scinote-web/app/controllers/application_controller.rb

111 lines
2.8 KiB
Ruby
Raw Normal View History

2016-02-12 23:52:43 +08:00
class ApplicationController < ActionController::Base
acts_as_token_authentication_handler_for User
2016-02-12 23:52:43 +08:00
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
2017-06-23 21:19:08 +08:00
protect_from_forgery with: :exception, prepend: true
2016-02-12 23:52:43 +08:00
before_action :authenticate_user!
helper_method :current_team
before_action :update_current_team, if: :user_signed_in?
before_action :set_date_format, if: :user_signed_in?
2016-02-12 23:52:43 +08:00
around_action :set_time_zone, if: :current_user
2016-10-11 22:16:48 +08:00
layout 'main'
2016-02-12 23:52:43 +08:00
rescue_from ActionController::InvalidAuthenticityToken do
redirect_to root_path
end
def respond_422(message = t('client_api.permission_error'))
respond_to do |format|
format.json do
render json: { message: message },
status: 422
end
end
end
2016-02-12 23:52:43 +08:00
def forbidden
render_403
end
def not_found
render_404
end
def is_current_page_root?
2016-10-11 22:16:48 +08:00
controller_name == 'projects' && action_name == 'index'
2016-02-12 23:52:43 +08:00
end
# Sets current team for all controllers
def current_team
@current_team ||= Team.find_by(id: current_user.current_team_id)
end
def to_user_date_format
ts = I18n.l(Time.parse(params[:timestamp]),
format: params[:ts_format].to_sym)
respond_to do |format|
format.json do
render json: { ts: ts }, status: :ok
end
end
end
2016-02-12 23:52:43 +08:00
protected
def render_403(style = 'danger')
2016-07-21 19:11:15 +08:00
respond_to do |format|
format.html do
2016-07-21 19:11:15 +08:00
render file: 'public/403.html', status: :forbidden, layout: false
end
format.json do
render json: { style: style }, status: :forbidden
end
format.any do
render plain: 'FORBIDDEN', status: :forbidden
end
2016-07-21 19:11:15 +08:00
end
2016-02-12 23:52:43 +08:00
end
def render_404
2016-07-21 19:11:15 +08:00
respond_to do |format|
format.html do
render file: 'public/404.html', status: :not_found, layout: false
end
format.json do
2016-07-21 19:11:15 +08:00
render json: {}, status: :not_found
end
format.any do
render plain: 'NOT FOUND', status: :not_found
end
2016-07-21 19:11:15 +08:00
end
2016-02-12 23:52:43 +08:00
end
private
def update_current_team
@current_team = Team.find_by_id(current_user.current_team_id)
if (current_team.nil? || !current_user.is_member_of_team?(current_team)) &&
current_user.teams.count.positive?
current_user.update(
current_team_id: current_user.teams.first.id
)
end
end
2016-02-12 23:52:43 +08:00
# With this Devise callback user is redirected directly to sign in page instead
# of to root path. Therefore notification for sign out is displayed.
def after_sign_out_path_for(resource_or_scope)
new_user_session_path
end
def set_time_zone(&block)
Time.use_zone(current_user.settings[:time_zone], &block)
2016-02-12 23:52:43 +08:00
end
def set_date_format
I18n.backend.date_format =
current_user.settings[:date_format] || Constants::DEFAULT_DATE_FORMAT
end
2016-02-12 23:52:43 +08:00
end