app/controllers/orchestrator/base.rb in orchestrator-1.0.2 vs app/controllers/orchestrator/base.rb in orchestrator-1.0.3
- old
+ new
@@ -3,12 +3,12 @@
class Base < ::ActionController::Base
layout nil
rescue_from Couchbase::Error::NotFound, with: :entry_not_found
- # Add headers to allow for CORS requests to the API
- before_filter :allow_cors
+ before_action :doorkeeper_authorize!, except: :options
+ before_filter :allow_cors # Add headers to allow for CORS requests to the API
# This is a preflight OPTIONS request
def options
render nothing: true
@@ -26,15 +26,15 @@
ANY_ORIGIN = '*'.freeze
ANY_METHOD = 'GET, POST, PUT, DELETE, OPTIONS, PATCH'.freeze
COMMON_HEADERS = 'Origin, Accept, Content-Type, X-Requested-With, Authorization, X-Frame-Options'.freeze
ONE_DAY = '1728000'.freeze
- def allow_cors
- headers[ALLOW_ORIGIN] = ANY_ORIGIN
- headers[ALLOW_METHODS] = ANY_METHOD
- headers[ALLOW_HEADERS] = COMMON_HEADERS
- headers[MAX_AGE] = ONE_DAY
+ def allow_cors(headerHash = headers)
+ headerHash[ALLOW_ORIGIN] = ANY_ORIGIN
+ headerHash[ALLOW_METHODS] = ANY_METHOD
+ headerHash[ALLOW_HEADERS] = COMMON_HEADERS
+ headerHash[MAX_AGE] = ONE_DAY
end
# Couchbase catch all
def entry_not_found(err)
@@ -52,8 +52,25 @@
# Used to save and respond to all model requests
def save_and_respond(model)
yield if model.save && block_given?
respond_with :api, model
+ end
+
+ # Checking if the user is an administrator
+ def check_admin
+ user = current_user
+ head(:forbidden) unless user && user.sys_admin
+ end
+
+ # Checking if the user is support personnel
+ def check_support
+ user = current_user
+ head(:forbidden) unless user && (user.support || user.sys_admin)
+ end
+
+ # current user using doorkeeper
+ def current_user
+ @current_user ||= User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
end
end
end