foodsoft/app/controllers/api/v1/base_controller.rb

class Api::V1::BaseController < ApplicationController
  include Concerns::AuthApi

  protect_from_forgery with: :null_session

  before_action :skip_session
  before_action :authenticate

  rescue_from ActiveRecord::RecordNotFound, with: :not_found_handler
  rescue_from ActiveRecord::RecordNotSaved, with: :not_acceptable_handler
  rescue_from ActiveRecord::RecordInvalid, with: :not_acceptable_handler
  rescue_from Api::Errors::PermissionRequired, with: :permission_required_handler

  private

  # @return [Ordergroup] Current user's ordergroup, or +nil+ if no valid token or user has no ordergroup.
  def current_ordergroup
    current_user.try(:ordergroup)
  end

  def require_ordergroup
    authenticate
    return if current_ordergroup.present?

    raise Api::Errors::PermissionRequired, 'Forbidden, must be in an ordergroup'
  end

  def require_minimum_balance
    minimum_balance = FoodsoftConfig[:minimum_balance] or return
    return unless current_ordergroup.account_balance < minimum_balance

    raise Api::Errors::PermissionRequired, t('application.controller.error_minimum_balance', min: minimum_balance)
  end

  def require_enough_apples
    return unless current_ordergroup.not_enough_apples?

    s = t('group_orders.messages.not_enough_apples', apples: current_ordergroup.apples,
                                                     stop_ordering_under: FoodsoftConfig[:stop_ordering_under])
    raise Api::Errors::PermissionRequired, s
  end

  def require_config_enabled(config)
    return if FoodsoftConfig[config]

    raise Api::Errors::PermissionRequired, t('application.controller.error_not_enabled', config: config)
  end

  def skip_session
    request.session_options[:skip] = true
  end

  def not_found_handler(e)
    # remove where-clauses from error message (not suitable for end-users)
    msg = e.message.try { |m| m.sub(/\s*\[.*?\]\s*$/, '') } || 'Not found'
    render status: :not_found, json: { error: 'not_found', error_description: msg }
  end

  def not_acceptable_handler(e)
    msg = e.message || 'Data not acceptable'
    render status: :unprocessable_entity, json: { error: 'not_acceptable', error_description: msg }
  end

  def doorkeeper_unauthorized_render_options(error:)
    { json: { error: error.name, error_description: error.description } }
  end

  def doorkeeper_forbidden_render_options(error:)
    { json: { error: error.name, error_description: error.description } }
  end

  def permission_required_handler(e)
    msg = e.message || 'Forbidden, user has no access'
    render status: :forbidden, json: { error: 'forbidden', error_description: msg }
  end

  # @todo something with ApplicationHelper#show_user
  def show_user(user = current_user, **_options)
    user.display
  end
end
Prepare for API v1 (PR #570) 2018-10-13 20:16:35 +02:00			`class Api::V1::BaseController < ApplicationController`
Add OAuth scopes https://github.com/foodcoops/foodsoft/issues/582#issuecomment-442513237 2019-02-05 20:53:02 +01:00			`include Concerns::AuthApi`

Prepare for API v1 (PR #570) 2018-10-13 20:16:35 +02:00			`protect_from_forgery with: :null_session`

			`before_action :skip_session`
API v1 user endpoint 2018-10-13 15:15:43 +02:00			`before_action :authenticate`

Prepare for API v1 (PR #570) 2018-10-13 20:16:35 +02:00			`rescue_from ActiveRecord::RecordNotFound, with: :not_found_handler`
			`rescue_from ActiveRecord::RecordNotSaved, with: :not_acceptable_handler`
			`rescue_from ActiveRecord::RecordInvalid, with: :not_acceptable_handler`
			`rescue_from Api::Errors::PermissionRequired, with: :permission_required_handler`

			`private`

			`# @return [Ordergroup] Current user's ordergroup, or +nil+ if no valid token or user has no ordergroup.`
			`def current_ordergroup`
			`current_user.try(:ordergroup)`
			`end`

			`def require_ordergroup`
			`authenticate`
chore: rubocop chore: fix api test conventions chore: rubocop -A spec/ chore: more rubocop -A fix failing test rubocop fixes removes helper methods that are in my opinion dead code more rubocop fixes rubocop -a --auto-gen-config 2023-05-12 13:01:12 +02:00			`return if current_ordergroup.present?`

			`raise Api::Errors::PermissionRequired, 'Forbidden, must be in an ordergroup'`
Prepare for API v1 (PR #570) 2018-10-13 20:16:35 +02:00			`end`

Move require_minimum_balance and require_enough_apples to BaseController This allows us to use them in other controllers too. 2021-02-18 10:55:51 +01:00			`def require_minimum_balance`
			`minimum_balance = FoodsoftConfig[:minimum_balance] or return`
chore: rubocop chore: fix api test conventions chore: rubocop -A spec/ chore: more rubocop -A fix failing test rubocop fixes removes helper methods that are in my opinion dead code more rubocop fixes rubocop -a --auto-gen-config 2023-05-12 13:01:12 +02:00			`return unless current_ordergroup.account_balance < minimum_balance`

