2016-02-12 23:52:43 +08:00
|
|
|
class ApplicationController < ActionController::Base
|
2016-11-30 23:27:12 +08:00
|
|
|
acts_as_token_authentication_handler_for User
|
2016-02-12 23:52:43 +08:00
|
|
|
# Prevent CSRF attacks by raising an exception.
|
|
|
|
# For APIs, you may want to use :null_session instead.
|
2017-06-23 21:19:08 +08:00
|
|
|
protect_from_forgery with: :exception, prepend: true
|
2016-02-12 23:52:43 +08:00
|
|
|
before_action :authenticate_user!
|
2017-01-24 23:57:14 +08:00
|
|
|
helper_method :current_team
|
|
|
|
before_action :update_current_team, if: :user_signed_in?
|
2018-11-09 22:58:08 +08:00
|
|
|
before_action :set_date_format, if: :user_signed_in?
|
2016-02-12 23:52:43 +08:00
|
|
|
around_action :set_time_zone, if: :current_user
|
2016-10-11 22:16:48 +08:00
|
|
|
layout 'main'
|
2016-02-12 23:52:43 +08:00
|
|
|
|
2017-12-04 18:12:35 +08:00
|
|
|
def respond_422(message = t('client_api.permission_error'))
|
|
|
|
respond_to do |format|
|
|
|
|
format.json do
|
|
|
|
render json: { message: message },
|
|
|
|
status: 422
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-02-12 23:52:43 +08:00
|
|
|
def forbidden
|
|
|
|
render_403
|
|
|
|
end
|
|
|
|
|
|
|
|
def not_found
|
|
|
|
render_404
|
|
|
|
end
|
|
|
|
|
|
|
|
def is_current_page_root?
|
2016-10-11 22:16:48 +08:00
|
|
|
controller_name == 'projects' && action_name == 'index'
|
2016-02-12 23:52:43 +08:00
|
|
|
end
|
|
|
|
|
2017-01-24 23:57:14 +08:00
|
|
|
# Sets current team for all controllers
|
|
|
|
def current_team
|
2017-01-25 00:06:51 +08:00
|
|
|
Team.find_by_id(current_user.current_team_id)
|
2016-10-11 17:58:37 +08:00
|
|
|
end
|
|
|
|
|
2016-02-12 23:52:43 +08:00
|
|
|
protected
|
|
|
|
|
2017-03-28 21:14:05 +08:00
|
|
|
def render_403(style = 'danger')
|
2016-07-21 19:11:15 +08:00
|
|
|
respond_to do |format|
|
2017-03-28 21:14:05 +08:00
|
|
|
format.html do
|
2016-07-21 19:11:15 +08:00
|
|
|
render file: 'public/403.html', status: :forbidden, layout: false
|
2017-03-28 21:14:05 +08:00
|
|
|
end
|
|
|
|
format.json do
|
|
|
|
render json: { style: style }, status: :forbidden
|
|
|
|
end
|
2016-07-21 19:11:15 +08:00
|
|
|
end
|
2017-03-28 21:14:05 +08:00
|
|
|
true
|
2016-02-12 23:52:43 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
def render_404
|
2016-07-21 19:11:15 +08:00
|
|
|
respond_to do |format|
|
|
|
|
format.html {
|
|
|
|
render :file => 'public/404.html', :status => :not_found, :layout => false
|
|
|
|
}
|
|
|
|
format.json {
|
|
|
|
render json: {}, status: :not_found
|
|
|
|
}
|
|
|
|
end
|
2016-08-17 20:41:48 +08:00
|
|
|
return true
|
2016-02-12 23:52:43 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2017-01-24 23:57:14 +08:00
|
|
|
def update_current_team
|
|
|
|
if current_user.current_team_id.blank? &&
|
|
|
|
current_user.teams.count > 0
|
2016-10-25 17:39:57 +08:00
|
|
|
current_user.update(
|
2017-01-24 23:57:14 +08:00
|
|
|
current_team_id: current_user.teams.first.id
|
2016-10-25 17:39:57 +08:00
|
|
|
)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-02-12 23:52:43 +08:00
|
|
|
# With this Devise callback user is redirected directly to sign in page instead
|
|
|
|
# of to root path. Therefore notification for sign out is displayed.
|
|
|
|
def after_sign_out_path_for(resource_or_scope)
|
|
|
|
new_user_session_path
|
|
|
|
end
|
|
|
|
|
|
|
|
def set_time_zone(&block)
|
2017-08-10 17:30:57 +08:00
|
|
|
Time.use_zone(current_user.settings[:time_zone], &block)
|
2016-02-12 23:52:43 +08:00
|
|
|
end
|
2018-11-09 22:58:08 +08:00
|
|
|
|
|
|
|
def set_date_format
|
|
|
|
I18n.backend.date_format =
|
|
|
|
current_user.settings[:date_format] || Constants::DEFAULT_DATE_FORMAT
|
|
|
|
end
|
2016-02-12 23:52:43 +08:00
|
|
|
end
|