rosa-build/app/controllers/application_controller.rb

155 lines
4.6 KiB
Ruby
Raw Normal View History

2011-03-09 13:13:36 +00:00
class ApplicationController < ActionController::Base
2015-03-12 22:43:13 +00:00
include StrongParams
include Pundit
2014-10-06 20:16:12 +01:00
AIRBRAKE_IGNORE = [
ActionController::InvalidAuthenticityToken,
AbstractController::ActionNotFound
]
2012-10-19 12:47:49 +01:00
2011-03-09 13:13:36 +00:00
protect_from_forgery
layout :layout_by_resource
# Hack to prevent token auth on all pages except atom feed:
2015-03-04 23:19:19 +00:00
prepend_before_action -> { redirect_to(new_user_session_path) if params[:token] && params[:token].is_a?(String) && params[:format] != 'atom'}
2015-03-04 23:19:19 +00:00
before_action :set_locale
before_action -> { EventLog.current_controller = self },
2014-01-21 04:51:49 +00:00
only: [:create, :destroy, :open_id, :cancel, :publish, :change_visibility] # :update
2015-03-12 22:43:13 +00:00
before_action :banned?
2015-03-04 23:19:19 +00:00
after_action -> { EventLog.current_controller = nil }
after_action :verify_authorized, unless: :devise_controller?
skip_after_action :verify_authorized, only: %i(render_500 render_404)
helper_method :get_owner
2015-04-01 23:04:53 +01:00
unless Rails.env.development?
rescue_from Exception, with: :render_500
rescue_from ActiveRecord::RecordNotFound,
# ActionController::RoutingError, # see: config/routes.rb:<last line>
ActionController::UnknownController,
ActionController::UnknownFormat,
AbstractController::ActionNotFound, with: :render_404
end
2015-03-12 22:43:13 +00:00
rescue_from Pundit::NotAuthorizedError do |exception|
2014-01-21 04:51:49 +00:00
redirect_to forbidden_url, alert: t("flash.exception_message")
2012-10-25 10:42:47 +01:00
end
2014-01-21 04:51:49 +00:00
rescue_from Grit::NoSuchPathError, with: :not_found
2012-10-19 12:47:49 +01:00
def render_404
render_error 404
end
protected
2015-03-12 22:43:13 +00:00
# Disables access to site for banned users
def banned?
2015-03-19 23:55:50 +00:00
if user_signed_in? && current_user.access_locked?
2015-03-19 23:31:41 +00:00
sign_out current_user
flash[:error] = I18n.t('devise.failure.locked')
redirect_to root_path
end
2015-03-12 22:43:13 +00:00
end
2014-04-08 14:00:39 +01:00
# For this example, we are simply using token authentication
# via parameters. However, anyone could use Rails's token
# authentication features to get the token from a header.
def authenticate_user!
if user = find_user_by_token
# Notice we are passing store false, so the user is not
# actually stored in the session and a token is needed
# for every request. If you want the token to work as a
# sign in token, you can simply remove store: false.
sign_in user, store: false
else
super
end
end
def authenticate_user
if user = find_user_by_token
sign_in user, store: false
end
end
def find_user_by_token
user_token = params[:authentication_token].presence
if user_token.blank? && request.authorization.present?
token, pass = *ActionController::HttpAuthentication::Basic::user_name_and_password(request)
user_token = token if pass.blank?
end
user = user_token && User.find_by_authentication_token(user_token.to_s)
end
2012-10-19 12:47:49 +01:00
def render_500(e)
#check for exceptions Airbrake ignores by default and exclude them from manual Airbrake notification
2012-10-19 16:35:19 +01:00
if Rails.env.production? && !AIRBRAKE_IGNORE.include?(e.class)
2012-10-19 12:47:49 +01:00
notify_airbrake(e)
end
Rails.logger.error e.message
Rails.logger.error e.backtrace.inspect
2012-10-19 12:47:49 +01:00
render_error 500
end
def render_error(status)
respond_to do |format|
2014-01-21 04:51:49 +00:00
format.json { render json: {status: status, message: t("flash.#{status}_message")}.to_json, status: status }
2015-02-02 20:27:53 +00:00
format.all { render file: "public/#{status}.html", status: status,
2015-03-05 12:51:54 +00:00
alert: t("flash.#{status}_message"), layout: false, content_type: 'text/html' }
2012-10-19 12:47:49 +01:00
end
end
# Helper method for all controllers
def permit_params(param_name, *accessible)
(params[param_name] || ActionController::Parameters.new).permit(*accessible.flatten)
end
def set_locale
I18n.locale = check_locale( get_user_locale ||
2012-05-17 11:28:58 +01:00
(request.env['HTTP_ACCEPT_LANGUAGE'] ? request.env['HTTP_ACCEPT_LANGUAGE'][0,2].downcase : nil ))
end
def get_user_locale
user_signed_in? ? current_user.language : nil
end
def check_locale(locale)
User::LANGUAGES.include?(locale.to_s) ? locale : :en
end
def get_owner
if self.class.method_defined? :parent
if parent and (parent.is_a? User or parent.is_a? Group)
return parent
2011-11-30 12:58:14 +00:00
else
return current_user
2011-11-30 12:58:14 +00:00
end
else
params['user_id'] && User.find(params['user_id']) ||
params['group_id'] && Group.find(params['group_id']) || current_user
end
end
def layout_by_resource
2013-08-28 16:15:28 +01:00
if devise_controller?
"sessions"
else
"application"
end
end
def not_found
raise ActionController::RoutingError.new('Not Found')
end
2014-05-06 10:51:04 +01:00
def current_page
params[:page] = 1 if params[:page].to_i < 1
params[:page]
end
2011-03-09 13:13:36 +00:00
end