metamaps--metamaps/app/controllers/application_controller.rb

# frozen_string_literal: true
class ApplicationController < ActionController::Base
  include ApplicationHelper
  include Pundit
  include PunditExtra
  rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
  protect_from_forgery(with: :exception)

  before_action :invite_link
  before_action :prepare_exception_notifier
  after_action :allow_embedding

  def default_serializer_options
    { root: false }
  end

  # this is for global login
  include ContentHelper

  helper_method :user
  helper_method :authenticated?
  helper_method :admin?

  def after_sign_in_path_for(resource)
    sign_in_url = new_user_session_url
    sign_up_url = new_user_registration_url
    stored = stored_location_for(User) 

    if stored
      stored
    elsif request.referer.include?(sign_in_url) || request.referer.include?(sign_up_url)
      super
    else
      request.referer || root_path
    end
  end

  def handle_unauthorized
    if authenticated? and params[:controller] == 'maps' and params[:action] == 'show'
      redirect_to request_access_map_path(params[:id])
    elsif authenticated?
      redirect_to root_path, notice: "You don't have permission to see that page."
    else
      store_location_for(resource, request.fullpath)
      redirect_to new_user_session_path, notice: 'Try signing in to do that.'
    end
  end

  private

  def invite_link
    @invite_link = "#{request.base_url}/join" + (current_user ? "?code=#{current_user.code}" : '')
  end

  def require_no_user
    return true unless authenticated?
    redirect_to edit_user_path(user), notice: 'You must be logged out.'
    return false
  end

  def require_user
    return true if authenticated?
    redirect_to new_user_session_path, notice: 'You must be logged in.'
    return false
  end

  def require_admin
    return true if authenticated? && admin?
    redirect_to root_url, notice: 'You need to be an admin for that.'
    false
  end

  def user
    current_user
  end

  def authenticated?
    current_user
  end

  def admin?
    authenticated? && current_user.admin
  end

  def allow_embedding
    # allow all
    response.headers.except! 'X-Frame-Options'
    # or allow a whitelist
    # response.headers['X-Frame-Options'] = 'ALLOW-FROM http://blog.metamaps.cc'
  end

  def prepare_exception_notifier
    request.env['exception_notifier.exception_data'] = {
      current_user: current_user
    }
  end
end
automatic rubocop updates 2016-09-24 03:00:46 +00:00			`# frozen_string_literal: true`
added all files 2012-09-23 02:39:12 +00:00			`class ApplicationController < ActionController::Base`
final touchups on oauth 2016-03-25 04:26:07 +00:00			`include ApplicationHelper`
install pundit 2016-02-13 09:28:09 +00:00			`include Pundit`
changes for pundit 2016-03-11 22:37:32 +00:00			`include PunditExtra`
handle unauthorized with baaaaad 403 2016-03-11 13:35:48 +00:00			`rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized`
brakeman (#556) * update rails to 4.2.5.1 * fix brakeman gem warning * make brakeman happier and add it to travis * install brakeman gem for static security analysis * fix brakeman call in travis 2016-06-16 07:44:08 +00:00			`protect_from_forgery(with: :exception)`
make invite link use REQUEST_URI 2015-11-03 14:22:53 +00:00
more rubocop updates 2016-09-24 04:27:34 +00:00			`before_action :invite_link`
Custom formatter for slack exception notifications 2016-09-29 10:46:00 +00:00			`before_action :prepare_exception_notifier`
allow embedding 2016-02-19 01:23:39 +00:00			`after_action :allow_embedding`
final touchups on oauth 2016-03-25 04:26:07 +00:00
omg not having this was breaking things 2016-03-12 02:20:15 +00:00			`def default_serializer_options`
			`{ root: false }`
			`end`

