Sha256: deb792f93a631928619d6ae80cb198ec95f52b6fd0e68325b10b8a3b3d601e72
Contents?: true
Size: 1.48 KB
Versions: 8
Compression:
Stored size: 1.48 KB
Contents
module Scrivito
class WebserviceController < ActionController::Base
rescue_from ClientError do |exception|
@exception = exception
render 'scrivito/webservice/error', formats: :json, status: exception.http_code
end
before_filter :merge_correctly_parsed_json_params
before_filter :authorize
private
def authorize
render_forbidden unless allow_access?
end
def editing_context
EditingContextMiddleware.from_request(request)
end
def scrivito_user
editing_context.editor
end
# If +true+, allow access to ObjsController, else deny access.
# See {Scrivito::Configuration.editing_auth} for details.
# @return [Bool]
def allow_access?
!!scrivito_user
end
# Workaround for https://github.com/rails/rails/issues/8832
def merge_correctly_parsed_json_params
if request.format.json?
body = request.body.read
request.body.rewind
params.merge!(ActiveSupport::JSON.decode(body)) if body.present?
end
rescue JSON::ParserError => e
# Rails TestRequest mixes up arguments, therefore ignore elements here
raise e unless Rails.env.test?
end
def can_user_access_workspace?(verb, workspace)
scrivito_user.can?(verb, workspace)
end
def authorize_workspace_access(verb, workspace)
can_user_access_workspace?(verb, workspace) ? yield : render_forbidden
end
def render_forbidden
render text: 'Forbidden', status: 403
end
def render_empty_json
render 'scrivito/webservice/empty', formats: :json
end
end
end
Version data entries
8 entries across 8 versions & 1 rubygems