I am using Trestle Admin, this is my route:
trestle_path /admin Trestle::Engine
When a user that is not an admin visits the /admin route, I would like CanCanCan to handle it like it handles all of the other unauthorized requests in my app.
The issue though is that I can't figure out how to specify that ability in my ability.rb or I can't figure out where to add an authorize statement to.
When I visit /admin in my app, this is what my log looks like:
Started GET "/admin" for ::1 at 2019-03-31 01:10:01 -0500
Processing by Trestle::DashboardController#index as HTML
Redirected to http://localhost:3000/admin/login
Filter chain halted as :require_authenticated_user rendered or redirected
Completed 302 Found in 13ms (ActiveRecord: 0.0ms)
So all that happens is that it redirects to /admin/login which is how the Trestle engine handles it.
But I would like for CanCanCan to hijack that and handle it like it handles all other unauthorized requests throughout my application via the rule in my application_controller.rb:
rescue_from CanCan::AccessDenied do |exception|
respond_to do |format|
format.json { head :forbidden, content_type: 'text/html' }
format.html { redirect_to main_app.root_url, alert: exception.message }
format.js { head :forbidden, content_type: 'text/html' }
end
end
But, given that it isn't a Model or a controller I defined, I am not sure what to specify in my ability.rb.
I have tried the following, all to no avail:
if user.has_role? :admin
can :manage, :all
else
cannot :read, :trestle
end
or:
if user.has_role? :admin
can :manage, :all
else
cannot :read, :admin
end
Is it possible for me to do what I am trying to do?