New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rename Authentication, User to Controller, Model #268
Conversation
@@ -10,8 +10,10 @@ module User | |||
|
|||
include Validations | |||
include Callbacks | |||
include (Clearance.configuration.password_strategy || | |||
Clearance::PasswordStrategies::BCrypt) | |||
include ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Space before (
I like the information the old names provided. I think the main issue was that Clearance itself has multiple controllers, and they don't descend from I think If we do rename classes from the public API, do we want to include deprecated fallbacks under the old names? I know clearance is technically not 1.0 yet, but there are a lot of applications out there that will break if we rename these. |
Right, this was the issue I was trying to address. Also, it's not the entire contents of the I don't feel strongly about this change. I wanted to make the change to see what it looked and felt like and am seeking feedback like yours about whether this causes more trouble than it's worth. I also wanted to do it pre-1.0, which we're only one issue or two away from reaching: #243 |
My general feelings about the
How about this?
In order to clarify the authorize vs authenticate debate, we can define the method as |
@jferris Done. Ready for re-review. |
To add a use case to the rescue_from CanCan::AccessDenied do |exception|
if signed_in?
raise
else
# get the user to sign in, since they haven't already done so
authorize
end
end To me, the call to But in the end, it's just one line of code in one base controller, and a comment right next to it suffices to resolve any confusion down the road. |
@jonathanhefner In that use case, would
Alternatively, could you use |
@@ -4,8 +4,14 @@ module Authentication | |||
|
|||
included do | |||
helper_method :current_user, :signed_in?, :signed_out? | |||
hide_action :authorize, :current_user, :current_user=, :deny_access, | |||
:sign_in, :sign_out, :signed_in?, :signed_out? | |||
hide_action( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we just make these methods private, they don't need to be hidden.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@calebthompson If we make them private methods, we get errors like the following:
private method `signed_in?' called for #<ForgeriesController:0x007f8338c2dc48>
private method `current_user=' called for #<Clearance::SessionsController:0x007f833c8bd848>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, that makes sense. Why aren't these in a helper module?
On Sun, Mar 3, 2013 at 7:31 PM, Dan Croak notifications@github.com
wrote:
@@ -4,8 +4,14 @@ module Authentication
included do helper_method :current_user, :signed_in?, :signed_out?
hide_action :authorize, :current_user, :current_user=, :deny_access,
:sign_in, :sign_out, :signed_in?, :signed_out?
@calebthompson If we make them private methods, we get errors like the following:hide_action(
private method `signed_in?' called for #<ForgeriesController:0x007f8338c2dc48> private method `current_user=' called for #<Clearance::SessionsController:0x007f833c8bd848>
Reply to this email directly or view it on GitHub:
https://github.com/thoughtbot/clearance/pull/268/files#r3219887
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure I know what you mean by a helper module. Are you referring to the helper
method?
http://api.rubyonrails.org/classes/AbstractController/Helpers/ClassMethods.html#method-i-helper
If the goal is to make current_user
, signed_in?
, and signed_out?
available to view templates, that's handled by line 6. The other methods are intended to be used by controllers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, that's clear now. Never mind, I should have paid more attention to what the hidden actions were.
On Sun, Mar 3, 2013 at 8:04 PM, Dan Croak notifications@github.com
wrote:
@@ -4,8 +4,14 @@ module Authentication
included do helper_method :current_user, :signed_in?, :signed_out?
hide_action :authorize, :current_user, :current_user=, :deny_access,
:sign_in, :sign_out, :signed_in?, :signed_out?
hide_action(
I'm not sure I know what you mean by a helper module. Are you referring to the
Reply to this email directly or view it on GitHub:helper
method?
http://api.rubyonrails.org/classes/AbstractController/Helpers/ClassMethods.html#method-i-helper
If the goal is to makecurrent_user
,signed_in?
, andsigned_out?
available to view templates, that's handled by line 6. The other methods are intended to be used by controllers.
https://github.com/thoughtbot/clearance/pull/268/files#r3219972
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, cool. No worries. Thanks for the comments. Got me wondering whether this stuff was still necessary on current versions of Rails and refreshed my memory on how hide_action
and module visibility worked.
@croaky Looking at the implementation of |
@jferris Could I get you to re-review this one when you have a moment? |
This looks good to me. |
There has been confusion about the `authorize` method residing in the `Authentication` module: * The `authorize` method performs authorization - it denies access to unauthenticated users. * It is assumed that controllers would override `authorize` for controllers that require specific authentication. * It's sort of strange that `Clearance::Authentication` contains a bunch of authorization logic. So, we: * Split `Clearance::Controller` into `Clearance::Authentication` and `Clearance::Authorization`, both of which get mixed into `Clearance::Controller`. * Mix `Clearance::Controller` into `ApplicationController` in the install generator. Read more: thoughtbot#268 thoughtbot#257
No description provided.