search

gonzalo-bulnes / simple_token_authentication

Simple (and safe*) token authentication for Rails apps or API with Devise.
GNU General Public License v3.0
1.51k stars 238 forks source link

approach to fallback for controller with if current_user conditional display of data #338

Closed goelinsights closed 6 years ago

goelinsights commented 6 years ago

Wanted to confirm if fallback: :none didn't authenticate at all and fallback: :exception required authentication? if so, there would seem to be a middle condition of fallback: :allow_different_responses_for_auth_vs_non-auth

Trying to figure out if I can authenticate my GET statement conditionally (i.e., it passes and displays one set of public information if not authenticated and displays another set including private information if authenticated).

Use case is my ExampleController#show which sends out an Admin and a Public set of data for a Example Object (this is a JSON API leveraging jbuilder for the view)

Object.rb

# public
:id, :attr1, :attr2

#logged in only, leveraging if current_user
:draft, :hidden_field1, :hidden_field2, :internal_field3

Is this conditional display leveraging current_user possible where you can get the fallback: :exception for #show to display logged_in fields and fallback: :none allowing for a guest access to the public data?

Or do I need to clone #show into #show_public and #show_private? Or is there a better approach?

goelinsights commented 6 years ago

Not sure what happened, but it appears to have spontaneously resolved and didn't have tests in place that caught it prior to the fix...will close until it re-asserts itself.