rezoleo · nymous · Jun 12, 2024
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -5,6 +5,19 @@ class ApplicationController < ActionController::Base
 
   before_action :still_authenticated?
 
+  # https://cancancan.dev/handling_access_denied
+  rescue_from CanCan::AccessDenied do |exception|
+    if current_user.nil?
+      session[:redirect_url] = request.fullpath
+      redirect_to root_url, alert: 'You have to log in to continue.'
+    else
+      respond_to do |format|
+        format.json { render nothing: true, status: :not_found }
+        format.html { redirect_to root_url, alert: exception.message }
+      end
+    end
+  end
+
   private
 
   def still_authenticated?

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -5,6 +5,10 @@ def create
     user = User.upsert_from_auth_hash(request.env['omniauth.auth'])
     log_in user
     flash[:success] = 'You are now logged in!'
+    if session[:redirect_url]
+      redirect_to session.delete(:redirect_url)
+      return
+    end
     redirect_to user_path user
   end
 

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -4,6 +4,7 @@ class UsersController < ApplicationController
   protect_from_forgery unless: -> { request.format.json? }
 
   def index
+    authorize! :index, User
     @users = User.accessible_by(current_ability)
   end
 

diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
@@ -14,10 +14,14 @@ def logged_in?
   end
 
   def log_in(user)
+    # Keep redirect_url around when resetting the session
+    next_url = session[:redirect_url]
     reset_session # For security reasons, we clear the session data before login
     session[:user_id] = user.id
+    # TODO: Increase expires_at as the user stays active in the application
     session[:expires_at] = Time.current + SESSION_DURATION_TIME
     session[:groups] = user.groups
+    session[:redirect_url] = next_url if next_url
   end
 
   # TODO: also logout of sso

diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb
@@ -4,7 +4,7 @@
       <li>
         <%= link_to "Lea5", root_path, class: "logo" %>
       </li>
-      <% if logged_in? %>
+      <% if can? :read, User %>
         <li>
           <%= link_to "Users", users_path %>
         </li>

diff --git a/config/routes.rb b/config/routes.rb
@@ -2,9 +2,10 @@
 
 Rails.application.routes.draw do
   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
+  root 'static_pages#home'
+
   get AUTH_CALLBACK_PATH, to: 'sessions#create', as: 'auth_callback'
   delete '/logout', to: 'sessions#destroy', as: 'logout'
-  root 'static_pages#home'
 
   resources :users do
     resources :machines, shallow: true, except: [:index]