class ApplicationController < ActionController::Base
protect_from_forgery
- before_filter :find_object_by_uuid, :except => [:index, :render_exception, :render_not_found]
around_filter :thread_with_api_token, :except => [:render_exception, :render_not_found]
+ before_filter :find_object_by_uuid, :except => [:index, :render_exception, :render_not_found]
unless Rails.application.config.consider_all_requests_local
rescue_from Exception,
def show
if !@object
- render_not_found("object not found")
+ return render_not_found("object not found")
end
respond_to do |f|
f.json { render json: @object }
+ f.html { render }
+ end
+ end
+
+ def current_user
+ if Thread.current[:orvos_api_token]
+ @current_user ||= User.current
+ else
+ logger.error "No API token in Thread"
+ return nil
end
end
if params[:id] and params[:id].match /\D/
params[:uuid] = params.delete :id
end
- @object = model_class.where('uuid=?', params[:uuid]).first
+ @object = model_class.where(uuid: params[:uuid]).first
end
def thread_with_api_token
false
end
end
+
+ def ensure_current_user_is_admin
+ unless current_user and current_user.is_admin
+ @errors = ['Permission denied']
+ self.render_error status: 401
+ end
+ end
end