class ApplicationController < ActionController::Base include StrongParams include Pundit AIRBRAKE_IGNORE = [ ActionController::InvalidAuthenticityToken, AbstractController::ActionNotFound ] protect_from_forgery layout :layout_by_resource # Hack to prevent token auth on all pages except atom feed: prepend_before_action -> { redirect_to(new_user_session_path) if params[:token] && params[:token].is_a?(String) && params[:format] != 'atom'} before_action :set_locale before_action -> { EventLog.current_controller = self }, only: [:create, :destroy, :open_id, :cancel, :publish, :change_visibility] # :update before_action :banned? after_action -> { EventLog.current_controller = nil } helper_method :get_owner unless Rails.env.development? rescue_from Exception, with: :render_500 rescue_from ActiveRecord::RecordNotFound, # ActionController::RoutingError, # see: config/routes.rb: ActionController::UnknownController, ActionController::UnknownFormat, AbstractController::ActionNotFound, with: :render_404 end rescue_from Pundit::NotAuthorizedError do |exception| redirect_to forbidden_url, alert: t("flash.exception_message") end rescue_from Grit::NoSuchPathError, with: :not_found def render_404 render_error 404 end protected # Disables access to site for banned users def banned? authorize :user, :banned? # if user_signed_in? && current_user.is_banned? # sign_out current_user # flash[:error] = I18n.t('messages.account_suspended') # redirect_to root_path # end end # For this example, we are simply using token authentication # via parameters. However, anyone could use Rails's token # authentication features to get the token from a header. def authenticate_user! if user = find_user_by_token # Notice we are passing store false, so the user is not # actually stored in the session and a token is needed # for every request. If you want the token to work as a # sign in token, you can simply remove store: false. sign_in user, store: false else super end end def authenticate_user if user = find_user_by_token sign_in user, store: false end end def find_user_by_token user_token = params[:authentication_token].presence if user_token.blank? && request.authorization.present? token, pass = *ActionController::HttpAuthentication::Basic::user_name_and_password(request) user_token = token if pass.blank? end user = user_token && User.find_by_authentication_token(user_token.to_s) end def render_500(e) #check for exceptions Airbrake ignores by default and exclude them from manual Airbrake notification if Rails.env.production? && !AIRBRAKE_IGNORE.include?(e.class) notify_airbrake(e) end render_error 500 end def render_error(status) respond_to do |format| format.json { render json: {status: status, message: t("flash.#{status}_message")}.to_json, status: status } format.all { render file: "public/#{status}.html", status: status, alert: t("flash.#{status}_message"), layout: false, content_type: 'text/html' } end end # Helper method for all controllers def permit_params(param_name, *accessible) (params[param_name] || ActionController::Parameters.new).permit(*accessible.flatten) end def set_locale I18n.locale = check_locale( get_user_locale || (request.env['HTTP_ACCEPT_LANGUAGE'] ? request.env['HTTP_ACCEPT_LANGUAGE'][0,2].downcase : nil )) end def get_user_locale user_signed_in? ? current_user.language : nil end def check_locale(locale) User::LANGUAGES.include?(locale.to_s) ? locale : :en end def get_owner if self.class.method_defined? :parent if parent and (parent.is_a? User or parent.is_a? Group) return parent else return current_user end else params['user_id'] && User.find(params['user_id']) || params['group_id'] && Group.find(params['group_id']) || current_user end end def layout_by_resource if devise_controller? "sessions" else "application" end end def not_found raise ActionController::RoutingError.new('Not Found') end def current_page params[:page] = 1 if params[:page].to_i < 1 params[:page] end end