foodsoft/app/controllers/api/v1/base_controller.rb

class Api::V1::BaseController < ApplicationController
  protect_from_forgery with: :null_session

  before_action :skip_session
  before_action :authenticate

  rescue_from ActiveRecord::RecordNotFound, with: :not_found_handler
  rescue_from ActiveRecord::RecordNotSaved, with: :not_acceptable_handler
  rescue_from ActiveRecord::RecordInvalid, with: :not_acceptable_handler
  rescue_from Api::Errors::PermissionRequired, with: :permission_required_handler

  private

  def authenticate
    doorkeeper_authorize!
    super if current_user
  end

  # @return [User] Current user, or +nil+ if no valid token.
  def current_user
    @current_user ||= User.undeleted.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
  end

  # @return [Ordergroup] Current user's ordergroup, or +nil+ if no valid token or user has no ordergroup.
  def current_ordergroup
    current_user.try(:ordergroup)
  end

  def require_ordergroup
    authenticate
    raise Api::Errors::PermissionRequired unless current_user.ordergroup.present?
  end

  def skip_session
    request.session_options[:skip] = true
  end

  def not_found_handler(e)
    # remove where-clauses from error message (not suitable for end-users)
    msg = e.message.try {|m| m.sub(/\s*\[.*?\]\s*$/, '')} || 'Not found'
    render status: 404, json: {error: 'not_found', error_description: msg}
  end

  def not_acceptable_handler(e)
    render status: 422, json: {error: 'not_acceptable', error_description: e.message || 'Data not acceptable' }
  end

  def doorkeeper_unauthorized_render_options(error:)
    {json: {error: error.name, error_description: error.description}}
  end

  def permission_required_handler(e)
    msg = e.message || 'Forbidden, user has no access'
    render status: 403, json: {error: 'forbidden', error_description: msg}
  end

  # @todo something with ApplicationHelper#show_user
  def show_user(user = current_user, **options)
    user.display
  end

end
Prepare for API v1 (PR #570) 2018-10-13 20:16:35 +02:00			`class Api::V1::BaseController < ApplicationController`
			`protect_from_forgery with: :null_session`

			`before_action :skip_session`
API v1 user endpoint 2018-10-13 15:15:43 +02:00			`before_action :authenticate`

Prepare for API v1 (PR #570) 2018-10-13 20:16:35 +02:00			`rescue_from ActiveRecord::RecordNotFound, with: :not_found_handler`
			`rescue_from ActiveRecord::RecordNotSaved, with: :not_acceptable_handler`
			`rescue_from ActiveRecord::RecordInvalid, with: :not_acceptable_handler`
			`rescue_from Api::Errors::PermissionRequired, with: :permission_required_handler`

			`private`

			`def authenticate`
			`doorkeeper_authorize!`
			`super if current_user`
			`end`

			`# @return [User] Current user, or +nil+ if no valid token.`
			`def current_user`
			`@current_user \|\|= User.undeleted.find(doorkeeper_token.resource_owner_id) if doorkeeper_token`
			`end`

			`# @return [Ordergroup] Current user's ordergroup, or +nil+ if no valid token or user has no ordergroup.`
			`def current_ordergroup`
			`current_user.try(:ordergroup)`
			`end`

			`def require_ordergroup`
			`authenticate`
			`raise Api::Errors::PermissionRequired unless current_user.ordergroup.present?`
			`end`

			`def skip_session`
			`request.session_options[:skip] = true`
			`end`

			`def not_found_handler(e)`
			`# remove where-clauses from error message (not suitable for end-users)`
			`msg = e.message.try {\|m\| m.sub(/\s\[.?\]\s*$/, '')} \|\| 'Not found'`
			`render status: 404, json: {error: 'not_found', error_description: msg}`
			`end`

			`def not_acceptable_handler(e)`
			`render status: 422, json: {error: 'not_acceptable', error_description: e.message \|\| 'Data not acceptable' }`
			`end`

			`def doorkeeper_unauthorized_render_options(error:)`
			`{json: {error: error.name, error_description: error.description}}`
			`end`

			`def permission_required_handler(e)`
			`msg = e.message \|\| 'Forbidden, user has no access'`
			`render status: 403, json: {error: 'forbidden', error_description: msg}`
			`end`

			`# @todo something with ApplicationHelper#show_user`
			`def show_user(user = current_user, **options)`
			`user.display`
			`end`

			`end`