exception_logger icon indicating copy to clipboard operation
exception_logger copied to clipboard

Published 20 hours ago verified publisher icon QuBiT

Integrating cancan for authorization only works once

Open randomutterings opened this issue 13 years ago • 7 comments

My initializer code.

Myapp::Application.config.after_initialize do LoggedExceptionsController.class_eval do load_and_authorize_resource end end

When logged in as an unauthorized user I get redirected correctly once when the app is restarted but after that I am able to access the logged_exceptions page. I've tried moving this code to application.rb and development.rb (without Myapp::Application) with no success. No matter what I do I can't get the authorization to work more than once when the app is restarted. Any ideas?

randomutterings avatar Mar 26 '11 17:03 randomutterings

I changed out

load_and_authorize_resource

for

authorize_resource :class => false

and I'm just using

can :manage, :logged_exceptions

for some users in my ability class but it still only works once when I restart the application.

randomutterings avatar Mar 26 '11 17:03 randomutterings

A simple :before_filter also only runs the first time in any environment. Could not isolate the cause. Anyone found something out?

henrymazza avatar Apr 23 '11 20:04 henrymazza

No, I abandoned :logged_exceptions in favor of emailing exceptions. This will work for now but once we go public I'll need a more robust solution (one where a minor bug won't flood my inbox). At that point I'll re-evaluate :logged_exceptions and if I can't work out the issue, I'll check out something like hoptoad.

randomutterings avatar Jul 22 '11 16:07 randomutterings

I'm having the exact same issue! before_filter only runs the first time. I'll post back if I find anything but any help is appreciated.

metavida avatar Jul 27 '11 21:07 metavida

In my case I'm trying to integrate exception_logger with Spree, so ended up using app/controllers/logged_exceptions_controller_decorator.rb instead of an initializer & now my before_filter triggers every time.

metavida avatar Jul 27 '11 22:07 metavida

I end up using HTTP Basic Authentication, looks like it's working well.

Metavida, how did you manage to do that?

henrymazza avatar Jul 28 '11 17:07 henrymazza

My solution is probably pretty specific to using Spree. With spree installed, any file that you place in the app directory is automatically loaded or required as appropriate (I think they're using a Rails Engine somehow). Anyway, the following code worked well as a decorator for me.

LoggedExceptionsController.class_eval do
  include SpreeBase
  ssl_required

  layout 'logged_exceptions'

  # Sets the application name for the rss feeds
  self.application_name = "RSS"

  # Including spree auth
  before_filter :spree_authorize_admin

  private

  def spree_authorize_admin
    return if current_user && current_user.has_role?('admin')

    respond_to do |format|
      format.html do
        if current_user
          flash.now[:error] = I18n.t(:authorization_failure)
          render 'shared/unauthorized', :layout => 'logged_exceptions'
        else
          # disallow return to login, logout, signup pages
          disallowed_urls = [signup_url, login_url, destroy_user_session_path]
          disallowed_urls.map!{|url| url[/\/\w+$/]}
          unless disallowed_urls.include?(request.fullpath)
            session["user_return_to"] = request.fullpath
          end
          redirect_to login_path and return
        end
      end
      format.xml do
        request_http_basic_authentication 'Web Password'
      end
      format.json do
        render :text => "Not Authorized \n", :status => 401
      end
    end
  end
end

metavida avatar Jul 28 '11 23:07 metavida