mirror of
https://github.com/openfoodfoundation/openfoodnetwork
synced 2026-01-24 20:36:49 +00:00
131 lines
3.7 KiB
Ruby
131 lines
3.7 KiB
Ruby
require_dependency 'spree/api/controller_setup'
|
|
|
|
module Spree
|
|
module Api
|
|
class BaseController < ActionController::Metal
|
|
include Spree::Api::ControllerSetup
|
|
include Spree::Core::ControllerHelpers::SSL
|
|
include ::ActionController::Head
|
|
|
|
self.responder = Spree::Api::Responders::AppResponder
|
|
|
|
respond_to :json
|
|
|
|
attr_accessor :current_api_user
|
|
|
|
before_filter :set_content_type
|
|
before_filter :check_for_user_or_api_key, :if => :requires_authentication?
|
|
before_filter :authenticate_user
|
|
after_filter :set_jsonp_format
|
|
|
|
rescue_from Exception, :with => :error_during_processing
|
|
rescue_from CanCan::AccessDenied, :with => :unauthorized
|
|
rescue_from ActiveRecord::RecordNotFound, :with => :not_found
|
|
|
|
helper Spree::Api::ApiHelpers
|
|
|
|
ssl_allowed
|
|
|
|
def set_jsonp_format
|
|
if params[:callback] && request.get?
|
|
self.response_body = "#{params[:callback]}(#{response_body})"
|
|
headers["Content-Type"] = 'application/javascript'
|
|
end
|
|
end
|
|
|
|
def map_nested_attributes_keys(klass, attributes)
|
|
nested_keys = klass.nested_attributes_options.keys
|
|
attributes.inject({}) do |h, (k, v)|
|
|
key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k
|
|
h[key] = v
|
|
h
|
|
end.with_indifferent_access
|
|
end
|
|
|
|
private
|
|
|
|
def set_content_type
|
|
content_type = case params[:format]
|
|
when "json"
|
|
"application/json"
|
|
when "xml"
|
|
"text/xml"
|
|
end
|
|
headers["Content-Type"] = content_type
|
|
end
|
|
|
|
def check_for_user_or_api_key
|
|
# User is already authenticated with Spree, make request this way instead.
|
|
return true if @current_api_user = try_spree_current_user ||
|
|
!requires_authentication?
|
|
|
|
return if api_key.present?
|
|
render("spree/api/errors/must_specify_api_key", status: :unauthorized) && return
|
|
end
|
|
|
|
def authenticate_user
|
|
return if @current_api_user
|
|
|
|
if requires_authentication? || api_key.present?
|
|
unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
|
|
render("spree/api/errors/invalid_api_key", status: :unauthorized) && return
|
|
end
|
|
else
|
|
# An anonymous user
|
|
@current_api_user = Spree.user_class.new
|
|
end
|
|
end
|
|
|
|
def unauthorized
|
|
render("spree/api/errors/unauthorized", status: :unauthorized) && return
|
|
end
|
|
|
|
def error_during_processing(exception)
|
|
render(text: { exception: exception.message }.to_json,
|
|
status: :unprocessable_entity) && return
|
|
end
|
|
|
|
def requires_authentication?
|
|
true
|
|
end
|
|
|
|
def not_found
|
|
render("spree/api/errors/not_found", status: :not_found) && return
|
|
end
|
|
|
|
def current_ability
|
|
Spree::Ability.new(current_api_user)
|
|
end
|
|
|
|
def invalid_resource!(resource)
|
|
@resource = resource
|
|
render "spree/api/errors/invalid_resource", status: :unprocessable_entity
|
|
end
|
|
|
|
def api_key
|
|
request.headers["X-Spree-Token"] || params[:token]
|
|
end
|
|
helper_method :api_key
|
|
|
|
def find_product(id)
|
|
product_scope.find_by_permalink!(id.to_s)
|
|
rescue ActiveRecord::RecordNotFound
|
|
product_scope.find(id)
|
|
end
|
|
|
|
def product_scope
|
|
if current_api_user.has_spree_role?("admin")
|
|
scope = Product
|
|
if params[:show_deleted]
|
|
scope = scope.with_deleted
|
|
end
|
|
else
|
|
scope = Product.active
|
|
end
|
|
|
|
scope.includes(:master)
|
|
end
|
|
end
|
|
end
|
|
end
|