2018-11-19 21:18:17 +01:00
|
|
|
class API::V2::BaseController < ApplicationController
|
2023-08-03 15:38:51 +02:00
|
|
|
skip_forgery_protection if: -> { request.headers.key?('HTTP_AUTHORIZATION') }
|
2022-09-28 12:40:44 +02:00
|
|
|
skip_before_action :setup_tracking
|
2023-08-03 15:38:51 +02:00
|
|
|
before_action :authenticate_from_token
|
2018-11-19 21:18:17 +01:00
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
def context
|
2023-08-03 15:38:51 +02:00
|
|
|
if @api_token.present?
|
|
|
|
|
@api_token.context
|
2022-10-03 18:08:03 +02:00
|
|
|
# web interface (/graphql) give current_administrateur
|
|
|
|
|
elsif current_administrateur.present?
|
2023-08-03 16:33:30 +02:00
|
|
|
graphql_web_interface_context
|
|
|
|
|
else
|
|
|
|
|
unauthenticated_request_context
|
2022-09-28 12:40:44 +02:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2023-08-03 15:38:51 +02:00
|
|
|
private
|
2022-11-30 10:14:23 +01:00
|
|
|
|
2023-08-03 16:33:30 +02:00
|
|
|
def graphql_web_interface_context
|
|
|
|
|
{
|
|
|
|
|
administrateur_id: current_administrateur.id,
|
|
|
|
|
procedure_ids: current_administrateur.procedure_ids,
|
|
|
|
|
write_access: true
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def unauthenticated_request_context
|
|
|
|
|
{
|
|
|
|
|
administrateur_id: nil,
|
|
|
|
|
procedure_ids: [],
|
|
|
|
|
write_access: false
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
2023-08-03 15:38:51 +02:00
|
|
|
def authenticate_from_token
|
|
|
|
|
@api_token = authenticate_with_http_token { |t, _o| APIToken.authenticate(t) }
|
2022-11-30 10:14:23 +01:00
|
|
|
|
2023-08-03 15:38:51 +02:00
|
|
|
if @api_token.present?
|
|
|
|
|
@api_token.touch(:last_v2_authenticated_at)
|
|
|
|
|
@current_user = @api_token.administrateur.user
|
2022-09-28 12:40:44 +02:00
|
|
|
end
|
|
|
|
|
end
|
2018-11-19 21:18:17 +01:00
|
|
|
end
|
