metamaps--metamaps/app/controllers/application_controller.rb

84 lines
2 KiB
Ruby
Raw Permalink Normal View History

2016-09-24 03:00:46 +00:00
# frozen_string_literal: true
2012-09-23 02:39:12 +00:00
class ApplicationController < ActionController::Base
2016-03-25 04:26:07 +00:00
include ApplicationHelper
2016-02-13 09:28:09 +00:00
include Pundit
2016-03-11 22:37:32 +00:00
include PunditExtra
2016-03-11 13:35:48 +00:00
rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
protect_from_forgery(with: :exception)
2015-11-03 14:22:53 +00:00
2016-09-24 04:27:34 +00:00
before_action :invite_link
before_action :prepare_exception_notifier
2016-02-19 01:23:39 +00:00
after_action :allow_embedding
2016-03-25 04:26:07 +00:00
def default_serializer_options
{ root: false }
end
# this is for global login
include ContentHelper
2015-12-22 18:16:03 +00:00
2012-09-23 02:39:12 +00:00
helper_method :user
helper_method :authenticated?
helper_method :admin?
2015-12-22 18:16:03 +00:00
2016-03-11 13:35:48 +00:00
def handle_unauthorized
2016-12-13 03:28:10 +00:00
if authenticated? && (params[:controller] == 'maps') && (params[:action] == 'show')
redirect_to request_access_map_path(params[:id])
elsif authenticated?
2016-10-08 04:26:08 +00:00
redirect_to root_path, notice: "You don't have permission to see that page."
else
store_location_for(resource, request.fullpath)
2016-10-19 04:40:52 +00:00
redirect_to sign_in_path, notice: 'Try signing in to do that.'
end
2016-03-11 13:35:48 +00:00
end
2016-03-25 04:26:07 +00:00
private
2012-09-23 02:39:12 +00:00
2016-09-24 04:27:34 +00:00
def invite_link
@invite_link = "#{request.base_url}/join" + (current_user ? "?code=#{current_user.code}" : '')
2016-03-29 14:34:47 +00:00
end
2012-09-23 02:39:12 +00:00
def require_no_user
2016-09-24 04:27:34 +00:00
return true unless authenticated?
redirect_to edit_user_path(user), notice: 'You must be logged out.'
2016-12-13 03:28:10 +00:00
false
2012-09-23 02:39:12 +00:00
end
2015-12-22 18:16:03 +00:00
2012-09-23 02:39:12 +00:00
def require_user
2016-09-24 04:27:34 +00:00
return true if authenticated?
2016-10-19 04:40:52 +00:00
redirect_to sign_in_path, notice: 'You must be logged in.'
2016-12-13 03:28:10 +00:00
false
2012-09-23 02:39:12 +00:00
end
2015-12-22 18:16:03 +00:00
def require_admin
2016-09-24 03:00:46 +00:00
return true if authenticated? && admin?
redirect_to root_url, notice: 'You need to be an admin for that.'
false
end
2015-12-22 18:16:03 +00:00
2012-09-23 02:39:12 +00:00
def user
current_user
end
2015-12-22 18:16:03 +00:00
2012-09-23 02:39:12 +00:00
def authenticated?
current_user
end
2015-12-22 18:16:03 +00:00
def admin?
authenticated? && current_user.admin
end
2015-11-03 14:22:53 +00:00
2016-02-19 01:23:39 +00:00
def allow_embedding
# allow all
2016-02-19 01:23:39 +00:00
response.headers.except! 'X-Frame-Options'
# or allow a whitelist
# response.headers['X-Frame-Options'] = 'ALLOW-FROM http://blog.metamaps.cc'
2015-11-03 14:22:53 +00:00
end
def prepare_exception_notifier
request.env['exception_notifier.exception_data'] = {
current_user: current_user
}
end
2012-09-23 02:39:12 +00:00
end