raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-26 20:56:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7e9bf43ec8f6c2b278cebbfbfa05fb73dca98a61
openfoodnetwork/app/controllers/spree/admin/base_controller.rb
Matt-Yorkley 3070bb20ed WIP - Update loading of helpers in controllers 
Rails has changed the way helpers are loaded. It's a bit weird. It was throwing lots of errors, and recommended using this setting, but now requires that all helpers are loaded explicitly. I'm not sure about this.
2021-04-08 12:12:37 -07:00

125 lines
3.8 KiB
Ruby
Raw Blame History

module Spree
module Admin
class BaseController < ApplicationController
ssl_required
helper 'shared'
helper 'spree/admin/navigation'
helper 'spree/admin/orders'
helper 'admin/injection'
helper 'admin/orders'
layout '/spree/layouts/admin'
include I18nHelper
before_action :authorize_admin
before_action :set_locale
before_action :warn_invalid_order_cycles, if: :html_request?
# Warn the user when they have an active order cycle with hubs that are not ready
# for checkout (ie. does not have valid shipping and payment methods).
def warn_invalid_order_cycles
return if flash[:notice].present?
warning = OrderCycleWarning.new(spree_current_user).call
flash[:notice] = warning if warning.present?
end
# This is in Spree::Core::ControllerHelpers::Auth
# But you can't easily reopen modules in Ruby
def unauthorized
if spree_current_user
flash[:error] = t(:authorization_failure)
redirect_to '/unauthorized'
else
store_location
redirect_to main_app.root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}")
end
end
protected
def model_class
const_name = controller_name.classify
return "Spree::#{const_name}".constantize if Spree.const_defined?(const_name)
nil
end
def action
params[:action].to_sym
end
def authorize_admin
if respond_to?(:model_class, true) && model_class
record = model_class
else
# This allows specificity for each non-resource controller
# (to be consistent with "authorize_resource :class => false", see https://github.com/ryanb/cancan/blob/60cf6a67ef59c0c9b63bc27ea0101125c4193ea6/lib/cancan/controller_resource.rb#L146)
record = self.class.to_s.
sub("Controller", "").
underscore.split('/').last.singularize.to_sym
end
authorize! :admin, record
authorize! resource_authorize_action, record
end
def resource_authorize_action
action
end
def flash_message_for(object, event_sym)
resource_desc = object.class.model_name.human
resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?
Spree.t(event_sym, resource: resource_desc)
end
# Index request for JSON needs to pass a CSRF token in order to prevent JSON Hijacking
def check_json_authenticity
return unless request.format.js? || request.format.json?
return unless protect_against_forgery?
auth_token = params[request_forgery_protection_token]
return if auth_token && form_authenticity_token == CGI.unescape(auth_token)
raise(ActionController::InvalidAuthenticityToken)
end
private
def html_request?
request.format.html?
end
def json_request?
request.format.json?
end
def render_as_json(data, options = {})
ams_prefix = options.delete :ams_prefix
if each_serializer_required?(data)
render options.merge(json: data, each_serializer: serializer(ams_prefix))
else
render options.merge(json: data, serializer: serializer(ams_prefix))
end
end
def each_serializer_required?(data)
['Array', 'ActiveRecord::Relation'].include?(data.class.name)
end
def serializer(ams_prefix)
unless ams_prefix.nil? || ams_prefix_whitelist.include?(ams_prefix.to_sym)
raise "Suffix '#{ams_prefix}' not found in ams_prefix_whitelist for #{self.class.name}."
end
prefix = ams_prefix.andand.classify || ""
name = controller_name.classify
"::Api::Admin::#{prefix}#{name}Serializer".constantize
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink