@@ -1,3 +1,8 @@ +* 0.04 - 04/29/2008 + - Fixed issue with access_denied not playing right with restful_authentication's. + Since they really serve a different purpose, I simply renamed it. authorization_denied + also now caches the call to next_authorized_url? + * 0.03 - 04/28/2008 - Added :only_if_logged_in? key since logged_in? can't be tested via :if (scoping) - Added generator option --library-only to allow for "safe" library updating CHANGELOG @@ -189,33 +189,34 @@ module AuthorizedSystem raise "Because restful-authorization extends restful_authentication, AuthenticatedSystem must be included before first before AuthorizedSystem!" unless base.included_modules.include?(AuthenticatedSystem) end - # When <%= users_name %>_authorized_for fails, access_denied stores the current location + # When <%= users_name %>_authorized_for fails, authorization_denied stores the current location # in the session and then handles :redirect_to and :status as described in # the require_authorization documentation. # # It's important to use restful_authentication's redirect_back_or_default # instead of redirect_to to make sure that the workflow can move forward # as well as backward. - def access_denied + def authorization_denied store_location - if status = self.next_authorized_url?(params)[:status] - if self.next_authorized_url?(params)[:url] - render self.next_authorized_url?(params)[:url].merge(:status => status) + next_authorized_url? = self.next_authorized_url?(params) + if status = next_authorized_url?[:status] + if next_authorized_url?[:url] + render next_authorized_url?[:url].merge(:status => status) else render :nothing => true, :status => status end else - if self.next_authorized_url?(params)[:url] - redirect_to(Symbol===self.next_authorized_url?(params)[:url] ? eval(self.next_authorized_url?(params)[:url].to_s) : self.next_authorized_url?(params)[:url]) + if next_authorized_url?[:url] + redirect_to(Symbol===next_authorized_url?[:url] ? eval(next_authorized_url?[:url].to_s) : next_authorized_url?[:url]) else - super + access_denied end end end # This is the before filter called by require_authorization def check_authorization - return access_denied unless self.url_options_authenticate?(params) + return authorization_denied unless self.url_options_authenticate?(params) true end generators/authorized/templates/authorized_system.rb.erb f8bf32a831eb66bcfb7f38d3e139c7ccb1443353 Jonathan Barket jbarket@jonathan-barkets-macbook-pro.local http://github.com/jbarket/restful-authorization/commit/a1c993d29421d6ea200e494a1a38a28cd94bda35 a1c993d29421d6ea200e494a1a38a28cd94bda35 2008-04-29T12:52:53-07:00 2008-04-29T12:52:53-07:00 Fixed overlap with access_denied 7a1fb5387dc4c559f4c9198e95307949641df85e Jonathan Barket jbarket@jonathan-barkets-macbook-pro.local