blob: f3ce3eefc0f7f2aac12b06c12583410e4301cba9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
class ApplicationController < ActionController::Base
include Aclog::TwitterOauthEchoAuthentication::ControllerMethods
protect_from_forgery
after_action :set_content_type_to_xhtml, :tidy_response_body
helper_method :current_user, :logged_in?
helper_method :authorized_to_show_user?, :authorized_to_show_user_best?
protected
def current_user
if session[:user_id]
User.find(session[:user_id])
elsif request.headers["X-Verify-Credentials-Authorization"]
user_id = authenticate_with_twitter_oauth_echo
User.find(user_id)
end
rescue
nil
end
def logged_in?
!!current_user
end
def authorized_to_show_user?(user)
!user.protected? || current_user == user || current_user.try(:following?, user)
end
def authorized_to_show_user_best?(user)
!user.private? || current_user == user
end
def authorize_to_show_user!(user)
authorized_to_show_user?(user) || raise(Aclog::Exceptions::UserProtected, user)
end
def authorize_to_show_user_best!(user)
authorized_to_show_user_best?(user) || raise(Aclog::Exceptions::AccountPrivate, user)
end
private
def set_content_type_to_xhtml
if request.format == :html
response.content_type = "application/xhtml+xml"
end
end
def tidy_response_body
response.body = ActiveSupport::Multibyte::Unicode.tidy_bytes(response.body)
end
end
|