as a `before_action` to require a user be signed in to proceed. {Authentication#signed_in?} is used to determine if there is a signed in user or not.
class PostsController < ApplicationController before_action :require_login def index # ... end end
# File lib/clearance/authorization.rb, line 20 def require_login unless signed_in? deny_access(I18n.t("flashes.failure_when_not_signed_in")) end end
Protected Instance Methods
@api private
# File lib/clearance/authorization.rb, line 68 def clear_return_to session[:return_to] = nil end
@api private
# File lib/clearance/authorization.rb, line 95 def path_without_leading_slashes(uri) uri.path.sub(/\A\/+/, "/") end
@api private
# File lib/clearance/authorization.rb, line 80 def redirect_back_or(default) redirect_to(return_to || default) clear_return_to end
@api private
# File lib/clearance/authorization.rb, line 53 def redirect_request(flash_message) store_location if flash_message flash[:alert] = flash_message end if signed_in? redirect_to url_after_denied_access_when_signed_in else redirect_to url_after_denied_access_when_signed_out end end
@api private
# File lib/clearance/authorization.rb, line 86 def return_to if return_to_url uri = URI.parse(return_to_url) path = path_without_leading_slashes(uri) "#{path}?#{uri.query}".chomp("?") + "##{uri.fragment}".chomp("#") end end
@api private
# File lib/clearance/authorization.rb, line 100 def return_to_url session[:return_to] end
@api private
# File lib/clearance/authorization.rb, line 73 def store_location if request.get? session[:return_to] = request.original_fullpath end end
Used as the redirect location when {#deny_access} is called and there is a currently signed in user.
@return [String]
# File lib/clearance/authorization.rb, line 108 def url_after_denied_access_when_signed_in Clearance.configuration.redirect_url end
Used as the redirect location when {#deny_access} is called and there is no currently signed in user.
@return [String]
# File lib/clearance/authorization.rb, line 116 def url_after_denied_access_when_signed_out sign_in_url end