2011-03-09 13:13:36 +00:00
|
|
|
class ApplicationController < ActionController::Base
|
2015-03-12 22:43:13 +00:00
|
|
|
include StrongParams
|
|
|
|
include Pundit
|
|
|
|
|
2014-10-06 20:16:12 +01:00
|
|
|
AIRBRAKE_IGNORE = [
|
|
|
|
ActionController::InvalidAuthenticityToken,
|
|
|
|
AbstractController::ActionNotFound
|
|
|
|
]
|
2012-10-19 12:47:49 +01:00
|
|
|
|
2011-03-09 13:13:36 +00:00
|
|
|
protect_from_forgery
|
2012-01-17 11:48:40 +00:00
|
|
|
|
2011-03-31 00:10:23 +01:00
|
|
|
layout :layout_by_resource
|
2011-10-21 15:57:29 +01:00
|
|
|
|
2012-04-18 16:15:04 +01:00
|
|
|
# Hack to prevent token auth on all pages except atom feed:
|
2015-03-04 23:19:19 +00:00
|
|
|
prepend_before_action -> { redirect_to(new_user_session_path) if params[:token] && params[:token].is_a?(String) && params[:format] != 'atom'}
|
2012-04-18 16:15:04 +01:00
|
|
|
|
2015-03-04 23:19:19 +00:00
|
|
|
before_action :set_locale
|
|
|
|
before_action -> { EventLog.current_controller = self },
|
2014-01-21 04:51:49 +00:00
|
|
|
only: [:create, :destroy, :open_id, :cancel, :publish, :change_visibility] # :update
|
2015-03-12 22:43:13 +00:00
|
|
|
before_action :banned?
|
2015-03-04 23:19:19 +00:00
|
|
|
after_action -> { EventLog.current_controller = nil }
|
2015-04-14 21:37:40 +01:00
|
|
|
after_action :verify_authorized, unless: :devise_controller?
|
|
|
|
skip_after_action :verify_authorized, only: %i(render_500 render_404)
|
2011-10-14 21:45:58 +01:00
|
|
|
|
2011-10-27 13:49:21 +01:00
|
|
|
helper_method :get_owner
|
2012-03-07 18:47:19 +00:00
|
|
|
|
2015-04-01 23:04:53 +01:00
|
|
|
unless Rails.env.development?
|
|
|
|
rescue_from Exception, with: :render_500
|
|
|
|
rescue_from ActiveRecord::RecordNotFound,
|
|
|
|
# ActionController::RoutingError, # see: config/routes.rb:<last line>
|
|
|
|
ActionController::UnknownController,
|
|
|
|
ActionController::UnknownFormat,
|
|
|
|
AbstractController::ActionNotFound, with: :render_404
|
|
|
|
end
|
2012-07-26 10:22:51 +01:00
|
|
|
|
2015-03-12 22:43:13 +00:00
|
|
|
rescue_from Pundit::NotAuthorizedError do |exception|
|
2014-01-21 04:51:49 +00:00
|
|
|
redirect_to forbidden_url, alert: t("flash.exception_message")
|
2012-10-25 10:42:47 +01:00
|
|
|
end
|
|
|
|
|
2014-01-21 04:51:49 +00:00
|
|
|
rescue_from Grit::NoSuchPathError, with: :not_found
|
2012-08-09 15:38:41 +01:00
|
|
|
|
2012-01-17 11:48:40 +00:00
|
|
|
|
2012-10-19 12:47:49 +01:00
|
|
|
def render_404
|
|
|
|
render_error 404
|
|
|
|
end
|
|
|
|
|
2013-03-15 13:35:32 +00:00
|
|
|
protected
|
|
|
|
|
2015-03-12 22:43:13 +00:00
|
|
|
# Disables access to site for banned users
|
|
|
|
def banned?
|
2015-03-19 23:55:50 +00:00
|
|
|
if user_signed_in? && current_user.access_locked?
|
2015-03-19 23:31:41 +00:00
|
|
|
sign_out current_user
|
|
|
|
flash[:error] = I18n.t('devise.failure.locked')
|
|
|
|
redirect_to root_path
|
|
|
|
end
|
2015-03-12 22:43:13 +00:00
|
|
|
end
|
|
|
|
|
2014-04-08 14:00:39 +01:00
|
|
|
# For this example, we are simply using token authentication
|
|
|
|
# via parameters. However, anyone could use Rails's token
|
|
|
|
# authentication features to get the token from a header.
|
|
|
|
def authenticate_user!
|
|
|
|
if user = find_user_by_token
|
|
|
|
# Notice we are passing store false, so the user is not
|
|
|
|
# actually stored in the session and a token is needed
|
|
|
|
# for every request. If you want the token to work as a
|
|
|
|
# sign in token, you can simply remove store: false.
|
|
|
|
sign_in user, store: false
|
|
|
|
else
|
|
|
|
super
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def authenticate_user
|
|
|
|
if user = find_user_by_token
|
|
|
|
sign_in user, store: false
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def find_user_by_token
|
|
|
|
user_token = params[:authentication_token].presence
|
|
|
|
if user_token.blank? && request.authorization.present?