this is a lot of changes. too many to say here, oops 2014-01-29 03:46:58 +00:00			`# this is for global login`
			`include ContentHelper`
merge develop 2015-12-22 18:16:03 +00:00
added all files 2012-09-23 02:39:12 +00:00			`helper_method :user`
			`helper_method :authenticated?`
added ability for an admin to add metacodes and metacode sets 2014-05-17 18:57:03 +00:00			`helper_method :admin?`
merge develop 2015-12-22 18:16:03 +00:00
fixed sign in redirects 2014-10-07 21:46:09 +00:00			`def after_sign_in_path_for(resource)`
access requests (#762) * start on access requests * set up access requests further * set default values for approved and answered 2016-10-17 00:22:00 +00:00			`sign_in_url = new_user_session_url`
			`sign_up_url = new_user_registration_url`
			`stored = stored_location_for(User)`
got redirect for single sign on with uservoice working 2014-10-07 22:38:33 +00:00
access requests (#762) * start on access requests * set up access requests further * set default values for approved and answered 2016-10-17 00:22:00 +00:00			`if stored`
			`stored`
			`elsif request.referer.include?(sign_in_url) \|\| request.referer.include?(sign_up_url)`
fixed sign in redirects 2014-10-07 21:46:09 +00:00			`super`
			`else`
access requests (#762) * start on access requests * set up access requests further * set default values for approved and answered 2016-10-17 00:22:00 +00:00			`request.referer \|\| root_path`
this is a lot of changes. too many to say here, oops 2014-01-29 03:46:58 +00:00			`end`
			`end`
merge develop 2015-12-22 18:16:03 +00:00
handle unauthorized with baaaaad 403 2016-03-11 13:35:48 +00:00			`def handle_unauthorized`
access requests (#762) * start on access requests * set up access requests further * set default values for approved and answered 2016-10-17 00:22:00 +00:00			`if authenticated? and params[:controller] == 'maps' and params[:action] == 'show'`
			`redirect_to request_access_map_path(params[:id])`
			`elsif authenticated?`
redirect to root_path if you get a 403 2016-10-08 04:26:08 +00:00			`redirect_to root_path, notice: "You don't have permission to see that page."`
enable shared private and public maps (#530) * enable shared private and public maps * change the list * yeehaw add collaborators * I believe this fixes the error connor brought up * when topic or synapse is no longer on a map, don't defer * needs to be before? * just do it in the controller * make recommendation they sign in and retry * better email * config for mailer previews * improve wording * shouldn't have included that * switch to green * don't execute if there's no map * wasn't including the right people in some circumstances * Finish breaking out JS files (#551) * metamaps.Realtime refactor * Metamaps.Util * Metamaps.Visualize * Metamaps.SynapseCard * Metamaps.TopicCard * Metamaps.Create.js * Remove erb extension from Metamaps.Map.js * Metmaps.Account and Metamaps.GlobalUI remove extension * Metamaps.JIT no more erb extension * move Backbone.init; standard-format on Metamaps.js.erb * factor out canvas support check function * some llittle template bugs * remove featured from signed in explore maps bar * don't let it overflow off the page 2016-04-24 15:50:35 +00:00			`else`
access requests (#762) * start on access requests * set up access requests further * set default values for approved and answered 2016-10-17 00:22:00 +00:00			`store_location_for(resource, request.fullpath)`
Update code style automatically using rubocop gem (#563) * install rubocop * 1961 automatic rubocop fixes * update rubocop.yml to ignore half of the remaining cops * rubocop lint warnings * random other warnings fixed 2016-07-26 00:14:23 +00:00			`redirect_to new_user_session_path, notice: 'Try signing in to do that.'`
enable shared private and public maps (#530) * enable shared private and public maps * change the list * yeehaw add collaborators * I believe this fixes the error connor brought up * when topic or synapse is no longer on a map, don't defer * needs to be before? * just do it in the controller * make recommendation they sign in and retry * better email * config for mailer previews * improve wording * shouldn't have included that * switch to green * don't execute if there's no map * wasn't including the right people in some circumstances * Finish breaking out JS files (#551) * metamaps.Realtime refactor * Metamaps.Util * Metamaps.Visualize * Metamaps.SynapseCard * Metamaps.TopicCard * Metamaps.Create.js * Remove erb extension from Metamaps.Map.js * Metmaps.Account and Metamaps.GlobalUI remove extension * Metamaps.JIT no more erb extension * move Backbone.init; standard-format on Metamaps.js.erb * factor out canvas support check function * some llittle template bugs * remove featured from signed in explore maps bar * don't let it overflow off the page 2016-04-24 15:50:35 +00:00			`end`
handle unauthorized with baaaaad 403 2016-03-11 13:35:48 +00:00			`end`
final touchups on oauth 2016-03-25 04:26:07 +00:00
Update code style automatically using rubocop gem (#563) * install rubocop * 1961 automatic rubocop fixes * update rubocop.yml to ignore half of the remaining cops * rubocop lint warnings * random other warnings fixed 2016-07-26 00:14:23 +00:00			`private`
added all files 2012-09-23 02:39:12 +00:00
more rubocop updates 2016-09-24 04:27:34 +00:00			`def invite_link`
Update code style automatically using rubocop gem (#563) * install rubocop * 1961 automatic rubocop fixes * update rubocop.yml to ignore half of the remaining cops * rubocop lint warnings * random other warnings fixed 2016-07-26 00:14:23 +00:00			`@invite_link = "#{request.base_url}/join" + (current_user ? "?code=#{current_user.code}" : '')`
fix invite link 2016-03-29 14:34:47 +00:00			`end`

