80 lines
2.6 KiB
Ruby
80 lines
2.6 KiB
Ruby
class Api::V1::BaseController < ApplicationController
|
|
include Concerns::AuthApi
|
|
|
|
protect_from_forgery with: :null_session
|
|
|
|
before_action :skip_session
|
|
before_action :authenticate
|
|
|
|
rescue_from ActiveRecord::RecordNotFound, with: :not_found_handler
|
|
rescue_from ActiveRecord::RecordNotSaved, with: :not_acceptable_handler
|
|
rescue_from ActiveRecord::RecordInvalid, with: :not_acceptable_handler
|
|
rescue_from Api::Errors::PermissionRequired, with: :permission_required_handler
|
|
|
|
private
|
|
|
|
# @return [Ordergroup] Current user's ordergroup, or +nil+ if no valid token or user has no ordergroup.
|
|
def current_ordergroup
|
|
current_user.try(:ordergroup)
|
|
end
|
|
|
|
def require_ordergroup
|
|
authenticate
|
|
unless current_ordergroup.present?
|
|
raise Api::Errors::PermissionRequired.new('Forbidden, must be in an ordergroup')
|
|
end
|
|
end
|
|
|
|
def require_minimum_balance
|
|
minimum_balance = FoodsoftConfig[:minimum_balance] or return
|
|
if current_ordergroup.account_balance < minimum_balance
|
|
raise Api::Errors::PermissionRequired.new(t('application.controller.error_minimum_balance', min: minimum_balance))
|
|
end
|
|
end
|
|
|
|
def require_enough_apples
|
|
if current_ordergroup.not_enough_apples?
|
|
s = t('group_orders.messages.not_enough_apples', apples: current_ordergroup.apples, stop_ordering_under: FoodsoftConfig[:stop_ordering_under])
|
|
raise Api::Errors::PermissionRequired.new(s)
|
|
end
|
|
end
|
|
|
|
def require_config_enabled(config)
|
|
unless FoodsoftConfig[config]
|
|
raise Api::Errors::PermissionRequired.new(t('application.controller.error_not_enabled', config: config))
|
|
end
|
|
end
|
|
|
|
def skip_session
|
|
request.session_options[:skip] = true
|
|
end
|
|
|
|
def not_found_handler(e)
|
|
# remove where-clauses from error message (not suitable for end-users)
|
|
msg = e.message.try {|m| m.sub(/\s*\[.*?\]\s*$/, '')} || 'Not found'
|
|
render status: 404, json: {error: 'not_found', error_description: msg}
|
|
end
|
|
|
|
def not_acceptable_handler(e)
|
|
msg = e.message || 'Data not acceptable'
|
|
render status: 422, json: {error: 'not_acceptable', error_description: msg}
|
|
end
|
|
|
|
def doorkeeper_unauthorized_render_options(error:)
|
|
{json: {error: error.name, error_description: error.description}}
|
|
end
|
|
|
|
def doorkeeper_forbidden_render_options(error:)
|
|
{json: {error: error.name, error_description: error.description}}
|
|
end
|
|
|
|
def permission_required_handler(e)
|
|
msg = e.message || 'Forbidden, user has no access'
|
|
render status: 403, json: {error: 'forbidden', error_description: msg}
|
|
end
|
|
|
|
# @todo something with ApplicationHelper#show_user
|
|
def show_user(user = current_user, **options)
|
|
user.display
|
|
end
|
|
end
|