CanCan auth-fails redirect from backend to frontend login path

[bxt]

So spree_auth_devise already patches Spree::Admin::BaseController#unauthorized such that unauthorized actions go to the backend login form.

However, when the authorization failures come from exceptions from CanCan's authorize! method, spree calls a method named redirect_unauthorized_access. So if you access certain backend features, you might be redirected to the frontend login instead.

Maybe a alias_method :redirect_unauthorized_access, :unauthorized in the admin_controller_decorator would already fix this.

[bxt]

I just found the file lib/controllers/backend/spree/admin/admin_resource_controller_decorator.rb. It extends Spree::Admin::ResourceController to instead use the method unauthorized on CanCan errors, so this actually works in almost all cases.

I guess we have some custom controllers that only inherit from Spree::Admin::BaseController, so they don't get this patch, but they still use CanCan. Maybe it would be better to override the rescue_from in Spree::Admin::BaseController since this is the topmost admin controller which also includes CanCan stuff via Spree::BaseController from core and its concern Spree::Core::ControllerHelpers::Auth.