Enhance SolidusAdmin authorization with improved redirect mechanism

In scenarios where a user attempts to access a resource, they are not authorized to access, we now handle this by redirecting them to the old admin dashboard as a fallback. This approach serves as an interim solution. As we advance in decoupling the new admin from the old one, we'll reassess and adjust this redirect method to align better with the new system's structure.
solidusio · Sep 29, 2023 · aa0a406 · aa0a406
1 parent 89617d8
commit aa0a406
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/admin/app/controllers/solidus_admin/controller_helpers/authorization.rb b/admin/app/controllers/solidus_admin/controller_helpers/authorization.rb
@@ -18,6 +18,8 @@ def authorize_solidus_admin_user!
 
     authorize! :admin, subject
     authorize! action_name.to_sym, subject
+  rescue CanCan::AccessDenied
+    instance_exec(&Spree::Admin::BaseController.unauthorized_redirect)
   end
 
   def authorization_subject

diff --git a/admin/spec/controllers/solidus_admin/base_controller_spec.rb b/admin/spec/controllers/solidus_admin/base_controller_spec.rb
@@ -15,10 +15,22 @@ def index
       allow_any_instance_of(SolidusAdmin::BaseController).to receive(:spree_current_user).and_return(nil)
     end
 
-    it "redirects to unauthorized" do
+    it "redirects to unauthorized for no user" do
       get :index
       expect(response).to redirect_to '/unauthorized'
     end
+
+    context "with a user without update permission" do
+      before do
+        user = create(:user, email: '[email protected]')
+        allow_any_instance_of(SolidusAdmin::BaseController).to receive(:spree_current_user).and_return(user)
+      end
+
+      it "redirects to unauthorized" do
+        get :index
+        expect(response).to redirect_to '/unauthorized'
+      end
+    end
   end
 
   context "successful request" do