Revision 86fb12c1
Added by Ohad Levy almost 12 years ago
- ID 86fb12c1e1009385163d2d255ae6e519f18ea452
| app/controllers/api/base_controller.rb | ||
|---|---|---|
|
#TODO: inherit from application controller after cleanup
|
||
|
class BaseController < ActionController::Base
|
||
|
|
||
|
before_filter :set_default_response_format
|
||
|
before_filter :authorize
|
||
|
|
||
|
before_filter :set_default_response_format, :authorize
|
||
|
|
||
|
respond_to :json
|
||
|
|
||
|
def process_error options = {}
|
||
|
|
||
|
def process_error options = { }
|
||
|
|
||
|
options[:json_code] ||= :unprocessable_entity
|
||
|
|
||
|
|
||
|
errors = if options[:error]
|
||
|
options[:error]
|
||
|
else
|
||
|
options[:object] ||= get_resource || raise("No error to process")
|
||
|
if options[:object].respond_to?(:errors)
|
||
|
logger.info "Failed to save: #{options[:object].errors.full_messages.join(", ")}"
|
||
|
options[:object].errors.full_messages
|
||
|
else
|
||
|
raise("No error to process")
|
||
|
end
|
||
|
end
|
||
|
options[:error]
|
||
|
else
|
||
|
options[:object] ||= get_resource || raise("No error to process")
|
||
|
if options[:object].respond_to?(:errors)
|
||
|
#TODO JSON resposne should include the real errors, not the pretty full messages
|
||
|
logger.info "Failed to save: #{options[:object].errors.full_messages.join(", ")}"
|
||
|
options[:object].errors.full_messages
|
||
|
else
|
||
|
raise("No error to process")
|
||
|
end
|
||
|
end
|
||
|
|
||
|
# set 403 status on permission errors
|
||
|
if errors.any? { |error| error =~ /You do not have permission/ }
|
||
|
options[:json_code] = :forbidden
|
||
|
end
|
||
|
|
||
|
render :json => {"errors" => errors} , :status => options[:json_code]
|
||
|
render :json => { "errors" => errors }, :status => options[:json_code]
|
||
|
end
|
||
|
|
||
|
def get_resource
|
||
|
def get_resource
|
||
|
instance_variable_get(:"@#{controller_name.singularize}")
|
||
|
end
|
||
|
|
||
|
|
||
|
def process_response condition, response = nil
|
||
|
if condition
|
||
|
response ||= get_resource
|
||
| ... | ... | |
|
end
|
||
|
end
|
||
|
|
||
|
|
||
|
|
||
|
# Authorize the user for the requested action
|
||
|
def authorize(ctrl = params[:controller], action = params[:action])
|
||
|
|
||
|
if SETTINGS[:login]
|
||
|
unless User.current
|
||
|
user_to_login = nil
|
||
|
if result = authenticate_with_http_basic { |u, p| user_to_login = u; User.try_to_login(u, p) }
|
||
|
if result = authenticate_with_http_basic { |u, p| user_to_login = u; User.try_to_login(u, p) }
|
||
|
User.current = result
|
||
|
else
|
||
|
process_error({:error => "Unable to authenticate user %s" % user_to_login, :json_code => :unauthorized})
|
||
|
process_error({ :error => "Unable to authenticate user %s" % user_to_login, :json_code => :unauthorized })
|
||
|
return false
|
||
|
end
|
||
|
end
|
||
| ... | ... | |
|
end
|
||
|
|
||
|
def deny_access
|
||
|
process_error({:error => "Access denied", :json_code => :unauthorized})
|
||
|
return false
|
||
|
process_error({ :error => "Access denied", :json_code => :unauthorized })
|
||
|
false
|
||
|
end
|
||
|
|
||
|
|
||
|
protected
|
||
|
# searches for an object based on its name and assign it to an instance variable
|
||
|
# required for models which implement the to_param method
|
||
Also available in: Unified diff
cleanup after merge conflict with latest develop branch