Sha256: 18fea5c81d5361031db30339ac17a72aa71558b76695144c037509b10e9e4326
Contents?: true
Size: 1.55 KB
Versions: 12
Compression:
Stored size: 1.55 KB
Contents
# frozen_string_literal: true
require "active_support/concern"
module Decidim
# Shared behaviour for controllers that need authorization to work.
module NeedsAuthorization
extend ActiveSupport::Concern
included do
check_authorization
rescue_from CanCan::AccessDenied, with: :user_not_authorized
rescue_from ActionAuthorization::Unauthorized, with: :user_not_authorized
private
# Overwrites `cancancan`'s method to point to the correct ability class,
# since the gem expects the ability class to be in the root namespace.
def current_ability
@current_ability ||= current_ability_klass.new(current_user, ability_context)
end
def current_ability_klass
Decidim::Ability
end
def ability_context
{
current_settings: try(:current_settings),
feature_settings: try(:feature_settings),
current_organization: try(:current_organization),
current_feature: try(:current_feature),
current_participatory_process: try(:current_participatory_process)
}
end
# Handles the case when a user visits a path that is not allowed to them.
# Redirects the user to the root path and shows a flash message telling
# them they are not authorized.
def user_not_authorized
flash[:alert] = t("actions.unauthorized", scope: "decidim.core")
redirect_to(request.referrer || user_not_authorized_path)
end
def user_not_authorized_path
raise NotImplementedError
end
end
end
end
Version data entries
12 entries across 12 versions & 1 rubygems