scinote-web/app/controllers/application_controller.rb

85 lines
2 KiB
Ruby
Raw Normal View History

2016-02-12 23:52:43 +08:00
class ApplicationController < ActionController::Base
acts_as_token_authentication_handler_for User
2016-02-12 23:52:43 +08:00
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
2017-06-23 21:19:08 +08:00
protect_from_forgery with: :exception, prepend: true
2016-02-12 23:52:43 +08:00
before_action :authenticate_user!
helper_method :current_team
before_action :update_current_team, if: :user_signed_in?
2016-02-12 23:52:43 +08:00
around_action :set_time_zone, if: :current_user
2016-10-11 22:16:48 +08:00
layout 'main'
2016-02-12 23:52:43 +08:00
def respond_422(message = t('client_api.permission_error'))
respond_to do |format|
format.json do
render json: { message: message },
status: 422
end
end
end
2016-02-12 23:52:43 +08:00
def forbidden
render_403
end
def not_found
render_404
end
def is_current_page_root?
2016-10-11 22:16:48 +08:00
controller_name == 'projects' && action_name == 'index'
2016-02-12 23:52:43 +08:00
end
# Sets current team for all controllers
def current_team
Team.find_by_id(current_user.current_team_id)
end
2016-02-12 23:52:43 +08:00
protected
def render_403(style = 'danger')
2016-07-21 19:11:15 +08:00
respond_to do |format|
format.html do
2016-07-21 19:11:15 +08:00
render file: 'public/403.html', status: :forbidden, layout: false
end
format.json do
render json: { style: style }, status: :forbidden
end
2016-07-21 19:11:15 +08:00
end
true
2016-02-12 23:52:43 +08:00
end
def render_404
2016-07-21 19:11:15 +08:00
respond_to do |format|
format.html {
render :file => 'public/404.html', :status => :not_found, :layout => false
}
format.json {
render json: {}, status: :not_found
}
end
return true
2016-02-12 23:52:43 +08:00
end
private
def update_current_team
if current_user.current_team_id.blank? &&
current_user.teams.count > 0
current_user.update(
current_team_id: current_user.teams.first.id
)
end
end
2016-02-12 23:52:43 +08:00
# With this Devise callback user is redirected directly to sign in page instead
# of to root path. Therefore notification for sign out is displayed.
def after_sign_out_path_for(resource_or_scope)
new_user_session_path
end
def set_time_zone(&block)
Time.use_zone(current_user.settings[:time_zone], &block)
2016-02-12 23:52:43 +08:00
end
end