Fixed return_to when authorization gets lost.

2012-12-30 16:34:01 +01:00 · 2012-12-30 16:34:01 +01:00 · 0364562273
parent f6ff422405
commit 0364562273
2 changed files with 9 additions and 3 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -22,7 +22,7 @@ class ApplicationController < ActionController::Base
  helper_method :current_user

  def deny_access
-    self.return_to = request.original_url
+    session[:return_to] = request.original_url
    redirect_to login_url, :alert => 'Access denied!'
  end

@ -33,7 +33,7 @@ class ApplicationController < ActionController::Base
    if !current_user
      # No user at all: redirect to login page.
      session[:user_id] = nil
-      session['return_to'] = request.fullpath
+      session[:return_to] = request.original_url
      redirect_to login_url, :alert => 'Authentication required!'
    else
      # We have an authenticated user, now check role...
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -11,7 +11,13 @@ class SessionsController < ApplicationController
    if user
      session[:user_id] = user.id
      session[:scope] = FoodsoftConfig.scope  # Save scope in session to not allow switching between foodcoops with one account
-      redirect_to session['return_to'] || root_url, :notice => "Logged in!"
+      if session[:return_to].present?
+        redirect_to_url = session[:return_to]
+        session[:return_to] = nil
+      else
+        redirect_to_url = root_url
+      end
+      redirect_to redirect_to_url, :notice => "Logged in!"
    else
      flash.now.alert = "Invalid email or password"
      render "new"