I am trying to develop a Quote Extention for Spree, allowing customers to upload files to AWS S3.
I would like to "secure" via authentication some of its actions and Spree provides useful helpers to that end, however I couldn't manage to get it to work.
As far as I understood the matter, I have to add this line in the QuotesController.
include Spree::Core::ControllerHelpers::Auth
in my controller, as shown in this gist
Unfortunately, I still get the undefined method error authenticate_user!
For the sake of keeping this thread DRY, you can find more on my question on Spree's repository issue #5794
Any contribution is very welcome. Thank you.
So I could delete the question since it was based upon wrong assumptions, but I rather detail how I managed to solve the authentication of the QuotesController.
Many thanks to @Hates_ and all the people in the Spree IRC for their answers!
The first wrong assumption was in regard to the design of the QuotesController which should be split up in 2 parts one for the customers, one for the shop admin backend. The second wrong assumption was that the include Spree::Core::ControllerHelpers::Auth
was not going to give me the protection I wanted. So here is what I ended up with:
The Admin Side
In Spree, in order to have your controller enjoy the "protection" of the admin of the shop, this controller has to inherit like that Spree::Admin::QuotesController < Spree::Admin::BaseController
. This controller would live in app/controllers/spree/admin/quotes_controller.rb
. This is all you need to "protect" it. Also, it will make your views integrate into the shop's backend nicely.
The Customer Side
It is better, by design, to make another QuotesController using a different namespace app/controllers/spree/quotes_controller.rb
and inheriting like that:
Spree::QuotesController < Spree:Core::BaseController