Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support authorization error flash messages when using turbo frames and streams? #751

Closed
nickjj opened this issue Nov 30, 2022 · 6 comments
Closed

Support authorization error flash messages when using turbo frames and streams? #751

nickjj opened this issue Nov 30, 2022 · 6 comments

Comments

@nickjj
Copy link

nickjj commented Nov 30, 2022
edited
Loading

In a perfect world I would like to do something like this:

  def user_not_authorized
    respond_to do |format|
      format.html do
        flash[:alert] = "You are not authorized to perform this action."
        redirect_back(fallback_location: root_path)
      end
      format.turbo_stream do
        flash.now[:alert] = "You are not authorized to perform this action."
        turbo_stream.prepend "flash", partial: "shared/flash"
      end
    end
  end

And then if someone tried to perform an action they can't do, they would get a flash message on their current page / frame without a redirect.

With the above code using Pundit v2.2.0, on authorization failure no alert message gets shown and no redirect happens. The request gets executed as the html format which I verified by printing a message to the terminal in that block.

As is Pundit doesn’t send the request as a turbo_stream so that format never gets a chance to execute. Is there a current workaround or official plans to support Hotwire Turbo Frames and Steams given it's a Rails 7 default?

Thanks!
@wafcio
Copy link

wafcio commented Jan 26, 2023

I think, it isn't connected with Pundit because of no view layer in this gem and the whole view part is on the application side.

@nickjj
Copy link
Author

nickjj commented Jan 26, 2023

@wafcio there's documentation in https://github.com/varvet/pundit#rescuing-a-denied-authorization-in-rails referencing code that doesn't work in Rails when using Turbo. It could be useful to have an up to date example.

@wafcio
Copy link

wafcio commented Jan 26, 2023

@nickjj so it is only about adapting example code. It doesn't require any changes in gem.

@rmaspero
Copy link

rmaspero commented Feb 7, 2023

Looks like in part the issue is that the format isn't set by the time the rescue from is called as per this SO.

@laptopmutia
Copy link

laptopmutia commented May 26, 2023
edited
Loading

I think this issue is better of as an discussion or stackoverflow question its about how to not should do

pundit is just plain old ruby

currently turbo doesn't support rendering notice on redirect hotwired/turbo#897

the best think you could do is implement 403 and do a full page reload
https://turbo.hotwired.dev/handbook/drive#ensuring-specific-pages-trigger-a-full-reload
this is the same problem as session timeout I think

and also the example in readme is taken from this I think

https://guides.rubyonrails.org/action_controller_overview.html#rescue-from

as for me I think currently my plan is just do full page render from public folder liek when rails handle 404 or 500

@Burgestrand
Copy link
Member

I feel this is outside the scope of what Pundit wants to tell you to do. Moving this to a discussion instead.

@Burgestrand Burgestrand closed this as not planned Won't fix, can't repro, duplicate, stale Jul 17, 2023
@varvet varvet locked and limited conversation to collaborators Jul 17, 2023
@Burgestrand Burgestrand converted this issue into discussion #783 Jul 17, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Burgestrand @nickjj @wafcio @rmaspero @laptopmutia