In a project I’m working on I’m using spree as a mountable engine. The host application has its own administration area, and I wanted to share the spree authentication with my app.
Spree uses devise to handle authentication. The code which is responsible for the authentication part of the app is in the auth module of Spree.
To share authentication with your application you have to:
- setup devise in your routes.rb file. I copied this code from the routes.rb file included in the spree/auth module:
before_filter :authenticate_user!to the controller you want to be protected.
This way you’re setup with authentication; it’s time to move on with authorization.
load_and_authorize_resource!to the controller you want to be protected.
register new abilities to the Spree CanCan configuration using the
register_abilitymethod. Here is an example:
- add to your
application_controller.rbfile the code needed to handle authorization exceptions:
And you’re done!