rails_admin with cancan not catching access denied exception for redirect

假装没事ソ 提交于 2020-08-27 07:07:05

问题


I am using rails 5, rails_admin, devise and cancancan.

Everything works correctly, but when there is access denied, it shows a 'You are not authorized to access this page' error screen.

I want to redirect to root_path, I've been searching and I only found that I have to write in app/controllers/application_controller.rb this code:

class ApplicationController < ActionController::Base    
    rescue_from CanCan::AccessDenied do |exception|
        redirect_to root_path, :alert => exception.message
    end
end

And I did, but I am still in the error message when not authorised. It does not redirect.

I think the rest of the code must be ok, because it works, but not redirecting to anywhere.

#config/initializers/rails_admin.rb
config.authorize_with :cancan
config.current_user_method(&:current_user)

.

#app/models/ability.rb
class Ability
    include CanCan::Ability

    def initialize(user)

    user ||= User.new # guest user (not logged in)
    if user.admin
        can :access, :rails_admin       # only allow admin users to access Rails Admin
        can :dashboard           
        can :manage, :all
    else
        can :read, :all                   # allow everyone to read everything
    end
  end
end

I saw more people asking the same, but all of them are without answers. I found one with 3 answers, but I don't understand the accepted solution because it really do not explain any solution: Cancan + Devise rescue_from not catching exception


回答1:


It looks like ApplicationController isn't actually a parent of RailsAdmin::MainController by default. So, when RailsAdmin::MainController throws the CanCan::AccessDenied exception, it never actually touches ApplicationController, and the rescue block never kicks in.

You can explicitly declare ApplicationController as the parent for RailsAdmin::MainController in the rails_admin.rb config block with

config.parent_controller = 'ApplicationController' 



回答2:


You can also achieve this by extending the rails_admin controller. This is monkey patching, but can be useful if you don't want to set the parent controller to ApplicationController due to a particular reason.

Add following to config/initializers/rails_admin_cancan.rb file.

require 'rails_admin/main_controller'

module RailsAdmin

  class MainController < RailsAdmin::ApplicationController
    rescue_from CanCan::AccessDenied do |exception|
      flash[:alert] = 'Access denied.'
      redirect_to main_app.root_path
    end
  end
end


来源:https://stackoverflow.com/questions/40387657/rails-admin-with-cancan-not-catching-access-denied-exception-for-redirect

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!