diff options
author | Azul <azul@leap.se> | 2014-07-08 10:24:24 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2014-07-14 10:49:39 +0200 |
commit | cf71d4ef08d88ee85763b258b2738fc26e3ed3eb (patch) | |
tree | 1c378c2f0b3d59cea39ee6ad1f91aeb8f69fa9b8 /app | |
parent | faa31affa8207305e9826e805c3bc08fbe83dd65 (diff) |
separate login_required from access denied response
They are very different. Let's handle them in different methods.
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/controller_extension/authentication.rb | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb index 1f73f38..fae5145 100644 --- a/app/controllers/controller_extension/authentication.rb +++ b/app/controllers/controller_extension/authentication.rb @@ -16,7 +16,7 @@ module ControllerExtension::Authentication end def require_login - access_denied unless logged_in? + login_required unless logged_in? end # some actions only make sense if you are not logged in yet. @@ -29,14 +29,24 @@ module ControllerExtension::Authentication def access_denied respond_to do |format| format.html do - if logged_in? - redirect_to home_url, :alert => t(:not_authorized) - else - redirect_to login_url, :alert => t(:not_authorized_login) - end + redirect_to home_url, :alert => t(:not_authorized) end format.json do - render :json => {'error' => t(:not_authorized)}, status: :unprocessable_entity + render :json => {'error' => t(:not_authorized)}, status: :forbidden + end + end + end + + def login_required + respond_to do |format| + format.html do + redirect_to login_url, alert: t(:not_authorized_login) + end + format.json do + # Warden will intercept the 401 response and call + # SessionController#unauthenticated instead. + render json: {error: t(:not_authorized_login)}, + status: :unauthorized end end end |