Prepare for API v1 (PR #570)

2018-10-13 20:16:35 +02:00 · 2018-10-13 20:16:35 +02:00 · fd96b6ccc1
commit fd96b6ccc1
parent d9ae0d11b0
21 changed files with 536 additions and 217 deletions
--- a/app/controllers/api/v1/base_controller.rb
+++ b/app/controllers/api/v1/base_controller.rb
@ -0,0 +1,60 @@
+class Api::V1::BaseController < ApplicationController
+  protect_from_forgery with: :null_session
+
+  before_action :skip_session
+  rescue_from ActiveRecord::RecordNotFound, with: :not_found_handler
+  rescue_from ActiveRecord::RecordNotSaved, with: :not_acceptable_handler
+  rescue_from ActiveRecord::RecordInvalid, with: :not_acceptable_handler
+  rescue_from Api::Errors::PermissionRequired, with: :permission_required_handler
+
+  private
+
+  def authenticate
+    doorkeeper_authorize!
+    super if current_user
+  end
+
+  # @return [User] Current user, or +nil+ if no valid token.
+  def current_user
+    @current_user ||= User.undeleted.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
+  end
+
+  # @return [Ordergroup] Current user's ordergroup, or +nil+ if no valid token or user has no ordergroup.
+  def current_ordergroup
+    current_user.try(:ordergroup)
+  end
+
+  def require_ordergroup
+    authenticate
+    raise Api::Errors::PermissionRequired unless current_user.ordergroup.present?
+  end
+
+  def skip_session
+    request.session_options[:skip] = true
+  end
+
+  def not_found_handler(e)
+    # remove where-clauses from error message (not suitable for end-users)
+    msg = e.message.try {|m| m.sub(/\s*\[.*?\]\s*$/, '')} || 'Not found'
+    render status: 404, json: {error: 'not_found', error_description: msg}
+  end
+
+  def not_acceptable_handler(e)
+    render status: 422, json: {error: 'not_acceptable', error_description: e.message || 'Data not acceptable' }
+  end
+
+  def doorkeeper_unauthorized_render_options(error:)
+    {json: {error: error.name, error_description: error.description}}
+  end
+
+  def permission_required_handler(e)
+    msg = e.message || 'Forbidden, user has no access'
+    render status: 403, json: {error: 'forbidden', error_description: msg}
+  end
+
+  # @todo something with ApplicationHelper#show_user
+  def show_user(user = current_user, **options)
+    user.display
+  end
+
+end