-
Notifications
You must be signed in to change notification settings - Fork 1k
/
application_controller.rb
117 lines (93 loc) 路 2.79 KB
/
application_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# frozen_string_literal: true
require "authie/session"
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :login_required
before_action :set_timezone
rescue_from Authie::Session::InactiveSession, with: :auth_session_error
rescue_from Authie::Session::ExpiredSession, with: :auth_session_error
rescue_from Authie::Session::BrowserMismatch, with: :auth_session_error
private
def login_required
return if logged_in?
redirect_to login_path(return_to: request.fullpath)
end
def admin_required
if logged_in?
unless current_user.admin?
render plain: "Not permitted"
end
else
redirect_to login_path(return_to: request.fullpath)
end
end
def require_organization_owner
return if organization.owner == current_user
redirect_to organization_root_path(organization), alert: "This page can only be accessed by the organization's owner (#{organization.owner.name})"
end
def auth_session_error(exception)
Rails.logger.info "AuthSessionError: #{exception.class}: #{exception.message}"
redirect_to login_path(return_to: request.fullpath)
end
def page_title
@page_title ||= ["Postal"]
end
helper_method :page_title
def redirect_to_with_return_to(url, *args)
redirect_to url_with_return_to(url), *args
end
def set_timezone
Time.zone = logged_in? ? current_user.time_zone : "UTC"
end
def append_info_to_payload(payload)
super
payload[:ip] = request.ip
payload[:user] = logged_in? ? current_user.id : nil
end
def url_with_return_to(url)
if params[:return_to].blank? || !params[:return_to].starts_with?("/")
url_for(url)
else
params[:return_to]
end
end
def redirect_to_with_json(url, flash_messages = {})
if url.is_a?(Array) && url[0] == :return_to
url = url_with_return_to(url[1])
else
url = url_for(url)
end
flash_messages.each do |key, value|
flash[key] = value
end
respond_to do |wants|
wants.html { redirect_to url }
wants.json { render json: { redirect_to: url } }
end
end
def render_form_errors(action_name, object)
respond_to do |wants|
wants.html { render action_name }
wants.json { render json: { form_errors: object.errors.map(&:full_message) }, status: :unprocessable_entity }
end
end
def flash_now(type, message, options = {})
respond_to do |wants|
wants.html do
flash.now[type] = message
if options[:render_action]
render options[:render_action]
end
end
wants.json { render json: { flash: { type => message } } }
end
end
def login(user)
if logged_in?
auth_session.invalidate!
reset_session
end
create_auth_session(user)
@current_user = user
end
end