parsley/app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  def verified_request?
    if request.media_type == "application/json"
      true
    else
      super()
    end
  end

  def ensure_valid_user
    unless current_user?
      flash[:warning] = "You must login"
      redirect_to login_path
    end
  end

  def ensure_admin_user
    unless current_user? && current_user.admin?
      flash[:warning] = "You must login as an admin"
      redirect_to login_path
    end
  end

  def ensure_owner(item)
    owner = case
              when current_user.nil?
                false
              when item.nil?
                true
              when current_user.admin?
                true
              when current_user.id == item.user_id
                true
              else
                false
            end

    if owner
      yield if block_given?
    else
      respond_to do |format|
        format.html do
          flash[:warning] = "Operation Not Permitted"
          redirect_to root_path
        end

        format.json do
          render json: { error: "Operation Not Permitted" }, status: current_user.nil? ? :unauthorized : :forbidden
        end
      end


    end
  end

  def current_user
    @current_user ||= User.find(session[:user_id]) if session[:user_id]
  end
  helper_method :current_user

  def current_user?
    !current_user.nil?
  end
  helper_method :current_user?

  def set_current_user(user)
    if user
      session[:user_id] = user.id
    else
      session[:user_id] = nil
    end
  end
end
initial commit 2016-01-12 18:43:00 -06:00			`class ApplicationController < ActionController::Base`
			`# Prevent CSRF attacks by raising an exception.`
			`# For APIs, you may want to use :null_session instead.`
			`protect_from_forgery with: :exception`
Added authentication; cleaned up some UI 2016-01-19 16:50:39 -06:00
recipe editing 2018-04-01 21:43:23 -05:00			`def verified_request?`
rails 7/ruby 3 2022-12-01 18:02:26 -06:00			`if request.media_type == "application/json"`
recipe editing 2018-04-01 21:43:23 -05:00			`true`
			`else`
			`super()`
			`end`
			`end`

Added authentication; cleaned up some UI 2016-01-19 16:50:39 -06:00			`def ensure_valid_user`
updated recipe index 2016-01-19 17:43:52 -06:00			`unless current_user?`
Added authentication; cleaned up some UI 2016-01-19 16:50:39 -06:00			`flash[:warning] = "You must login"`
			`redirect_to login_path`
			`end`
			`end`

			`def ensure_admin_user`
ui update 2016-01-20 20:29:08 -06:00			`unless current_user? && current_user.admin?`
Added authentication; cleaned up some UI 2016-01-19 16:50:39 -06:00			`flash[:warning] = "You must login as an admin"`
			`redirect_to login_path`
			`end`
			`end`

Added some security 2016-01-21 11:47:30 -06:00			`def ensure_owner(item)`
Added admin; updated calculator; added owner to ingredients 2016-03-03 13:12:42 -06:00			`owner = case`
			`when current_user.nil?`
			`false`
			`when item.nil?`
			`true`
			`when current_user.admin?`
			`true`
			`when current_user.id == item.user_id`
			`true`
			`else`
			`false`
			`end`

			`if owner`
			`yield if block_given?`
			`else`
Continue converting to composition api 2024-10-02 14:34:50 -05:00			`respond_to do \|format\|`
			`format.html do`
			`flash[:warning] = "Operation Not Permitted"`
			`redirect_to root_path`
			`end`

			`format.json do`
			`render json: { error: "Operation Not Permitted" }, status: current_user.nil? ? :unauthorized : :forbidden`
			`end`
			`end`


Added some security 2016-01-21 11:47:30 -06:00			`end`
			`end`

Added authentication; cleaned up some UI 2016-01-19 16:50:39 -06:00			`def current_user`
			`@current_user \|\|= User.find(session[:user_id]) if session[:user_id]`
			`end`
			`helper_method :current_user`

updated recipe index 2016-01-19 17:43:52 -06:00			`def current_user?`
			`!current_user.nil?`
			`end`
			`helper_method :current_user?`

Added authentication; cleaned up some UI 2016-01-19 16:50:39 -06:00			`def set_current_user(user)`
			`if user`
			`session[:user_id] = user.id`
			`else`
			`session[:user_id] = nil`
			`end`
			`end`
initial commit 2016-01-12 18:43:00 -06:00			`end`