added all files 2012-09-23 02:39:12 +00:00			`def require_no_user`
more rubocop updates 2016-09-24 04:27:34 +00:00			`return true unless authenticated?`
			`redirect_to edit_user_path(user), notice: 'You must be logged out.'`
			`return false`
added all files 2012-09-23 02:39:12 +00:00			`end`
merge develop 2015-12-22 18:16:03 +00:00
added all files 2012-09-23 02:39:12 +00:00			`def require_user`
more rubocop updates 2016-09-24 04:27:34 +00:00			`return true if authenticated?`
			`redirect_to new_user_session_path, notice: 'You must be logged in.'`
			`return false`
added all files 2012-09-23 02:39:12 +00:00			`end`
merge develop 2015-12-22 18:16:03 +00:00
added ability for an admin to add metacodes and metacode sets 2014-05-17 18:57:03 +00:00			`def require_admin`
automatic rubocop updates 2016-09-24 03:00:46 +00:00			`return true if authenticated? && admin?`
			`redirect_to root_url, notice: 'You need to be an admin for that.'`
			`false`
added ability for an admin to add metacodes and metacode sets 2014-05-17 18:57:03 +00:00			`end`
merge develop 2015-12-22 18:16:03 +00:00
added all files 2012-09-23 02:39:12 +00:00			`def user`
			`current_user`
			`end`
merge develop 2015-12-22 18:16:03 +00:00
added all files 2012-09-23 02:39:12 +00:00			`def authenticated?`
			`current_user`
			`end`
merge develop 2015-12-22 18:16:03 +00:00
added ability for an admin to add metacodes and metacode sets 2014-05-17 18:57:03 +00:00			`def admin?`
setup bare minimum devise authentication in tests 2015-12-16 13:32:50 +00:00			`authenticated? && current_user.admin`
added ability for an admin to add metacodes and metacode sets 2014-05-17 18:57:03 +00:00			`end`
make invite link use REQUEST_URI 2015-11-03 14:22:53 +00:00
allow embedding 2016-02-19 01:23:39 +00:00			`def allow_embedding`
Update code style automatically using rubocop gem (#563) * install rubocop * 1961 automatic rubocop fixes * update rubocop.yml to ignore half of the remaining cops * rubocop lint warnings * random other warnings fixed 2016-07-26 00:14:23 +00:00			`# allow all`
allow embedding 2016-02-19 01:23:39 +00:00			`response.headers.except! 'X-Frame-Options'`
			`# or allow a whitelist`
			`# response.headers['X-Frame-Options'] = 'ALLOW-FROM http://blog.metamaps.cc'`
make invite link use REQUEST_URI 2015-11-03 14:22:53 +00:00			`end`
Custom formatter for slack exception notifications 2016-09-29 10:46:00 +00:00
			`def prepare_exception_notifier`
			`request.env['exception_notifier.exception_data'] = {`
			`current_user: current_user`
			`}`
			`end`
added all files 2012-09-23 02:39:12 +00:00			`end`