			`raise Api::Errors::PermissionRequired, t('application.controller.error_minimum_balance', min: minimum_balance)`
Move require_minimum_balance and require_enough_apples to BaseController This allows us to use them in other controllers too. 2021-02-18 10:55:51 +01:00			`end`

			`def require_enough_apples`
chore: rubocop chore: fix api test conventions chore: rubocop -A spec/ chore: more rubocop -A fix failing test rubocop fixes removes helper methods that are in my opinion dead code more rubocop fixes rubocop -a --auto-gen-config 2023-05-12 13:01:12 +02:00			`return unless current_ordergroup.not_enough_apples?`

			`s = t('group_orders.messages.not_enough_apples', apples: current_ordergroup.apples,`
			`stop_ordering_under: FoodsoftConfig[:stop_ordering_under])`
			`raise Api::Errors::PermissionRequired, s`
Move require_minimum_balance and require_enough_apples to BaseController This allows us to use them in other controllers too. 2021-02-18 10:55:51 +01:00			`end`

Add require_config_enabled to Api::V1::BaseController 2021-02-18 11:17:33 +01:00			`def require_config_enabled(config)`
chore: rubocop chore: fix api test conventions chore: rubocop -A spec/ chore: more rubocop -A fix failing test rubocop fixes removes helper methods that are in my opinion dead code more rubocop fixes rubocop -a --auto-gen-config 2023-05-12 13:01:12 +02:00			`return if FoodsoftConfig[config]`

			`raise Api::Errors::PermissionRequired, t('application.controller.error_not_enabled', config: config)`
Add require_config_enabled to Api::V1::BaseController 2021-02-18 11:17:33 +01:00			`end`

Prepare for API v1 (PR #570) 2018-10-13 20:16:35 +02:00			`def skip_session`
			`request.session_options[:skip] = true`
			`end`

			`def not_found_handler(e)`
			`# remove where-clauses from error message (not suitable for end-users)`
Run rubocop --fix-layout and remove encoding comments 2021-03-01 15:27:26 +01:00			`msg = e.message.try { \|m\| m.sub(/\s\[.?\]\s*$/, '') } \|\| 'Not found'`
chore: rubocop chore: fix api test conventions chore: rubocop -A spec/ chore: more rubocop -A fix failing test rubocop fixes removes helper methods that are in my opinion dead code more rubocop fixes rubocop -a --auto-gen-config 2023-05-12 13:01:12 +02:00			`render status: :not_found, json: { error: 'not_found', error_description: msg }`
Prepare for API v1 (PR #570) 2018-10-13 20:16:35 +02:00			`end`

			`def not_acceptable_handler(e)`
Add OAuth scopes https://github.com/foodcoops/foodsoft/issues/582#issuecomment-442513237 2019-02-05 20:53:02 +01:00			`msg = e.message \|\| 'Data not acceptable'`
chore: rubocop chore: fix api test conventions chore: rubocop -A spec/ chore: more rubocop -A fix failing test rubocop fixes removes helper methods that are in my opinion dead code more rubocop fixes rubocop -a --auto-gen-config 2023-05-12 13:01:12 +02:00			`render status: :unprocessable_entity, json: { error: 'not_acceptable', error_description: msg }`
Prepare for API v1 (PR #570) 2018-10-13 20:16:35 +02:00			`end`

			`def doorkeeper_unauthorized_render_options(error:)`
Run rubocop --fix-layout and remove encoding comments 2021-03-01 15:27:26 +01:00			`{ json: { error: error.name, error_description: error.description } }`
Prepare for API v1 (PR #570) 2018-10-13 20:16:35 +02:00			`end`

Add OAuth scopes https://github.com/foodcoops/foodsoft/issues/582#issuecomment-442513237 2019-02-05 20:53:02 +01:00			`def doorkeeper_forbidden_render_options(error:)`
Run rubocop --fix-layout and remove encoding comments 2021-03-01 15:27:26 +01:00			`{ json: { error: error.name, error_description: error.description } }`
Add OAuth scopes https://github.com/foodcoops/foodsoft/issues/582#issuecomment-442513237 2019-02-05 20:53:02 +01:00			`end`

Prepare for API v1 (PR #570) 2018-10-13 20:16:35 +02:00			`def permission_required_handler(e)`
			`msg = e.message \|\| 'Forbidden, user has no access'`
chore: rubocop chore: fix api test conventions chore: rubocop -A spec/ chore: more rubocop -A fix failing test rubocop fixes removes helper methods that are in my opinion dead code more rubocop fixes rubocop -a --auto-gen-config 2023-05-12 13:01:12 +02:00			`render status: :forbidden, json: { error: 'forbidden', error_description: msg }`
Prepare for API v1 (PR #570) 2018-10-13 20:16:35 +02:00			`end`

			`# @todo something with ApplicationHelper#show_user`
chore: rubocop chore: fix api test conventions chore: rubocop -A spec/ chore: more rubocop -A fix failing test rubocop fixes removes helper methods that are in my opinion dead code more rubocop fixes rubocop -a --auto-gen-config 2023-05-12 13:01:12 +02:00			`def show_user(user = current_user, **_options)`
Prepare for API v1 (PR #570) 2018-10-13 20:16:35 +02:00			`user.display`
			`end`
			`end`