WIP: Splitting Core::ControllerHelpers up into modules

Fixes solidusio#2079

.travis.yml

@@ -27,6 +27,7 @@ branches:
  - 1-1-stable
  - 1-2-stable
  - master
+ - 2079-refactor-controller-helpers
 rvm:
  - 1.8.7
  - 1.9.3

core/app/controllers/spree/base_controller.rb

@@ -1,5 +1,8 @@
 require 'cancan'
 
 class Spree::BaseController < ApplicationController
- include Spree::Core::ControllerHelpers
+ include Spree::Core::ControllerHelpers::Auth
+ include Spree::Core::ControllerHelpers::RespondWith
+ include Spree::Core::ControllerHelpers::Common
+
 end

core/app/controllers/spree/checkout_controller.rb

@@ -2,7 +2,7 @@ module Spree
  # Handles checkout logic. This is somewhat contrary to standard REST convention since there is not actually a
  # Checkout object. There's enough distinct logic specific to checkout which has nothing to do with updating an
  # order that this approach is waranted.
- class CheckoutController < BaseController
+ class CheckoutController < Spree::StoreController
  ssl_required
 
  before_filter :load_order

core/app/controllers/spree/content_controller.rb

@@ -1,5 +1,5 @@
 module Spree
- class ContentController < BaseController
+ class ContentController < Spree::StoreController
  # Don't serve local files or static assets
  before_filter { render_404 if params[:path] =~ /(\.|\\)/ }
 

core/app/controllers/spree/home_controller.rb

@@ -1,5 +1,5 @@
 module Spree
- class HomeController < BaseController
+ class HomeController < Spree::StoreController
  helper 'spree/products'
  respond_to :html
 

core/app/controllers/spree/locale_controller.rb

@@ -1,5 +1,5 @@
 module Spree
- class LocaleController < BaseController
+ class LocaleController < Spree::StoreController
  def set
  if request.referer && request.referer.starts_with?('http:https://' + request.host)
  session['user_return_to'] = request.referer

core/app/controllers/spree/orders_controller.rb

@@ -1,5 +1,5 @@
 module Spree
- class OrdersController < BaseController
+ class OrdersController < Spree::StoreController
  rescue_from ActiveRecord::RecordNotFound, :with => :render_404
  helper 'spree/products'
 

core/app/controllers/spree/products_controller.rb

@@ -1,5 +1,5 @@
 module Spree
- class ProductsController < BaseController
+ class ProductsController < Spree::StoreController
  before_filter :load_product, :only => :show
  rescue_from ActiveRecord::RecordNotFound, :with => :render_404
  helper 'spree/taxons'

core/app/controllers/spree/states_controller.rb

@@ -1,5 +1,5 @@
 module Spree
- class StatesController < BaseController
+ class StatesController < Spree::StoreController
  ssl_allowed :index
 
  respond_to :js

core/app/controllers/spree/store_controller.rb

@@ -0,0 +1,18 @@
+module Spree
+ class StoreController < Spree::BaseController
+ include Spree::Core::ControllerHelpers::Order
+
+ # Convenience method for firing instrumentation events with the default payload hash
+ def fire_event(name, extra_payload = {})
+ ActiveSupport::Notifications.instrument(name, default_notification_payload.merge(extra_payload))
+ end
+
+ # Creates the hash that is sent as the payload for all notifications. Specific notifications will
+ # add additional keys as appropriate. Override this method if you need additional data when
+ # responding to a notification
+ def default_notification_payload
+ {:user => try_spree_current_user, :order => current_order}
+ end
+ end
+end
+

core/app/controllers/spree/taxons_controller.rb

@@ -1,5 +1,5 @@
 module Spree
- class TaxonsController < BaseController
+ class TaxonsController < Spree::StoreController
  rescue_from ActiveRecord::RecordNotFound, :with => :render_404
  helper 'spree/products'
 

core/lib/spree/core/controller_helpers/auth.rb

@@ -0,0 +1,71 @@
+module Spree
+ module Core
+ module ControllerHelpers
+ module Auth
+ def self.included(base)
+ base.class_eval do
+ include SslRequirement
+
+ helper_method :try_spree_current_user
+
+ rescue_from CanCan::AccessDenied do |exception|
+ return unauthorized
+ end
+
+ # Needs to be overriden so that we use Spree's Ability rather than anyone else's.
+ def current_ability
+ @current_ability ||= Spree::Ability.new(try_spree_current_user)
+ end
+
+ # Redirect as appropriate when an access request fails. The default action is to redirect to the login screen.
+ # Override this method in your controllers if you want to have special behavior in case the user is not authorized
+ # to access the requested action. For example, a popup window might simply close itself.
+ def unauthorized
+ format.html do
+ if try_spree_current_user
+ flash.now[:error] = t(:authorization_failure)
+ render 'spree/shared/unauthorized', :layout => Spree::Config[:layout], :status => 401
+ else
+ store_location
+ url = respond_to?(:spree_login_path) ? spree_login_path : root_path
+ redirect_to url
+ end
+ end
+ format.xml do
+ request_http_basic_authentication 'Web Password'
+ end
+ format.json do
+ render :text => "Not Authorized \n", :status => 401
+ end
+ end
+
+ def store_location
+ # disallow return to login, logout, signup pages
+ authentication_routes = [:spree_signup_path, :spree_login_path, :spree_logout_path]
+ disallowed_urls = []
+ authentication_routes.each do |route|
+ if respond_to?(route)
+ disallowed_urls << send(route)
+ end
+ end
+
+ disallowed_urls.map!{ |url| url[/\/\w+$/] }
+ unless disallowed_urls.include?(request.fullpath)
+ session['user_return_to'] = request.fullpath.gsub('//', '/')
+ end
+ end
+
+ # proxy method to *possible* spree_current_user method
+ # Authentication extensions (such as spree_auth_devise) are meant to provide spree_current_user
+ def try_spree_current_user
+ respond_to?(:spree_current_user) ? spree_current_user : nil
+ end
+
+ def redirect_back_or_default(default)
+ redirect_to(session["user_return_to"] || default)
+ session["user_return_to"] = nil
+ end
+ end
+ end
+ end
+end