Contents

module Locomotive
  module Concerns
    module AuthorizationController

      extend ActiveSupport::Concern
      include Pundit::Authorization

      included do
        rescue_from Pundit::NotAuthorizedError, with: :render_access_denied
      end

      private

      def render_access_denied(exception)
        ::Locomotive.log "[AccessDenied] #{exception.inspect}"

        message = I18n.t('locomotive.errors.access_denied.message')

        if request.xhr?
          render json: { error: message }, status: 401, layout: false
        else
          flash[:alert] = message
          redirect_to current_site? ? dashboard_path(current_site) : sites_path
        end
      end

      def pundit_user
        current_membership
      end

    end
  end
end

Version data entries

2 entries across 2 versions & 1 rubygems

Version	Path
locomotivecms-4.2.0.alpha2	app/controllers/locomotive/concerns/authorization_controller.rb
locomotivecms-4.2.0.alpha1	app/controllers/locomotive/concerns/authorization_controller.rb