forked from spree/spree
/
base_controller.rb
122 lines (98 loc) · 3.27 KB
/
base_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
module Spree
module Api
class BaseController < ActionController::Metal
include Spree::Api::ControllerSetup
include ::ActionController::Head
self.responder = Spree::Api::Responders::AppResponder
attr_accessor :current_api_user
before_filter :set_content_type
before_filter :check_for_api_key, :if => :requires_authentication?
before_filter :authenticate_user
after_filter :set_jsonp_format
rescue_from Exception, :with => :error_during_processing
rescue_from CanCan::AccessDenied, :with => :unauthorized
rescue_from ActiveRecord::RecordNotFound, :with => :not_found
helper Spree::Api::ApiHelpers
ssl_allowed
def set_jsonp_format
if params[:callback] && request.get?
self.response_body = "#{params[:callback]}(#{self.response_body})"
headers["Content-Type"] = 'application/javascript'
end
end
def map_nested_attributes_keys(klass, attributes)
nested_keys = klass.nested_attributes_options.keys
attributes.inject({}) do |h, (k,v)|
key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k
h[key] = v
h
end.with_indifferent_access
end
private
def set_content_type
content_type = case params[:format]
when "json"
"application/json"
when "xml"
"text/xml"
end
headers["Content-Type"] = content_type
end
def check_for_api_key
render "spree/api/errors/must_specify_api_key", :status => 401 and return if api_key.blank?
end
def authenticate_user
if requires_authentication? || api_key.present?
unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
render "spree/api/errors/invalid_api_key", :status => 401 and return
end
else
# Effectively, an anonymous user
@current_api_user = Spree.user_class.new
end
end
def unauthorized
render "spree/api/errors/unauthorized", :status => 401 and return
end
def error_during_processing(exception)
render :text => { :exception => exception.message }.to_json,
:status => 422 and return
end
def requires_authentication?
Spree::Api::Config[:requires_authentication]
end
def not_found
render "spree/api/errors/not_found", :status => 404 and return
end
def current_ability
Spree::Ability.new(current_api_user)
end
def invalid_resource!(resource)
@resource = resource
render "spree/api/errors/invalid_resource", :status => 422
end
def api_key
request.headers["X-Spree-Token"] || params[:token]
end
helper_method :api_key
def find_product(id)
begin
product_scope.find_by_permalink!(id.to_s)
rescue ActiveRecord::RecordNotFound
product_scope.find(id)
end
end
def product_scope
if current_api_user.has_spree_role?("admin")
scope = Product
unless params[:show_deleted]
scope = scope.not_deleted
end
else
scope = Product.active
end
scope.includes(:master)
end
end
end
end