summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-07-08 10:24:24 +0200
committerAzul <azul@leap.se>2014-07-14 10:49:39 +0200
commitcf71d4ef08d88ee85763b258b2738fc26e3ed3eb (patch)
tree1c378c2f0b3d59cea39ee6ad1f91aeb8f69fa9b8 /app/controllers
parentfaa31affa8207305e9826e805c3bc08fbe83dd65 (diff)
separate login_required from access denied response
They are very different. Let's handle them in different methods.
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/controller_extension/authentication.rb24
1 files changed, 17 insertions, 7 deletions
diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb
index 1f73f38..fae5145 100644
--- a/app/controllers/controller_extension/authentication.rb
+++ b/app/controllers/controller_extension/authentication.rb
@@ -16,7 +16,7 @@ module ControllerExtension::Authentication
end
def require_login
- access_denied unless logged_in?
+ login_required unless logged_in?
end
# some actions only make sense if you are not logged in yet.
@@ -29,14 +29,24 @@ module ControllerExtension::Authentication
def access_denied
respond_to do |format|
format.html do
- if logged_in?
- redirect_to home_url, :alert => t(:not_authorized)
- else
- redirect_to login_url, :alert => t(:not_authorized_login)
- end
+ redirect_to home_url, :alert => t(:not_authorized)
end
format.json do
- render :json => {'error' => t(:not_authorized)}, status: :unprocessable_entity
+ render :json => {'error' => t(:not_authorized)}, status: :forbidden
+ end
+ end
+ end
+
+ def login_required
+ respond_to do |format|
+ format.html do
+ redirect_to login_url, alert: t(:not_authorized_login)
+ end
+ format.json do
+ # Warden will intercept the 401 response and call
+ # SessionController#unauthenticated instead.
+ render json: {error: t(:not_authorized_login)},
+ status: :unauthorized
end
end
end