Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unauthorized redirect handling config #6051

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Unauthorized redirect handling config #6051

wants to merge 4 commits into from
+101 −16

Conversation

mamhoff
Copy link
Contributor

@mamhoff mamhoff commented Dec 21, 2024

Summary

This replaces the unauthorized_redirect lambda that can be set on any controller with two configurable classes that are by default both set to the same default Spree::UnauthorizedRedirectHandler. Two, because frontend and backend will require different strategies in many cases (not least in the case of the solidus_auth_devise extension).

Care has been taken to maintain the legacy behavior and print out deprecation warnings.

A big part of the reason is that setting the lamda on the controllers requires loading the controllers, making us need to use a config.to_prepare block as well as making us inadvertently eager-load a lot of code.

Checklist

Check out our PR guidelines for more details.

The following are mandatory for all PRs:

The following are not always needed:

  • 📖 I have updated the README to account for my changes.
  • 📑 I have documented new code with YARD.
  • 🛣️ I have opened a PR to update the guides.
  • ✅ I have added automated tests to cover my changes.
  • 📸 I have attached screenshots to demo visual changes.

@mamhoff mamhoff requested a review from a team as a code owner December 21, 2024 21:18
@github-actions github-actions bot added changelog:solidus_backend Changes to the solidus_backend gem changelog:solidus_core Changes to the solidus_core gem changelog:solidus_admin labels Dec 21, 2024
mamhoff added a commit to mamhoff/solidus_auth_devise that referenced this pull request Dec 21, 2024
@mamhoff
Use Solidus 4.4 Redirect extension points if available
942e1c1 
This makes the `prepare_{frontend,backend}` methods which instantiate
the base controller and the admin base controller, requiring all of
ActionController::Base, unnecessary to call for newer Solidus versions.

Depends on solidusio/solidus#6051
@mamhoff mamhoff mentioned this pull request Dec 21, 2024
Open
3 tasks
mamhoff added a commit to mamhoff/solidus_auth_devise that referenced this pull request Dec 21, 2024
@mamhoff
Use Solidus 4.4 Redirect extension points if available
79f443c 
This makes the `prepare_{frontend,backend}` methods which instantiate
the base controller and the admin base controller, requiring all of
ActionController::Base, unnecessary to call for newer Solidus versions.

Depends on solidusio/solidus#6051
@mamhoff mamhoff force-pushed the unauthorized-redirect-handling-config branch from f24f2ae to 7753b24 Compare December 23, 2024 13:43
forkata
forkata approved these changes Jan 8, 2025
View reviewed changes
Copy link
Contributor

@forkata forkata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @mamhoff! I think there are some failing specs because we're modifying global configuration in one of the specs added, but otherwise this change looks great and it'll make overriding this behaviour much easier on stores that require more granular permissions.

backend/spec/controllers/spree/admin/base_controller_spec.rb Show resolved Hide resolved
@mamhoff mamhoff force-pushed the unauthorized-redirect-handling-config branch 4 times, most recently from 6471920 to c259ad3 Compare January 9, 2025 13:21
mamhoff added 4 commits January 9, 2025 14:35
@mamhoff
Replace unauthorized_redirect lambda with configurable class
52fdda1 
This lambda has to be set on the instantiated class, requiring the
controller it's set on to be autoloaded on boot. Loading a controller
also loads all helpers, and that takes quite a bit of time.

So this comes with a performance benefit, because neither the controller
nor the handler need to be loaded at configuration time.
@mamhoff
Add Configuration option for backend unauthorized redirect handler
5555cd5 
The previous `unauthorized_redirect` can really only be set globally,
but it's a common use case to handle unauthorized access differently for
the admin. This adds a configuration option for the admin base
controller, allowing customizers to set that behavior without having to
patch any controller.
@mamhoff
App template: Do not suggest setting unauthorized_redirect
f3fe5b1 
Customizers can now set their own unauthorized_redirect class with any
behavior from the controller they might need. There's no need for this
suggestion (and the comment is not entirely true either, as the handler
provided does not re-raise the exception, but raises another one).
@mamhoff
Admin: Use configured unauthorized redirect handler
cc0a2eb 
This make sure the admin also uses the configured redirect handler
class.
@mamhoff mamhoff force-pushed the unauthorized-redirect-handling-config branch from c259ad3 to cc0a2eb Compare January 9, 2025 13:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@forkata forkata forkata approved these changes

@adammathys adammathys adammathys approved these changes

@jarednorman jarednorman jarednorman approved these changes

Assignees
No one assigned
Labels
changelog:solidus_admin changelog:solidus_backend Changes to the solidus_backend gem changelog:solidus_core Changes to the solidus_core gem
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mamhoff @jarednorman @adammathys @forkata