metamaps--metamaps/app/controllers/application_controller.rb

# frozen_string_literal: true
class ApplicationController < ActionController::Base
  include ApplicationHelper
  include Pundit
  include PunditExtra
  rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
  protect_from_forgery(with: :exception)

  before_action :invite_link
  after_action :allow_embedding

  def default_serializer_options
    { root: false }
  end

  # this is for global login
  include ContentHelper

  helper_method :user
  helper_method :authenticated?
  helper_method :admin?

  def after_sign_in_path_for(resource)
    sign_in_url = url_for(action: 'new', controller: 'sessions', only_path: false)

    if request.referer == sign_in_url
      super
    elsif params[:uv_login] == '1'
      'http://support.metamaps.cc/login_success?sso=' + current_sso_token
    else
      stored_location_for(resource) || request.referer || root_path
    end
  end

  def handle_unauthorized
    if authenticated?
      head :forbidden # TODO: make this better
    else
      redirect_to new_user_session_path, notice: 'Try signing in to do that.'
    end
  end

  private

  def invite_link
    @invite_link = "#{request.base_url}/join" + (current_user ? "?code=#{current_user.code}" : '')
  end

  def require_no_user
    return true unless authenticated?
    redirect_to edit_user_path(user), notice: 'You must be logged out.'
    return false
  end

  def require_user
    return true if authenticated?
    redirect_to new_user_session_path, notice: 'You must be logged in.'
    return false
  end

  def require_admin
    return true if authenticated? && admin?
    redirect_to root_url, notice: 'You need to be an admin for that.'
    false
  end

  def user
    current_user
  end

  def authenticated?
    current_user
  end

  def admin?
    authenticated? && current_user.admin
  end

  def allow_embedding
    # allow all
    response.headers.except! 'X-Frame-Options'
    # or allow a whitelist
    # response.headers['X-Frame-Options'] = 'ALLOW-FROM http://blog.metamaps.cc'
  end
end
automatic rubocop updates 2016-09-24 03:00:46 +00:00			`# frozen_string_literal: true`
added all files 2012-09-23 02:39:12 +00:00			`class ApplicationController < ActionController::Base`
final touchups on oauth 2016-03-25 04:26:07 +00:00			`include ApplicationHelper`
install pundit 2016-02-13 09:28:09 +00:00			`include Pundit`
changes for pundit 2016-03-11 22:37:32 +00:00			`include PunditExtra`
handle unauthorized with baaaaad 403 2016-03-11 13:35:48 +00:00			`rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized`
brakeman (#556) * update rails to 4.2.5.1 * fix brakeman gem warning * make brakeman happier and add it to travis * install brakeman gem for static security analysis * fix brakeman call in travis 2016-06-16 07:44:08 +00:00			`protect_from_forgery(with: :exception)`
make invite link use REQUEST_URI 2015-11-03 14:22:53 +00:00
more rubocop updates 2016-09-24 04:27:34 +00:00			`before_action :invite_link`
allow embedding 2016-02-19 01:23:39 +00:00			`after_action :allow_embedding`
final touchups on oauth 2016-03-25 04:26:07 +00:00
omg not having this was breaking things 2016-03-12 02:20:15 +00:00			`def default_serializer_options`
			`{ root: false }`
			`end`

