module Clearance::Authorization

Public Instance Methods

deny_access(flash_message = nil) click to toggle source

Responds to unauthorized requests in a manner fitting the request format. ‘js`, `json`, and `xml` requests will receive a 401 with no body. All other formats will be redirected appropriately and can optionally have the flash message set.

When redirecting, the originally requested url will be stored in the session (‘session`), allowing it to be used as a redirect url once the user has successfully signed in.

If there is a signed in user, the request will be redirected according to the value returned from {#url_after_denied_access_when_signed_in}.

If there is no signed in user, the request will be redirected according to the value returned from {#url_after_denied_access_when_signed_out}. For the exact redirect behavior, see {#redirect_request}.

@param [String] flash_message

# File lib/clearance/authorization.rb, line 43
def deny_access(flash_message = nil)
  respond_to do |format|
    format.any(:js, :json, :xml) { head :unauthorized }
    format.any { redirect_request(flash_message) }
  end
end
require_login() click to toggle source

Use as a ‘before_action` to require a user be signed in to proceed. {Authentication#signed_in?} is used to determine if there is a signed in user or not.

class PostsController < ApplicationController
  before_action :require_login

  def index
    # ...
  end
end
# File lib/clearance/authorization.rb, line 20
def require_login
  unless signed_in?
    deny_access(I18n.t("flashes.failure_when_not_signed_in"))
  end
end

Protected Instance Methods

clear_return_to() click to toggle source

@api private

# File lib/clearance/authorization.rb, line 68
def clear_return_to
  session[:return_to] = nil
end
path_without_leading_slashes(uri) click to toggle source

@api private

# File lib/clearance/authorization.rb, line 95
def path_without_leading_slashes(uri)
  uri.path.sub(/\A\/+/, "/")
end
redirect_back_or(default, **options) click to toggle source

@api private

# File lib/clearance/authorization.rb, line 80
def redirect_back_or(default, **options)
  redirect_to(return_to || default, **options)
  clear_return_to
end
redirect_request(flash_message) click to toggle source

@api private

# File lib/clearance/authorization.rb, line 53
def redirect_request(flash_message)
  store_location

  if flash_message
    flash[:alert] = flash_message
  end

  if signed_in?
    redirect_to url_after_denied_access_when_signed_in
  else
    redirect_to url_after_denied_access_when_signed_out
  end
end
return_to() click to toggle source

@api private

# File lib/clearance/authorization.rb, line 86
def return_to
  if return_to_url
    uri = URI.parse(return_to_url)
    path = path_without_leading_slashes(uri)
    "#{path}?#{uri.query}".chomp("?") + "##{uri.fragment}".chomp("#")
  end
end
return_to_url() click to toggle source

@api private

# File lib/clearance/authorization.rb, line 100
def return_to_url
  session[:return_to]
end
store_location() click to toggle source

@api private

# File lib/clearance/authorization.rb, line 73
def store_location
  if request.get?
    session[:return_to] = request.original_fullpath
  end
end
url_after_denied_access_when_signed_in() click to toggle source

Used as the redirect location when {#deny_access} is called and there is a currently signed in user.

@return [String]

# File lib/clearance/authorization.rb, line 108
def url_after_denied_access_when_signed_in
  Clearance.configuration.redirect_url
end
url_after_denied_access_when_signed_out() click to toggle source

Used as the redirect location when {#deny_access} is called and there is no currently signed in user.

@return [String]

# File lib/clearance/authorization.rb, line 116
def url_after_denied_access_when_signed_out
  Clearance.configuration.url_after_denied_access_when_signed_out || sign_in_url
end