|
|
|
|
token, pass = *ActionController::HttpAuthentication::Basic::user_name_and_password(request)
|
|
|
|
user_token = token if pass.blank?
|
|
|
|
end
|
|
|
|
user = user_token && User.find_by_authentication_token(user_token.to_s)
|
|
|
|
end
|
|
|
|
|
2012-10-19 12:47:49 +01:00
|
|
|
def render_500(e)
|
|
|
|
#check for exceptions Airbrake ignores by default and exclude them from manual Airbrake notification
|
2012-10-19 16:35:19 +01:00
|
|
|
if Rails.env.production? && !AIRBRAKE_IGNORE.include?(e.class)
|
2012-10-19 12:47:49 +01:00
|
|
|
notify_airbrake(e)
|
|
|
|
end
|
2015-04-03 22:06:33 +01:00
|
|
|
Rails.logger.error e.message
|
|
|
|
Rails.logger.error e.backtrace.inspect
|
2012-10-19 12:47:49 +01:00
|
|
|
render_error 500
|
|
|
|
end
|
|
|
|
|
|
|
|
def render_error(status)
|
|
|
|
respond_to do |format|
|
2014-01-21 04:51:49 +00:00
|
|
|
format.json { render json: {status: status, message: t("flash.#{status}_message")}.to_json, status: status }
|
2015-02-02 20:27:53 +00:00
|
|
|
format.all { render file: "public/#{status}.html", status: status,
|
2015-03-05 12:51:54 +00:00
|
|
|
alert: t("flash.#{status}_message"), layout: false, content_type: 'text/html' }
|
2012-10-19 12:47:49 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-03-14 22:54:04 +00:00
|
|
|
# Helper method for all controllers
|
|
|
|
def permit_params(param_name, *accessible)
|
|
|
|
(params[param_name] || ActionController::Parameters.new).permit(*accessible.flatten)
|
|
|
|
end
|
|
|
|
|
2012-01-17 11:48:40 +00:00
|
|
|
def set_locale
|
2012-05-16 18:20:42 +01:00
|
|
|
I18n.locale = check_locale( get_user_locale ||
|
2012-05-17 11:28:58 +01:00
|
|
|
(request.env['HTTP_ACCEPT_LANGUAGE'] ? request.env['HTTP_ACCEPT_LANGUAGE'][0,2].downcase : nil ))
|
2012-01-17 11:48:40 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def get_user_locale
|
|
|
|
user_signed_in? ? current_user.language : nil
|
|
|
|
end
|
|
|
|
|
2012-01-17 11:57:46 +00:00
|
|
|
def check_locale(locale)
|
|
|
|
User::LANGUAGES.include?(locale.to_s) ? locale : :en
|
|
|
|
end
|
|
|
|
|
2012-01-17 11:48:40 +00:00
|
|
|
def get_owner
|
|
|
|
if self.class.method_defined? :parent
|
|
|
|
if parent and (parent.is_a? User or parent.is_a? Group)
|
|
|
|
return parent
|
2011-11-30 12:58:14 +00:00
|
|
|
else
|
2012-01-17 11:48:40 +00:00
|
|
|
return current_user
|
2011-11-30 12:58:14 +00:00
|
|
|
end
|
2012-01-17 11:48:40 +00:00
|
|
|
else
|
2014-03-18 13:58:51 +00:00
|
|
|
params['user_id'] && User.find(params['user_id']) ||
|
|
|
|
params['group_id'] && Group.find(params['group_id']) || current_user
|
2011-10-26 21:57:51 +01:00
|
|
|
end
|
2012-01-17 11:48:40 +00:00
|
|
|
end
|
2011-10-26 21:57:51 +01:00
|
|
|
|
2012-01-17 11:48:40 +00:00
|
|
|
def layout_by_resource
|
2013-08-28 16:15:28 +01:00
|
|
|
if devise_controller?
|
2012-01-17 11:48:40 +00:00
|
|
|
"sessions"
|
|
|
|
else
|
|
|
|
"application"
|
2011-03-31 00:10:23 +01:00
|
|
|
end
|
2012-01-17 11:48:40 +00:00
|
|
|
end
|
2012-07-17 09:02:56 +01:00
|
|
|
|
|
|
|
def not_found
|
|
|
|
raise ActionController::RoutingError.new('Not Found')
|
|
|
|
end
|
2014-05-06 10:51:04 +01:00
|
|
|
|
|
|
|
def current_page
|
|
|
|
params[:page] = 1 if params[:page].to_i < 1
|
|
|
|
|
|
|
|
params[:page]
|
|
|
|
end
|
2011-03-09 13:13:36 +00:00
|
|
|
end
|