balint.erdi-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2009-Feb-04 21:52 UTC
rendering error page for "Unauthorized" from before_filter
Hey all, I am writing a plugin in which I want to stop the rendering of an action with an unauthorized response if the user is not authorized to view the resource. I am using a before filter to achieve this and inside that before filter I do it like so: render :text => "Unauthorized!", :status => :unauthorized, :layout => false The status is properly set since I see the following in the log: Filter chain halted as [:check_access] rendered_or_redirected. Completed in 130ms (View: 0, DB: 10) | 401 Unauthorized So far so good. What I would like to do is to show a user a nice (static html) error page so he knows what went wrong. Taking my cue from the rails documentation, I created a file named 401.html and placed it into the public/ directory of the rails app. However, instead of this static html file I see the "Unauthorized!" text being rendered. I also went into the rails source and tweaked the rescue module a bit so that I surely get the ''public'' view of the exception: def rescue_action_without_handler(exception) (...) if false && (consider_all_requests_local || local_request?) # here rescue_action_locally(exception) else rescue_action_in_public(exception) end (...) That did not change anything, either. Am I not doing the proper thing? Should I throw an exception (which one?) instead of rendering something and setting the http status code of the response? Or is rendering from before_filters a syntactic vinegar type of thing? (probably not). Thank you for your help in advance, Balint --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Xie Hanjian
2009-Feb-05 05:54 UTC
Re: rendering error page for "Unauthorized" from before_filter
Hi, Maybe you should try render_optional_error_file Jan * balint.erdi-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org <balint.erdi-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> [2009-02-04 13:52:59 -0800]:> > Hey all, > > I am writing a plugin in which I want to stop the rendering of an > action with an unauthorized response if the user is not authorized to > view the resource. I am using a before filter to achieve this and > inside that before filter I do it like so: > > render :text => "Unauthorized!", :status => :unauthorized, :layout > => false > > The status is properly set since I see the following in the log: > > Filter chain halted as [:check_access] rendered_or_redirected. > Completed in 130ms (View: 0, DB: 10) | 401 Unauthorized > > So far so good. What I would like to do is to show a user a nice > (static html) error page so he knows what went wrong. Taking my cue > from the rails documentation, I created a file named 401.html and > placed it into the public/ directory of the rails app. However, > instead of this static html file I see the "Unauthorized!" text being > rendered. > > I also went into the rails source and tweaked the rescue module a bit > so that I surely get the ''public'' view of the exception: > > def rescue_action_without_handler(exception) > (...) > > if false && (consider_all_requests_local || local_request?) # > here > rescue_action_locally(exception) > else > rescue_action_in_public(exception) > end > (...) > > That did not change anything, either. Am I not doing the proper thing? > Should I throw an exception (which one?) instead of rendering > something and setting the http status code of the response? Or is > rendering from before_filters a syntactic vinegar type of thing? > (probably not). > > Thank you for your help in advance, > Balint > --~--~---------~--~----~------------~-------~--~----~ > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en > -~----------~----~----~----~------~----~------~--~----- jan=callcc{|jan|jan};jan.call(jan)
balint.erdi-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2009-Feb-06 00:31 UTC
Re: rendering error page for "Unauthorized" from before_filter
Hey, Jan, thank you. Yes, but in fact what you suggest is the "standard procedure" of rescuing "an exception" for the public view (what I described in my first post). Rails source code: (rescue.rb) def rescue_action_in_public(exception) #:doc: render_optional_error_file response_code_for_rescue(exception) end The problem is that it seems that "rescue_action_without_handler" does not get called if I set the response status from the before filter. Anyway, I figured out a way, I have the following in my before filter now which works great: render :file => "#{Rails.public_path}/401.html", :status => :unauthorized and return Balint On Feb 5, 6:54 am, Xie Hanjian <jan.h....-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi, > > Maybe you should try render_optional_error_file > > Jan > > * balint.e...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org <balint.e...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> [2009-02-04 13:52:59 -0800]: > > > > > > > Hey all, > > > I am writing a plugin in which I want to stop the rendering of an > > action with an unauthorized response if the user is not authorized to > > view the resource. I am using a before filter to achieve this and > > inside that before filter I do it like so: > > > render :text => "Unauthorized!", :status => :unauthorized, :layout > > => false > > > The status is properly set since I see the following in the log: > > > Filter chain halted as [:check_access] rendered_or_redirected. > > Completed in 130ms (View: 0, DB: 10) | 401 Unauthorized > > > So far so good. What I would like to do is to show a user a nice > > (static html) error page so he knows what went wrong. Taking my cue > > from the rails documentation, I created a file named 401.html and > > placed it into the public/ directory of the rails app. However, > > instead of this static html file I see the "Unauthorized!" text being > > rendered. > > > I also went into the rails source and tweaked the rescue module a bit > > so that I surely get the ''public'' view of the exception: > > > def rescue_action_without_handler(exception) > > (...) > > > if false && (consider_all_requests_local || local_request?) # > > here > > rescue_action_locally(exception) > > else > > rescue_action_in_public(exception) > > end > > (...) > > > That did not change anything, either. Am I not doing the proper thing? > > Should I throw an exception (which one?) instead of rendering > > something and setting the http status code of the response? Or is > > rendering from before_filters a syntactic vinegar type of thing? > > (probably not). > > > Thank you for your help in advance, > > Balint > > > > -- > jan=callcc{|jan|jan};jan.call(jan) > > application_pgp-signature_part > < 1KViewDownload--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---