blob: 402efee09e4f4a88e78857d5256665c1e91dc45d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
class ApplicationController < ActionController::Base
include ControllerErrorHandling
include Utils
protect_from_forgery with: :exception
helper_method :logged_in?, :current_user
helper_method :authorized?
before_action :force_json
def action_missing(*args, &blk)
raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"
end
protected
def logged_in?
!!session[:user_id]
end
def current_user
@_current_user ||=
if logged_in?
User.find(session[:user_id])
end
end
def authorized?(object)
case object
when User
!object.protected? ||
logged_in? &&
(object.id == current_user.id ||
current_user.account.following?(object))
when Tweet
authorized?(object.user)
else
raise ArgumentError, "object must be User or Tweet"
end
end
def authorize!(object)
authorized?(object) ||
raise(Aclog::Exceptions::UserProtected, object)
object.is_a?(User) && object.opted_out? &&
raise(Aclog::Exceptions::UserOptedOut, object)
object
end
def force_json
request.format = :json unless request.format.atom?
end
alias __render__ render
if Rails.env.development?
def render(*args)
if request.format.atom?
super(*args)
else
raise ArgumentError, "don't use render, use render_json"
end
end
end
def render_json(data:, **kwargs)
__render__({ json: { authenticity_token: form_authenticity_token, current_user: current_user, data: data } }.merge(kwargs))
end
end
|
