I do my permission testing, which if that fails it throws match error of a special tagged tuple, which I catch in my generic error catcher here:
# ... snip others
def handle_error({:perm, false}, conn) ,do: do_unauthorized(conn)
# ... snip others
Where do_unauthorized/1 is:
def do_unauthorized(conn) do
ControllerCallbacks.unauthorized(conn)
end
Where unauthorized/1 is:
def unauthorized(conn, _params \\ %{}) do
last_path = case conn.method do
"GET" -> true
_ -> false
end |> case do
false -> nil
true -> conn.request_path <> if byte_size(conn.query_string) > 0 do "?" <> conn.query_string else "" end
end
conn
|> put_session(:last_path, last_path)
|> put_flash(:error, gettext("The current account does not have acces to that location, please log in with an account that does or contact an admin to add access if it is required."))
|> redirect(to: auth_path(conn, :ldap_request))
end
It just gets the location of where they were, the query, stories it, and redirects to the auth controller to have them log in with a better account (which immediately clears the stored path from the conn but stores it in another place internally and will redirect to it if they successfully log in with another account, among some other stuff). This unauthorized/1 function could easily just set a 403 status and render a template though.






















