Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

CanCan::Unauthorized exception should have redirect_path attribute #811

Open
graysonwright opened this Issue Jan 28, 2013 · 4 comments

Comments

Projects
None yet
3 participants

In many applications, different access violations should redirect to different pages.

e.g. if the user is not signed in and tries to comment on something, they get redirected to the user sign in page. If they are signed in and try to delete someone else's post, they get redirected to the root URL.

This would allow CanCan to take over the functionality of Devise's authenticate_user! method, and consolidate the behavior into the Ability class.

As it is now, authenticate_user! is doing part of the validation as a before filter, and CanCan is doing the rest in a separate file.

qnm commented Mar 20, 2013

@graysonwright Hi, does https://github.com/ryanb/cancan/#3-handle-unauthorized-access cover the functionality you are describing?

Not quite. What I had in mind was adding an attribute to the CanCan::AccessDenied exception so that the application could redirect to different pages in different situations. So instead of:

class ApplicationController < ActionController::Base
  rescue_from CanCan::AccessDenied do |exception|
    redirect_to root_url, :alert => exception.message
  end
end

you could have

class ApplicationController < ActionController::Base
  rescue_from CanCan::AccessDenied do |exception|
    redirect_to exception.redirect_path, :alert => exception.message
  end
end

For example, someone who is not signed in tries to visit a restricted page -- they would be redirected to the sign in page.
Another user without sufficient privileges tries to visit the same page -- they are redirected to the root URL.

Basically, this would move redirection logic into ability.rb

xhoy commented Apr 10, 2014

Dear submitter, Since cancan/raynB hasn't been active for more than 6 months and no body else then ryam himself has commit permissions the cancan project is on a stand still.
Since cancan has several issues including missing support for rails 4 cancan is moving forward to cancancan. More details on: #994

If your feel that your pull request or bug is still applicable (and hasn't been merged in to cancan) it would be really appreciated if you would resubmit it to cancancan (https://github.com/cancancommunity/cancancan)

We hope to see you on the other side!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment