balint.erdi-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2009-Feb-04 21:52 UTC
rendering error page for "Unauthorized" from before_filter
Hey all,
I am writing a plugin in which I want to stop the rendering of an
action with an unauthorized response if the user is not authorized to
view the resource. I am using a before filter to achieve this and
inside that before filter I do it like so:
render :text => "Unauthorized!", :status => :unauthorized,
:layout
=> false
The status is properly set since I see the following in the log:
Filter chain halted as [:check_access] rendered_or_redirected.
Completed in 130ms (View: 0, DB: 10) | 401 Unauthorized
So far so good. What I would like to do is to show a user a nice
(static html) error page so he knows what went wrong. Taking my cue
from the rails documentation, I created a file named 401.html and
placed it into the public/ directory of the rails app. However,
instead of this static html file I see the "Unauthorized!" text being
rendered.
I also went into the rails source and tweaked the rescue module a bit
so that I surely get the ''public'' view of the exception:
def rescue_action_without_handler(exception)
(...)
if false && (consider_all_requests_local || local_request?) #
here
rescue_action_locally(exception)
else
rescue_action_in_public(exception)
end
(...)
That did not change anything, either. Am I not doing the proper thing?
Should I throw an exception (which one?) instead of rendering
something and setting the http status code of the response? Or is
rendering from before_filters a syntactic vinegar type of thing?
(probably not).
Thank you for your help in advance,
Balint
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Xie Hanjian
2009-Feb-05 05:54 UTC
Re: rendering error page for "Unauthorized" from before_filter
Hi, Maybe you should try render_optional_error_file Jan * balint.erdi-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org <balint.erdi-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> [2009-02-04 13:52:59 -0800]:> > Hey all, > > I am writing a plugin in which I want to stop the rendering of an > action with an unauthorized response if the user is not authorized to > view the resource. I am using a before filter to achieve this and > inside that before filter I do it like so: > > render :text => "Unauthorized!", :status => :unauthorized, :layout > => false > > The status is properly set since I see the following in the log: > > Filter chain halted as [:check_access] rendered_or_redirected. > Completed in 130ms (View: 0, DB: 10) | 401 Unauthorized > > So far so good. What I would like to do is to show a user a nice > (static html) error page so he knows what went wrong. Taking my cue > from the rails documentation, I created a file named 401.html and > placed it into the public/ directory of the rails app. However, > instead of this static html file I see the "Unauthorized!" text being > rendered. > > I also went into the rails source and tweaked the rescue module a bit > so that I surely get the ''public'' view of the exception: > > def rescue_action_without_handler(exception) > (...) > > if false && (consider_all_requests_local || local_request?) # > here > rescue_action_locally(exception) > else > rescue_action_in_public(exception) > end > (...) > > That did not change anything, either. Am I not doing the proper thing? > Should I throw an exception (which one?) instead of rendering > something and setting the http status code of the response? Or is > rendering from before_filters a syntactic vinegar type of thing? > (probably not). > > Thank you for your help in advance, > Balint > --~--~---------~--~----~------------~-------~--~----~ > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en > -~----------~----~----~----~------~----~------~--~----- jan=callcc{|jan|jan};jan.call(jan)
balint.erdi-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2009-Feb-06 00:31 UTC
Re: rendering error page for "Unauthorized" from before_filter
Hey, Jan, thank you.
Yes, but in fact what you suggest is the "standard procedure" of
rescuing "an exception" for the public view (what I described in my
first post). Rails source code:
(rescue.rb)
def rescue_action_in_public(exception) #:doc:
render_optional_error_file response_code_for_rescue(exception)
end
The problem is that it seems that "rescue_action_without_handler" does
not get called if I set the response status from the before filter.
Anyway, I figured out a way, I have the following in my before filter
now which works great:
render :file => "#{Rails.public_path}/401.html", :status
=> :unauthorized and return
Balint
On Feb 5, 6:54 am, Xie Hanjian
<jan.h....-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:> Hi,
>
> Maybe you should try render_optional_error_file
>
> Jan
>
> * balint.e...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
<balint.e...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> [2009-02-04 13:52:59
-0800]:
>
>
>
>
>
> > Hey all,
>
> > I am writing a plugin in which I want to stop the rendering of an
> > action with an unauthorized response if the user is not authorized to
> > view the resource. I am using a before filter to achieve this and
> > inside that before filter I do it like so:
>
> > render :text => "Unauthorized!", :status =>
:unauthorized, :layout
> > => false
>
> > The status is properly set since I see the following in the log:
>
> > Filter chain halted as [:check_access] rendered_or_redirected.
> > Completed in 130ms (View: 0, DB: 10) | 401 Unauthorized
>
> > So far so good. What I would like to do is to show a user a nice
> > (static html) error page so he knows what went wrong. Taking my cue
> > from the rails documentation, I created a file named 401.html and
> > placed it into the public/ directory of the rails app. However,
> > instead of this static html file I see the "Unauthorized!"
text being
> > rendered.
>
> > I also went into the rails source and tweaked the rescue module a bit
> > so that I surely get the ''public'' view of the
exception:
>
> > def rescue_action_without_handler(exception)
> > (...)
>
> > if false && (consider_all_requests_local ||
local_request?) #
> > here
> > rescue_action_locally(exception)
> > else
> > rescue_action_in_public(exception)
> > end
> > (...)
>
> > That did not change anything, either. Am I not doing the proper thing?
> > Should I throw an exception (which one?) instead of rendering
> > something and setting the http status code of the response? Or is
> > rendering from before_filters a syntactic vinegar type of thing?
> > (probably not).
>
> > Thank you for your help in advance,
> > Balint
> > >
> --
> jan=callcc{|jan|jan};jan.call(jan)
>
> application_pgp-signature_part
> < 1KViewDownload
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---