parsley/app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  def verified_request?
    if request.media_type == "application/json"
      true
    else
      super()
    end
  end

  def ensure_valid_user
    unless current_user?
      flash[:warning] = "You must login"
      redirect_to login_path
    end
  end

  def ensure_admin_user
    unless current_user? && current_user.admin?
      flash[:warning] = "You must login as an admin"
      redirect_to login_path
    end
  end

  def ensure_owner(item)
    owner = case
              when current_user.nil?
                false
              when item.nil?
                true
              when current_user.admin?
                true
              when current_user.id == item.user_id
                true
              else
                false
            end

    if owner
      yield if block_given?
    else
      flash[:warning] = "Operation Not Permitted"
      redirect_to root_path
    end
  end

  def current_user
    @current_user ||= User.find(session[:user_id]) if session[:user_id]
  end
  helper_method :current_user

  def current_user?
    !current_user.nil?
  end
  helper_method :current_user?

  def set_current_user(user)
    if user
      session[:user_id] = user.id
    else
      session[:user_id] = nil
    end
  end
end