I have followed the Devise wiki on how to set up a store_user_location! method to redirect back to the previous page after sign_in/sign_out and would like to use this same method for redirecting with Pundit after a user_not_authorized is triggered but I'm not sure what to supply for the "resource_or_scope". Usually this is something Devise supplies in it's callbacks (after_sign_in_path_for(resource_or_scope)). Is it possible to use this same method with Pundit and what do I supply as the resource_or_scope?
def user_not_authorized
flash[:error] = "You are not authorized to perform this action."
stored_location_for(what_goes_here?)
end
I found what I was looking for and the answer to "what_goes_here" is ":user", which I got to from the linked wiki's function:
def store_user_location
# :user is the scope we are authenticating
store_location_for(:user, request.fullpath)
end
Unfortunately, this does not work like I was hoping as my before_action :store_user_location!, if: :storable_location? stores the location attempting to be accessed before it is authorized and if the user ends up being not authorized it just redirects back to the same URL they are not authorized for and an infinite redirect loop ensues.
I also tried the redirect_back fallback: root_path option and for whatever reason, it just always takes me back to the root_path, which I do not like from a usability standpoint.
I'm now looking into other options but it looks like it's going to end up just displaying a 401/404 error page when not authorized and the user can just use their browser's back button.