Contents

module Maestrano
  module Api
    class ApiController < JSONAPI::ResourceController
      protect_from_forgery
      before_action :authenticate_client!

      # Return the current API client (tenant)
      attr_accessor :client

      def context
        {client: client, params: params, current_user: client, policy_used: -> { @policy_used = true }}
      end

      protected

        def current_user
          @client
        end

        def authorize(record, query = nil)
          context[:policy_used]&.call
          super
        end

      private

        def authenticate_client!
          authenticate_tenant || unauthorized!
        end

        def unauthorized!
          head :unauthorized
        end

        def authenticate_tenant
          @client = authenticate_with_http_basic do |api_key, api_secret|
            Maestrano.find_by_app_id_and_app_key(api_key, api_secret)
          end
        end
    end
  end
end

Version data entries

9 entries across 9 versions & 1 rubygems

Version	Path
maestrano-connector-rails-2.3.6	app/controllers/maestrano/api/api_controller.rb
maestrano-connector-rails-2.3.5	app/controllers/maestrano/api/api_controller.rb
maestrano-connector-rails-2.3.4	app/controllers/maestrano/api/api_controller.rb
maestrano-connector-rails-2.3.3	app/controllers/maestrano/api/api_controller.rb
maestrano-connector-rails-2.3.2	app/controllers/maestrano/api/api_controller.rb
maestrano-connector-rails-2.3.1	app/controllers/maestrano/api/api_controller.rb
maestrano-connector-rails-2.3.0	app/controllers/maestrano/api/api_controller.rb
maestrano-connector-rails-2.2.1	app/controllers/maestrano/api/api_controller.rb
maestrano-connector-rails-2.2.0	app/controllers/maestrano/api/api_controller.rb