Prepare for API v1 (PR #570)

2018-10-13 20:16:35 +02:00 · 2018-10-13 20:16:35 +02:00 · fd96b6ccc1
commit fd96b6ccc1
parent d9ae0d11b0
21 changed files with 536 additions and 217 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,142 +1,24 @@
 # encoding: utf-8
 class ApplicationController < ActionController::Base
-  include Foodsoft::ControllerExtensions::Locale
+  include Concerns::FoodcoopScope
+  include Concerns::Auth
+  include Concerns::Locale
+  helper_method :current_user
  helper_method :available_locales

  protect_from_forgery
-  before_filter  :select_foodcoop, :authenticate, :set_user_last_activity, :store_controller, :items_per_page
+  before_filter  :authenticate, :set_user_last_activity, :store_controller, :items_per_page
  after_filter  :remove_controller
  around_filter :set_time_zone, :set_currency

-  
+
  # Returns the controller handling the current request.
  def self.current
    Thread.current[:application_controller]
  end
-  
-  protected
-
-  def current_user
-    # check if there is a valid session and return the logged-in user (its object)
-    if session[:user_id] && params[:foodcoop]
-      # for shared-host installations. check if the cookie-subdomain fits to request.
-      @current_user ||= User.undeleted.find_by_id(session[:user_id]) if session[:scope] == FoodsoftConfig.scope
-    end
-  end
-  helper_method :current_user
-
-  def deny_access
-    session[:return_to] = request.original_url
-    redirect_to root_url, alert: I18n.t('application.controller.error_denied', sign_in: ActionController::Base.helpers.link_to(t('application.controller.error_denied_sign_in'), login_path))
-  end

  private

-  def login(user)
-    session[:user_id] = user.id
-    session[:scope] = FoodsoftConfig.scope  # Save scope in session to not allow switching between foodcoops with one account
-    session[:locale] = user.locale
-  end
-
-  def login_and_redirect_to_return_to(user, *args)
-    login user
-    if session[:return_to].present?
-      redirect_to_url = session[:return_to]
-      session[:return_to] = nil
-    else
-      redirect_to_url = root_url
-    end
-    redirect_to redirect_to_url, *args
-  end
-
-  def logout
-    session[:user_id] = nil
-    session[:return_to] = nil
-  end
-
-  def authenticate(role = 'any')
-    # Attempt to retrieve authenticated user from controller instance or session...
-    if !current_user
-      # No user at all: redirect to login page.
-      logout
-      session[:return_to] = request.original_url
-      redirect_to_login :alert => I18n.t('application.controller.error_authn')
-    else
-      # We have an authenticated user, now check role...
-      # Roles gets the user through his memberships.
-      hasRole = case role
-      when "admin"  then current_user.role_admin?
-      when "finance"   then  current_user.role_finance?
-      when "article_meta" then current_user.role_article_meta?
-      when "pickups" then current_user.role_pickups?
-      when "suppliers"  then current_user.role_suppliers?
-      when "orders" then current_user.role_orders?
-      when "finance_or_orders" then (current_user.role_finance? || current_user.role_orders?)
-      when "pickups_or_orders" then (current_user.role_pickups? || current_user.role_orders?)
-      when "any" then true        # no role required
-      else false                  # any unknown role will always fail
-      end
-      if hasRole
-        current_user
-      else
-        deny_access
-      end
-    end
-  end
-
-  def authenticate_admin
-    authenticate('admin')
-  end
-
-  def authenticate_finance
-    authenticate('finance')
-  end
-
-  def authenticate_article_meta
-    authenticate('article_meta')
-  end
-
-  def authenticate_pickups
-    authenticate('pickups')
-  end
-
-  def authenticate_suppliers
-    authenticate('suppliers')
-  end
-
-  def authenticate_orders
-    authenticate('orders')
-  end
-
-  def authenticate_finance_or_orders
-    authenticate('finance_or_orders')
-  end
-
-  def authenticate_pickups_or_orders
-    authenticate('pickups_or_orders')
-  end
-
-  # checks if the current_user is member of given group.
-  # if fails the user will redirected to startpage
-  def authenticate_membership_or_admin(group_id = params[:id])
-    @group = Group.find(group_id)
-    unless @group.member?(@current_user) || @current_user.role_admin?
-      redirect_to root_path, alert: I18n.t('application.controller.error_members_only')
-    end
-  end
-
-  def authenticate_or_token(prefix, role = 'any')
-    if not params[:token].blank?
-      begin
-        TokenVerifier.new(prefix).verify(params[:token])
-      rescue ActiveSupport::MessageVerifier::InvalidSignature
-        redirect_to root_path, alert: I18n.t('application.controller.error_token')
-      end
-    else
-      authenticate(role)
-    end
-  end
-
  def set_user_last_activity
    if current_user && (session[:last_activity] == nil || session[:last_activity] < 1.minutes.ago)
      current_user.update_attribute(:last_activity, Time.now)
@ -167,16 +49,11 @@ class ApplicationController < ActionController::Base
    redirect_to root_path, alert: I18n.t('application.controller.error_feature_disabled')
  end

-  # Redirect to the login page, used in authenticate, plugins can override this.
-  def redirect_to_login(options={})
-    redirect_to login_url, options
-  end
-
  # Stores this controller instance as a thread local varibale to be accessible from outside ActionController/ActionView.
  def store_controller
    Thread.current[:application_controller] = self
  end
-    
+
  # Sets the thread local variable that holds a reference to the current controller to nil.
  def remove_controller
    Thread.current[:application_controller] = nil
@ -187,23 +64,6 @@ class ApplicationController < ActionController::Base
    @supplier = Supplier.find(params[:supplier_id]) if params[:supplier_id]
  end

-  # Set config and database connection for each request
-  # It uses the subdomain to select the appropriate section in the config files
-  # Use this method as a before filter (first filter!) in ApplicationController
-  def select_foodcoop
-    return unless FoodsoftConfig[:multi_coop_install]
-
-    foodcoop = params[:foodcoop]
-    if foodcoop.blank?
-      FoodsoftConfig.select_default_foodcoop
-      redirect_to root_url
-    elsif FoodsoftConfig.allowed_foodcoop? foodcoop
-      FoodsoftConfig.select_foodcoop foodcoop
-    else
-      raise ActionController::RoutingError.new 'Foodcoop Not Found'
-    end
-  end
-
  def items_per_page
    if params[:per_page] && params[:per_page].to_i > 0 && params[:per_page].to_i <= 500
      @per_page = params[:per_page].to_i
@ -212,11 +72,6 @@ class ApplicationController < ActionController::Base
    end
  end

-  # Always stay in foodcoop url scope
-  def default_url_options(options = {})
-    {foodcoop: FoodsoftConfig.scope}
-  end
-
  # Set timezone according to foodcoop preference.
  # @see http://stackoverflow.com/questions/4362663/timezone-with-rails-3
  # @see http://archives.ryandaigle.com/articles/2008/1/25/what-s-new-in-edge-rails-easier-timezones