houdini/app/controllers/application_controller.rb

# frozen_string_literal: true

# License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
class ApplicationController < ActionController::Base
  before_action :set_locale, :redirect_to_maintenance

  protect_from_forgery

  helper_method \
    :current_role?,
    :current_nonprofit_user?,
    :administered_nonprofit

  def set_locale
    if params[:locale] && Settings.available_locales.include?(params[:locale])
      I18n.locale = params[:locale]
    else
      I18n.locale = Settings.language
    end
  end

  def redirect_to_maintenance
    if Settings&.maintenance&.maintenance_mode && !current_user
      unless self.class == Users::SessionsController &&
             ((Settings.maintenance.maintenance_token && params[:maintenance_token] == Settings.maintenance.maintenance_token) || params[:format] == 'json')
        redirect_to Settings.maintenance.maintenance_page
      end
    end
  end

  protected

  def json_saved(model, msg = nil)
    if model.valid?
      flash[:notice] = msg if msg
      render json: model, status: 200
    else
      render json: model.errors.full_messages, status: :unprocessable_entity
    end
  end

  # A response helper for use with the param_validation gem
  # use like:   render_json{ UpdateUsers.update(params[:user]) }
  # will catch and pretty print exceptions using the rails loggers
  def render_json(&block)
    begin
      result = { status: 200, json: yield(block) }
    rescue ParamValidation::ValidationError => e
      logger.info "422: #{e}".red.bold
      # logger.info ">>".bold.red + " #{{'Failed key name' => e.data[:key], 'Value' => e.data[:val], 'Failed validator' => e.data[:name]}}".red
      result = { status: 422, json: { error: e.message } }
    rescue CCOrgError => e
      logger.info "422: #{e}".red.bold
      result = { status: 422, json: { error: e.message } }
    rescue ActiveRecord::RecordNotFound => e
      logger.info "404: #{e}".red.bold
      result = { status: 404, json: { error: e.message } }
    rescue AuthenticationError => e
      logger.info "401: #{e}".red.bold
      result = { status: 401, json: { error: e.message } }
    rescue ExpiredTokenError => e
      logger.info "422: #{e}".red.bold
      result = { status: 422, json: { error: e.message } }
    rescue Exception => e # a non-validation related exception
      logger.error "500: #{e}".red.bold
      logger.error e.backtrace.take(5).map { |l| '>>'.red.bold + " #{l}" }.join("\n").red
      result = { status: 500, json: { error: e.message, backtrace: e.backtrace } }
    end
    render result
  end

  # Test that within the last 5 minutes, the user has confirmed their password
  def password_was_confirmed(token)
    session[:pw_token] == token && Chronic.parse(session[:pw_timestamp]) >= 5.minutes.ago.utc
  end

  def store_location
    referrer = request.fullpath
    no_redirects = ['/users', '/signup', '/signin', '/users/sign_in', '/users/sign_up', '/users/password', '/users/sign_out', /.*\.json.*/, %r{.*auth/facebook.*}]
    unless request.format.symbol == :json || no_redirects.map { |p| referrer.match(p) }.any?
      session[:previous_url] = referrer
    end
  end

  def block_with_sign_in(msg = nil)
    store_location
    if current_user
      flash[:notice] = "It looks like you're not allowed to access that page. If this seems like a mistake, please contact #{Settings.mailer.email}"
      redirect_to root_path
    else
      msg ||= 'We need to sign you in before you can do that.'
      redirect_to new_user_session_path, flash: { error: msg }
    end
  end

  def authenticate_user!(_options = {})
    block_with_sign_in unless current_user
  end

  def authenticate_confirmed_user!
    if !current_user
      block_with_sign_in
    elsif !current_user.confirmed? && !current_role?(%i[super_associate super_admin])
      redirect_to new_user_confirmation_path, flash: { error: 'You need to confirm your account to do that.' }
    end
  end

  def authenticate_super_associate!
    unless current_role?(:super_admin) || current_role?(:super_associate)
      block_with_sign_in 'Please login.'
    end
  end

  def authenticate_super_admin!
    block_with_sign_in 'Please login.' unless current_role?(:super_admin)
  end

  def current_role?(role_names, host_id = nil)
    return false unless current_user

    role_names = Array(role_names)
    key = "current_role_user_#{current_user_id}_names_#{role_names.join('_')}_host_#{host_id}"
    QueryRoles.user_has_role?(current_user.id, role_names, host_id)
  end

  def administered_nonprofit
    return nil unless current_user

    key = "administered_nonprofit_user_#{current_user_id}_nonprofit"
    Nonprofit.where(id: QueryRoles.host_ids(current_user_id, %i[nonprofit_admin nonprofit_associate])).last
  end

  # devise config

  def after_sign_in_path_for(_resource)
    request.env['omniauth.origin'] || session[:previous_url] || root_path
  end

  def after_sign_up_path_for(_resource)
    request.env['omniauth.origin'] || session[:previous_url] || root_path
  end

  def after_update_path_for(_resource)
    profile_path(current_user.profile)
  end

  def after_inactive_sign_up_path_for(_resource)
    profile_path(current_user.profile)
  end

  # /devise config

  private

  def current_user_id
    current_user&.id
  end
end