lpr-partynest/app/controllers/application_controller.rb

# frozen_string_literal: true

class ApplicationController < ActionController::Base
  include Pundit

  protect_from_forgery with: :exception, prepend: true, unless: :json_request?

  before_action :set_raven_context

  after_action :verify_authorized, except: :index
  after_action :verify_policy_scoped, only: :index

  rescue_from ActiveRecord::RecordNotFound, with: :render_not_found
  rescue_from Pundit::NotAuthorizedError,   with: :render_forbidden

  helper_method :current_account

private

  def current_account
    @current_account ||= current_user&.account
  end

  alias pundit_user current_account

  def set_raven_context
    Raven.user_context(
      account_id: current_account&.id,
      user_id: current_user&.id,
    )

    Raven.extra_context params: params.to_unsafe_h, url: request.url
  end

  def json_request?
    request.format.json?
  end

  def render_not_found
    respond_to do |format|
      format.html { render status: :not_found, template: 'errors/not_found' }
      format.json { render status: :not_found, json: {} }
    end
  end

  def render_forbidden
    respond_to do |format|
      format.html { render status: :forbidden, template: 'errors/forbidden' }
      format.json { render status: :forbidden, json: {} }
    end
  end

  def render_method_not_allowed
    respond_to do |format|
      format.html do
        render status: :method_not_allowed,
               template: 'errors/method_not_allowed'
      end
      format.json { render status: :method_not_allowed, json: {} }
    end
  end
end
Add frozen string literal comments 2018-11-22 14:58:12 -05:00			`# frozen_string_literal: true`

Initialize Rails application 2018-11-22 14:33:08 -05:00			`class ApplicationController < ActionController::Base`
Install Pundit 2018-11-29 19:02:04 -05:00			`include Pundit`
Improve code 2018-11-29 08:51:03 -05:00
Prepend forgery protection 2018-11-30 20:39:26 -05:00			`protect_from_forgery with: :exception, prepend: true, unless: :json_request?`
Do not verify authenticity token for JSON requests 2018-11-29 08:14:08 -05:00
Reorder code 2018-12-11 20:54:38 -05:00			`before_action :set_raven_context`

Require policies 2018-11-29 19:17:26 -05:00			`after_action :verify_authorized, except: :index`
			`after_action :verify_policy_scoped, only: :index`

Rename methods 2018-12-11 20:29:46 -05:00			`rescue_from ActiveRecord::RecordNotFound, with: :render_not_found`
Respond with 403 Forbidden instead of 401 Unauthorized 2019-02-01 21:00:49 -05:00			`rescue_from Pundit::NotAuthorizedError, with: :render_forbidden`
Improve code 2018-11-29 08:51:03 -05:00
Move from users to accounts 2018-12-01 21:28:34 -05:00			`helper_method :current_account`

Do not verify authenticity token for JSON requests 2018-11-29 08:14:08 -05:00			`private`

Move from users to accounts 2018-12-01 21:28:34 -05:00			`def current_account`
Improve guest account security 2018-12-05 18:20:50 -05:00			`@current_account \|\|= current_user&.account`
Move from users to accounts 2018-12-01 21:28:34 -05:00			`end`

Improve policies 2018-12-12 22:09:49 -05:00			`alias pundit_user current_account`
Move from users to accounts 2018-12-01 21:28:34 -05:00
Configure Sentry error logger 2018-11-29 09:57:40 -05:00			`def set_raven_context`
Sign in accounts instead of users 2018-12-11 20:43:15 -05:00			`Raven.user_context(`
			`account_id: current_account&.id,`
Fix code style 2019-04-28 09:34:46 -04:00			`user_id: current_user&.id,`
Sign in accounts instead of users 2018-12-11 20:43:15 -05:00			`)`

Configure Sentry error logger 2018-11-29 09:57:40 -05:00			`Raven.extra_context params: params.to_unsafe_h, url: request.url`
			`end`

Do not verify authenticity token for JSON requests 2018-11-29 08:14:08 -05:00			`def json_request?`
			`request.format.json?`
			`end`
Improve code 2018-11-29 08:51:03 -05:00
Rename methods 2018-12-11 20:29:46 -05:00			`def render_not_found`
Add 404 error template 2018-12-11 20:27:47 -05:00			`respond_to do \|format\|`
			`format.html { render status: :not_found, template: 'errors/not_found' }`
			`format.json { render status: :not_found, json: {} }`
			`end`
Improve code 2018-11-29 08:51:03 -05:00			`end`

Respond with 403 Forbidden instead of 401 Unauthorized 2019-02-01 21:00:49 -05:00			`def render_forbidden`
Add template for 403 Forbidden 2019-03-27 00:49:08 -04:00			`respond_to do \|format\|`
			`format.html { render status: :forbidden, template: 'errors/forbidden' }`
			`format.json { render status: :forbidden, json: {} }`
			`end`
Improve code 2018-11-29 08:51:03 -05:00			`end`
Remember guest accounts 2018-12-04 20:49:26 -05:00
Rename methods 2018-12-11 20:29:46 -05:00			`def render_method_not_allowed`
Add template for 405 Method Not Allowed 2019-03-27 00:52:12 -04:00			`respond_to do \|format\|`
			`format.html do`
Fix code style 2019-04-28 09:34:46 -04:00			`render status: :method_not_allowed,`
Add template for 405 Method Not Allowed 2019-03-27 00:52:12 -04:00			`template: 'errors/method_not_allowed'`
			`end`
			`format.json { render status: :method_not_allowed, json: {} }`
			`end`
Disable action Users::RegistrationsController#destroy 2018-12-07 20:07:28 -05:00			`end`
Initialize Rails application 2018-11-22 14:33:08 -05:00			`end`