this is a lot of changes. too many to say here, oops 2014-01-29 03:46:58 +00:00			`# this is for global login`
			`include ContentHelper`
merge develop 2015-12-22 18:16:03 +00:00
added all files 2012-09-23 02:39:12 +00:00			`helper_method :user`
			`helper_method :authenticated?`
added ability for an admin to add metacodes and metacode sets 2014-05-17 18:57:03 +00:00			`helper_method :admin?`
merge develop 2015-12-22 18:16:03 +00:00
fixed sign in redirects 2014-10-07 21:46:09 +00:00			`def after_sign_in_path_for(resource)`
fix login redirect loop - fixes #602 (#609) 2016-08-16 12:03:22 +00:00			`sign_in_url = url_for(action: 'new', controller: 'sessions', only_path: false)`
got redirect for single sign on with uservoice working 2014-10-07 22:38:33 +00:00
fixed sign in redirects 2014-10-07 21:46:09 +00:00			`if request.referer == sign_in_url`
			`super`
Update code style automatically using rubocop gem (#563) * install rubocop * 1961 automatic rubocop fixes * update rubocop.yml to ignore half of the remaining cops * rubocop lint warnings * random other warnings fixed 2016-07-26 00:14:23 +00:00			`elsif params[:uv_login] == '1'`
			`'http://support.metamaps.cc/login_success?sso=' + current_sso_token`
fixed sign in redirects 2014-10-07 21:46:09 +00:00			`else`
			`stored_location_for(resource) \|\| request.referer \|\| root_path`
this is a lot of changes. too many to say here, oops 2014-01-29 03:46:58 +00:00			`end`
			`end`
merge develop 2015-12-22 18:16:03 +00:00
handle unauthorized with baaaaad 403 2016-03-11 13:35:48 +00:00			`def handle_unauthorized`
enable shared private and public maps (#530) * enable shared private and public maps * change the list * yeehaw add collaborators * I believe this fixes the error connor brought up * when topic or synapse is no longer on a map, don't defer * needs to be before? * just do it in the controller * make recommendation they sign in and retry * better email * config for mailer previews * improve wording * shouldn't have included that * switch to green * don't execute if there's no map * wasn't including the right people in some circumstances * Finish breaking out JS files (#551) * metamaps.Realtime refactor * Metamaps.Util * Metamaps.Visualize * Metamaps.SynapseCard * Metamaps.TopicCard * Metamaps.Create.js * Remove erb extension from Metamaps.Map.js * Metmaps.Account and Metamaps.GlobalUI remove extension * Metamaps.JIT no more erb extension * move Backbone.init; standard-format on Metamaps.js.erb * factor out canvas support check function * some llittle template bugs * remove featured from signed in explore maps bar * don't let it overflow off the page 2016-04-24 15:50:35 +00:00			`if authenticated?`
Update code style automatically using rubocop gem (#563) * install rubocop * 1961 automatic rubocop fixes * update rubocop.yml to ignore half of the remaining cops * rubocop lint warnings * random other warnings fixed 2016-07-26 00:14:23 +00:00			`head :forbidden # TODO: make this better`
enable shared private and public maps (#530) * enable shared private and public maps * change the list * yeehaw add collaborators * I believe this fixes the error connor brought up * when topic or synapse is no longer on a map, don't defer * needs to be before? * just do it in the controller * make recommendation they sign in and retry * better email * config for mailer previews * improve wording * shouldn't have included that * switch to green * don't execute if there's no map * wasn't including the right people in some circumstances * Finish breaking out JS files (#551) * metamaps.Realtime refactor * Metamaps.Util * Metamaps.Visualize * Metamaps.SynapseCard * Metamaps.TopicCard * Metamaps.Create.js * Remove erb extension from Metamaps.Map.js * Metmaps.Account and Metamaps.GlobalUI remove extension * Metamaps.JIT no more erb extension * move Backbone.init; standard-format on Metamaps.js.erb * factor out canvas support check function * some llittle template bugs * remove featured from signed in explore maps bar * don't let it overflow off the page 2016-04-24 15:50:35 +00:00			`else`
Update code style automatically using rubocop gem (#563) * install rubocop * 1961 automatic rubocop fixes * update rubocop.yml to ignore half of the remaining cops * rubocop lint warnings * random other warnings fixed 2016-07-26 00:14:23 +00:00			`redirect_to new_user_session_path, notice: 'Try signing in to do that.'`
enable shared private and public maps (#530) * enable shared private and public maps * change the list * yeehaw add collaborators * I believe this fixes the error connor brought up * when topic or synapse is no longer on a map, don't defer * needs to be before? * just do it in the controller * make recommendation they sign in and retry * better email * config for mailer previews * improve wording * shouldn't have included that * switch to green * don't execute if there's no map * wasn't including the right people in some circumstances * Finish breaking out JS files (#551) * metamaps.Realtime refactor * Metamaps.Util * Metamaps.Visualize * Metamaps.SynapseCard * Metamaps.TopicCard * Metamaps.Create.js * Remove erb extension from Metamaps.Map.js * Metmaps.Account and Metamaps.GlobalUI remove extension * Metamaps.JIT no more erb extension * move Backbone.init; standard-format on Metamaps.js.erb * factor out canvas support check function * some llittle template bugs * remove featured from signed in explore maps bar * don't let it overflow off the page 2016-04-24 15:50:35 +00:00			`end`
handle unauthorized with baaaaad 403 2016-03-11 13:35:48 +00:00			`end`
final touchups on oauth 2016-03-25 04:26:07 +00:00
Update code style automatically using rubocop gem (#563) * install rubocop * 1961 automatic rubocop fixes * update rubocop.yml to ignore half of the remaining cops * rubocop lint warnings * random other warnings fixed 2016-07-26 00:14:23 +00:00			`private`
added all files 2012-09-23 02:39:12 +00:00
more rubocop updates 2016-09-24 04:27:34 +00:00			`def invite_link`
Update code style automatically using rubocop gem (#563) * install rubocop * 1961 automatic rubocop fixes * update rubocop.yml to ignore half of the remaining cops * rubocop lint warnings * random other warnings fixed 2016-07-26 00:14:23 +00:00			`@invite_link = "#{request.base_url}/join" + (current_user ? "?code=#{current_user.code}" : '')`
fix invite link 2016-03-29 14:34:47 +00:00			`end`

