Sha256: c2a9ee98b5f5b0174a3103a810e77d22026572a33500304c128ff8eb6b63c845

Contents?: true

Size: 1.23 KB

Versions: 4

Compression:

Stored size: 1.23 KB

Contents

module Pwb
  class ApplicationApiController < ActionController::Base
    protect_from_forgery with: :exception, prepend: true
    # include ActionController::HttpAuthentication::Token::ControllerMethods

    before_action :authenticate_user!, :current_agency, :check_user
    # , :authenticate_user_from_token!, :set_locale
    after_action :set_csrf_token

    def self.default_url_options
      { locale: I18n.locale }
    end

    private

    def check_user
      unless current_user && current_user.admin
        # unless request.subdomain.present? && (request.subdomain.downcase == current_user.tenants.first.subdomain.downcase)
        render_json_error "unauthorised_user"
      end
    end

    def render_json_error(message, opts = {})
      render json: message, status: opts[:status] || 422
    end

    def current_agency
      @current_agency ||= (Agency.last || Agency.create)
    end

    def set_csrf_token
      # http://rajatsingla.in/ruby/2016/08/06/how-to-add-csrf-in-ember-app.html
      if request.xhr?
        response.headers['X-CSRF-Token'] = form_authenticity_token.to_s
        response.headers['X-CSRF-Param'] = "authenticity_token"
      end
      # works in conjunction with updating the headers via client app
    end
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
pwb-1.4.0 app/controllers/pwb/application_api_controller.rb
pwb-1.3.0 app/controllers/pwb/application_api_controller.rb
pwb-1.2.0 app/controllers/pwb/application_api_controller.rb
pwb-1.1.1 app/controllers/pwb/application_api_controller.rb