Permalink
Browse files

Rip out auth component, provide facilities for custom authentication

  • Loading branch information...
1 parent 84dca67 commit 3142e7d0ecb1ab1a433c6889bbc132587e4795ab @radar radar committed May 8, 2012
No changes.
@@ -3,4 +3,46 @@
class Spree::BaseController < ApplicationController
include Spree::Core::ControllerHelpers
include Spree::Core::RespondWith
+
+ # graceful error handling for cancan authorization exceptions
+ rescue_from CanCan::AccessDenied do |exception|
+ return unauthorized
+ end
+
+ private
+
+ def current_spree_user
+ if Spree.user_class && Spree.current_user_method
+ send(Spree.current_user_method)
+ else
+ Object.new
+ end
+ end
+
+ # Needs to be overriden so that we use Spree's Ability rather than anyone else's.
+ def current_ability
+ @current_ability ||= Spree::Ability.new(current_spree_user)
+ end
+ # Redirect as appropriate when an access request fails. The default action is to redirect to the login screen.
+ # Override this method in your controllers if you want to have special behavior in case the user is not authorized
+ # to access the requested action. For example, a popup window might simply close itself.
+ def unauthorized
+ respond_to do |format|
+ format.html do
+ if current_user
+ flash.now[:error] = t(:authorization_failure)
+ render 'spree/shared/unauthorized', :layout => '/spree/layouts/spree_application', :status => 401
+ else
+ store_location
+ redirect_to spree.login_path and return
+ end
+ end
+ format.xml do
+ request_http_basic_authentication 'Web Password'
+ end
+ format.json do
+ render :text => "Not Authorized \n", :status => 401
+ end
+ end
+ end
end
@@ -0,0 +1,2 @@
+Spree.user_class = "<%= class_name %>"
+Spree.current_user_method = "current_<%= class_name.downcase %>"

0 comments on commit 3142e7d

Please sign in to comment.