added all files 2012-09-23 02:39:12 +00:00			`def require_no_user`
more rubocop updates 2016-09-24 04:27:34 +00:00			`return true unless authenticated?`
			`redirect_to edit_user_path(user), notice: 'You must be logged out.'`
			`return false`
added all files 2012-09-23 02:39:12 +00:00			`end`
merge develop 2015-12-22 18:16:03 +00:00
added all files 2012-09-23 02:39:12 +00:00			`def require_user`
more rubocop updates 2016-09-24 04:27:34 +00:00			`return true if authenticated?`
			`redirect_to new_user_session_path, notice: 'You must be logged in.'`
			`return false`
added all files 2012-09-23 02:39:12 +00:00			`end`
merge develop 2015-12-22 18:16:03 +00:00
added ability for an admin to add metacodes and metacode sets 2014-05-17 18:57:03 +00:00			`def require_admin`
automatic rubocop updates 2016-09-24 03:00:46 +00:00			`return true if authenticated? && admin?`
			`redirect_to root_url, notice: 'You need to be an admin for that.'`
			`false`
added ability for an admin to add metacodes and metacode sets 2014-05-17 18:57:03 +00:00			`end`
merge develop 2015-12-22 18:16:03 +00:00
added all files 2012-09-23 02:39:12 +00:00			`def user`
			`current_user`
			`end`
merge develop 2015-12-22 18:16:03 +00:00
added all files 2012-09-23 02:39:12 +00:00			`def authenticated?`
			`current_user`
			`end`
merge develop 2015-12-22 18:16:03 +00:00
added ability for an admin to add metacodes and metacode sets 2014-05-17 18:57:03 +00:00			`def admin?`
setup bare minimum devise authentication in tests 2015-12-16 13:32:50 +00:00			`authenticated? && current_user.admin`
added ability for an admin to add metacodes and metacode sets 2014-05-17 18:57:03 +00:00			`end`
make invite link use REQUEST_URI 2015-11-03 14:22:53 +00:00
allow embedding 2016-02-19 01:23:39 +00:00			`def allow_embedding`
Update code style automatically using rubocop gem (#563) * install rubocop * 1961 automatic rubocop fixes * update rubocop.yml to ignore half of the remaining cops * rubocop lint warnings * random other warnings fixed 2016-07-26 00:14:23 +00:00			`# allow all`
allow embedding 2016-02-19 01:23:39 +00:00			`response.headers.except! 'X-Frame-Options'`
			`# or allow a whitelist`
			`# response.headers['X-Frame-Options'] = 'ALLOW-FROM http://blog.metamaps.cc'`
make invite link use REQUEST_URI 2015-11-03 14:22:53 +00:00			`end`
added all files 2012-09-23 02:39:12 +00:00			`end`