0
@@ -42,7 +42,7 @@ Manual Install:
0
 == Steps in using the plugin
0
 
0
 1. At the top of your config/environment.rb create an AUTHORIZATION_MIXIN constant and set it to "object roles" or "hardwired". (See init.rb in this plugin for how the role support is mixed in.)
0
-2. Make sure your application provides a current_user method or something that returns the current user object. Add the constants in environment.rb to set your authentication systemís login page (DEFAULT_REDIRECTION_HASH) and method for storing the current URL for return after authentication (STORE_LOCATION_METHOD). (See authorization.rb in the plugin's /lib directory for the default values of DEFAULT_REDIRECTION_HASH and STORE_LOCATION_METHOD.)
0
+2. Make sure your application provides a current_user method or something that returns the current user object. Add the constants in environment.rb to set your authentication system's login page (LOGIN_REQUIRED_REDIRECTION), permission denied page (PERMISSION_DENIED_REDIRECTION) and method for storing the current URL for return after authentication (STORE_LOCATION_METHOD). (See authorization.rb in the plugin's /lib directory for the default values of LOGIN_REQUIRED_REDIRECTION, PERMISSION_DENIED_REDIRECTION and STORE_LOCATION_METHOD.)
0
 3. If you use the "hardwired" mixin, no database use is required. Otherwise, you'll have to generate a role.rb model (and its associated join table with User) by running "script/generate role_model Role" and doing "rake migrate".
0
 4. Add <tt>acts_as_authorized_user</tt> to your user class.
0
 5. Add <tt>acts_as_authorizable</tt> to the models you want to query for roles.
0
@@ -138,11 +138,13 @@ Parentheses should be used to clarify permissions. Note that you may prefix the
0
 
0
 <tt>:redirect => bool</tt>. default is <tt>true</tt>. If <tt>false</tt>, permit will not redirect to denied page.
0
 
0
-<tt>:redirect_controller => controller</tt> that handles authorization failure (default is 'account')
0
+<tt>:login_required_redirection => path or hash</tt> where user will be redirected if not logged in (default is "{ :controller => 'session', :action => 'new' }")
0
 
0
-<tt>:redirect_action => action</tt> that handles authorization failure (default is 'login')
0
+<tt>:login_required_message => 'my message'</tt> (default is 'Login is required to access the requested page.')
0
 
0
-<tt>:redirect_message => 'my message'</tt>. (default is 'Login is required')
0
+<tt>:permission_denied_redirection => path or hash</tt> where user will be redirected if logged in but not authorized (default is '')
0
+
0
+<tt>:permission_denied_message => 'my message</tt> (default is 'Permission denied. You cannot access the requested page.')
0
 
0
 === Setting and getting the roles
0
 
0
@@ -245,8 +247,8 @@ the login action. This allows the application to return to the desired page afte
0
 If the application doesn't provide this method, the method will not be called.
0
 
0
 The name of the method for storing a location can be modified by changing the constant
0
-STORE_LOCATION_METHOD in environment.rb. Also, the default login page is defined by the
0
-constant DEFAULT_REDIRECTION_HASH in authorization.rb and can be overriden in your environment.rb.
0
+STORE_LOCATION_METHOD in environment.rb. Also, the default login and permission denied pages are defined by the
0
+constants LOGIN_REQUIRED_REDIRECTION and PERMISSION_DENIED_REDIRECTION in authorization.rb and can be overriden in your environment.rb.
0
 
0
 === Conventions
0
 

0
@@ -4,9 +4,16 @@ require File.dirname(__FILE__) + '/publishare/parser'
0
 module Authorization
0
   module Base
0
 
0
-    # Modify these constants in your environment.rb to tailor the plugin to your authentication system
0
-    if not Object.constants.include? "DEFAULT_REDIRECTION_HASH"
0
-      DEFAULT_REDIRECTION_HASH = { :controller => 'account', :action => 'login' }
0
+    # Modify these constants in your environment.rb to tailor the plugin to
0
+    # your authentication system
0
+    if not Object.constants.include? "LOGIN_REQUIRED_REDIRECTION"
0
+      LOGIN_REQUIRED_REDIRECTION = {
0
+        :controller => 'session',
0
+        :action => 'new'
0
+      }
0
+    end
0
+    if not Object.constants.include? "PERMISSION_DENIED_REDIRECTION"
0
+      PERMISSION_DENIED_REDIRECTION = ''
0
     end
0
     if not Object.constants.include? "STORE_LOCATION_METHOD"
0
       STORE_LOCATION_METHOD = :store_location
0
@@ -83,18 +90,17 @@ module Authorization
0
       # Handle redirection within permit if authorization is denied.
0
       def handle_redirection
0
         return if not self.respond_to?( :redirect_to )
0
-        redirection = DEFAULT_REDIRECTION_HASH
0
-        redirection[:controller] = @options[:redirect_controller] if @options[:redirect_controller]
0
-        redirection[:action] = @options[:redirect_action] if @options[:redirect_action]
0
 
0
-        # Store url in session for return if this is available from authentication
0
+        # Store url in session for return if this is available from
0
+        # authentication
0
         send( STORE_LOCATION_METHOD ) if respond_to? STORE_LOCATION_METHOD
0
-        if @current_user
0
-          flash[:notice] = "Permission denied. Your account cannot access the requested page."
0
+        if @current_user && !@current_user.nil? && @current_user != :false
0
+          flash[:notice] = @options[:permission_denied_message] || "Permission denied. You cannot access the requested page."
0
+          redirect_to @options[:permission_denied_redirection] || PERMISSION_DENIED_REDIRECTION
0
         else
0
-          flash[:notice] = @options[:redirect_message] ? @options[:redirect_message] : "Login is required"
0
+          flash[:notice] = @options[:login_required_message] || "Login is required to access the requested page."
0
+          redirect_to @options[:login_required_redirection] || LOGIN_REQUIRED_REDIRECTION
0
         end
0
-        redirect_to redirection
0
         false  # Want to short-circuit the filters
0
       end
0