houdini/app/controllers/application_controller.rb

175 lines
5.6 KiB
Ruby
Raw Normal View History

# License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
class ApplicationController < ActionController::Base
before_action :set_locale, :redirect_to_maintenance
protect_from_forgery
helper_method \
:current_role?,
:current_nonprofit_user?,
:administered_nonprofit,
:nonprofit_in_trial?,
:current_plan_tier #int
def set_locale
if params[:locale] && Settings.available_locales.include?(params[:locale])
I18n.locale = params[:locale]
else
I18n.locale = Settings.language
end
end
2018-07-19 17:14:03 +00:00
def redirect_to_maintenance
if (Settings&.maintenance&.maintenance_mode && !current_user)
unless (self.class == Users::SessionsController &&
((Settings.maintenance.maintenance_token && params[:maintenance_token] == Settings.maintenance.maintenance_token) || params[:format] == 'json'))
2018-07-19 17:14:03 +00:00
redirect_to Settings.maintenance.maintenance_page
end
end
end
protected
def json_saved(model, msg=nil)
if model.valid?
flash[:notice] = msg if msg
render json: model, status: 200
else
render json: model.errors.full_messages, status: :unprocessable_entity
end
end
# A response helper for use with the param_validation gem
# use like: render_json{ UpdateUsers.update(params[:user]) }
# will catch and pretty print exceptions using the rails loggers
def render_json(&block)
begin
result = {status: 200, json: yield(block)}
rescue ParamValidation::ValidationError => e
logger.info "422: #{e}".red.bold
#logger.info ">>".bold.red + " #{{'Failed key name' => e.data[:key], 'Value' => e.data[:val], 'Failed validator' => e.data[:name]}}".red
result = {status: 422, json: {error: e.message}}
rescue CCOrgError => e
logger.info "422: #{e}".red.bold
result = {status: 422, json: {error: e.message}}
rescue ActiveRecord::RecordNotFound => e
logger.info "404: #{e}".red.bold
result = {status: 404, json: {error: e.message}}
rescue AuthenticationError => e
logger.info "401: #{e}".red.bold
result = {status: 401, json: {error: e.message}}
rescue ExpiredTokenError => e
logger.info "422: #{e}".red.bold
result = {status: 422, json: {error: e.message}}
rescue Exception => e # a non-validation related exception
logger.error "500: #{e}".red.bold
logger.error e.backtrace.take(5).map{|l| ">>".red.bold + " #{l}"}.join("\n").red
result = {status: 500, json: {error: e.message, backtrace: e.backtrace}}
end
render result
end
# Test that within the last 5 minutes, the user has confirmed their password
def password_was_confirmed(token)
session[:pw_token] == token && Chronic.parse(session[:pw_timestamp]) >= 5.minutes.ago.utc
end
def store_location
referrer = request.fullpath
no_redirects = ['/users', '/signup', '/signin', '/users/sign_in', '/users/sign_up', '/users/password', '/users/sign_out', /.*\.json.*/, /.*auth\/facebook.*/]
unless request.format.symbol == :json || no_redirects.map{|p| referrer.match(p)}.any?
session[:previous_url] = referrer
end
end
def block_with_sign_in(msg=nil)
store_location
if current_user
flash[:notice] = "It looks like you're not allowed to access that page. If this seems like a mistake, please contact #{Settings.mailer.email}"
redirect_to root_path
else
msg ||= 'We need to sign you in before you can do that.'
redirect_to new_user_session_path, :flash => {:error => msg}
end
end
def authenticate_user!(options={})
block_with_sign_in unless current_user
end
def authenticate_confirmed_user!
if !current_user
block_with_sign_in
elsif !current_user.confirmed? && !current_role?([:super_associate, :super_admin])
redirect_to new_user_confirmation_path, flash: {error: 'You need to confirm your account to do that.'}
end
end
def authenticate_super_associate!
unless current_role?(:super_admin) || current_role?(:super_associate)
block_with_sign_in 'Please login.'
end
end
def authenticate_super_admin!
unless current_role?(:super_admin)
block_with_sign_in 'Please login.'
end
end
def current_role?(role_names, host_id = nil)
return false unless current_user
role_names = Array(role_names)
key = "current_role_user_#{current_user_id}_names_#{role_names.join("_")}_host_#{host_id}"
QueryRoles.user_has_role?(current_user.id, role_names, host_id)
end
def nonprofit_in_trial?(npo_id=nil)
return false if !npo_id && !administered_nonprofit
npo_id ||= administered_nonprofit.id
key = "in_trial_user_#{current_user_id}_nonprofit_#{npo_id}"
QueryBillingSubscriptions.currently_in_trial?(npo_id)
end
def current_plan_tier(npo_id=nil)
return 0 if !npo_id && !administered_nonprofit
npo_id ||= administered_nonprofit.id
return 2 if current_role?(:super_admin)
key = "plan_tier_user_#{current_user_id}_nonprofit_#{npo_id}"
administered_nonprofit ? QueryBillingSubscriptions.plan_tier(npo_id) : 0
end
def administered_nonprofit
return nil unless current_user
key = "administered_nonprofit_user_#{current_user_id}_nonprofit"
Nonprofit.where(id: QueryRoles.host_ids(current_user_id, [:nonprofit_admin, :nonprofit_associate])).last
end
# devise config
def after_sign_in_path_for(resource)
request.env['omniauth.origin'] || session[:previous_url] || root_path
end
def after_sign_up_path_for(resource)
request.env['omniauth.origin'] || session[:previous_url] || root_path
end
def after_update_path_for(resource)
profile_path(current_user.profile)
end
def after_inactive_sign_up_path_for(resource)
profile_path(current_user.profile)
end
# /devise config
private
def current_user_id
current_user && current_user.id
end
end