Integrating cancan for authorization only works once #13

Open
randomutterings opened this Issue Mar 26, 2011 · 7 comments

Projects

None yet

3 participants

@randomutterings

My initializer code.

Myapp::Application.config.after_initialize do
LoggedExceptionsController.class_eval do
load_and_authorize_resource
end
end

When logged in as an unauthorized user I get redirected correctly once when the app is restarted but after that I am able to access the logged_exceptions page. I've tried moving this code to application.rb and development.rb (without Myapp::Application) with no success. No matter what I do I can't get the authorization to work more than once when the app is restarted. Any ideas?

@randomutterings

I changed out

load_and_authorize_resource

for

authorize_resource :class => false

and I'm just using

can :manage, :logged_exceptions

for some users in my ability class but it still only works once when I restart the application.

@henrymazza

A simple :before_filter also only runs the first time in any environment. Could not isolate the cause. Anyone found something out?

@randomutterings

No, I abandoned :logged_exceptions in favor of emailing exceptions. This will work for now but once we go public I'll need a more robust solution (one where a minor bug won't flood my inbox). At that point I'll re-evaluate :logged_exceptions and if I can't work out the issue, I'll check out something like hoptoad.

@metavida

I'm having the exact same issue! before_filter only runs the first time. I'll post back if I find anything but any help is appreciated.

@metavida

In my case I'm trying to integrate exception_logger with Spree, so ended up using app/controllers/logged_exceptions_controller_decorator.rb instead of an initializer & now my before_filter triggers every time.

@henrymazza

I end up using HTTP Basic Authentication, looks like it's working well.

Metavida, how did you manage to do that?

@metavida

My solution is probably pretty specific to using Spree. With spree installed, any file that you place in the app directory is automatically loaded or required as appropriate (I think they're using a Rails Engine somehow). Anyway, the following code worked well as a decorator for me.

LoggedExceptionsController.class_eval do
  include SpreeBase
  ssl_required

  layout 'logged_exceptions'

  # Sets the application name for the rss feeds
  self.application_name = "RSS"

  # Including spree auth
  before_filter :spree_authorize_admin

  private

  def spree_authorize_admin
    return if current_user && current_user.has_role?('admin')

    respond_to do |format|
      format.html do
        if current_user
          flash.now[:error] = I18n.t(:authorization_failure)
          render 'shared/unauthorized', :layout => 'logged_exceptions'
        else
          # disallow return to login, logout, signup pages
          disallowed_urls = [signup_url, login_url, destroy_user_session_path]
          disallowed_urls.map!{|url| url[/\/\w+$/]}
          unless disallowed_urls.include?(request.fullpath)
            session["user_return_to"] = request.fullpath
          end
          redirect_to login_path and return
        end
      end
      format.xml do
        request_http_basic_authentication 'Web Password'
      end
      format.json do
        render :text => "Not Authorized \n", :status => 401
      end
    end
  end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment