Module: Clearance::Authorization

Extended by:
ActiveSupport::Concern
Included in:
Controller
Defined in:
lib/clearance/authorization.rb

Instance Method Summary collapse

Instance Method Details

#authorizeObject

Deprecated.

27
28
29
30
31
32
33
# File 'lib/clearance/authorization.rb', line 27

def authorize
  warn "[DEPRECATION] Clearance's `authorize` before_filter is " +
    "deprecated. Use `require_login` instead. Be sure to update any " +
    "instances of `skip_before_filter :authorize` or " +
    "`skip_before_action :authorize` as well"
  
end

#deny_access(flash_message = nil) ⇒ Object

Responds to unauthorized requests in a manner fitting the request format. js, json, and xml requests will receive a 401 with no body. All other formats will be redirected appropriately and can optionally have the flash message set.

When redirecting, the originally requested url will be stored in the session (session[:return_to]), allowing it to be used as a redirect url once the user has successfully signed in.

If there is a signed in user, the request will be redirected according to the value returned from #url_after_denied_access_when_signed_in.

If there is no signed in user, the request will be redirected according to the value returned from #url_after_denied_access_when_signed_out. For the exact redirect behavior, see #redirect_request.

Parameters:

  • flash_message (String) (defaults to: nil)

52
53
54
55
56
57
# File 'lib/clearance/authorization.rb', line 52

def deny_access(flash_message = nil)
  respond_to do |format|
    format.any(:js, :json, :xml) { head :unauthorized }
    format.any { redirect_request(flash_message) }
  end
end

#require_loginObject

Use as a before_action to require a user be signed in to proceed. Clearance::Authentication#signed_in? is used to determine if there is a signed in user or not.

class PostsController < ApplicationController
  before_action :require_login

  def index
    # ...
  end
end

20
21
22
23
24
# File 'lib/clearance/authorization.rb', line 20

def 
  unless signed_in?
    deny_access
  end
end

#url_after_denied_access_when_signed_inString (protected)

Used as the redirect location when #deny_access is called and there is a currently signed in user.

Returns:

  • (String)

111
112
113
# File 'lib/clearance/authorization.rb', line 111

def url_after_denied_access_when_signed_in
  Clearance.configuration.redirect_url
end

#url_after_denied_access_when_signed_outString (protected)

Used as the redirect location when #deny_access is called and there is no currently signed in user.

Returns:

  • (String)

119
120
121
# File 'lib/clearance/authorization.rb', line 119

def url_after_denied_access_when_signed_out
  
end