app/controllers/application_controller.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

class ApplicationController < ActionController::Base
  #include SecurityHeaders
  include ControllerErrorHandling

  protect_from_forgery with: :exception

  helper_method :logged_in?, :current_user
  helper_method :authorized_to_show_user?

  def routing_error
    raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"
  end

  protected
  def logged_in?
    !!session[:user_id]
  end

  def current_user
    @_current_user ||= begin
      if logged_in?
        User.find(session[:user_id])
      end
    end
  end

  def authorized_to_show_user?(user)
    !user.protected? ||
      (logged_in? && current_user.permitted_to_see?(user))
  end

  def authorize!(object)
    if object.is_a? User
      authorized_to_show_user?(object) || raise(Aclog::Exceptions::UserProtected, object)
    elsif object.is_a? Tweet
      authorize! object.user
    else
      raise ArgumentError, "parameter `object` must be a User or a Tweet"
    end
    object
  end
end