139 lines
3.2 KiB
Ruby
139 lines
3.2 KiB
Ruby
class ApplicationController < ActionController::Base
|
|
# Prevent CSRF attacks by raising an exception.
|
|
# For APIs, you may want to use :null_session instead.
|
|
protect_from_forgery with: :exception
|
|
before_action :check_browser
|
|
before_action :load_navbar_left_pannel_partial_url
|
|
before_action :set_raven_context
|
|
before_action :authorize_request_for_profiler
|
|
|
|
before_action :staging_authenticate
|
|
|
|
def staging_authenticate
|
|
if StagingAuthService.enabled? && !authenticate_with_http_basic { |username, password| StagingAuthService.authenticate(username, password) }
|
|
request_http_basic_authentication
|
|
end
|
|
end
|
|
|
|
def authorize_request_for_profiler
|
|
if administration_signed_in?
|
|
Rack::MiniProfiler.authorize_request
|
|
end
|
|
end
|
|
|
|
def default_url_options
|
|
return { protocol: 'https' } if Rails.env.staging? || Rails.env.production?
|
|
{}
|
|
end
|
|
|
|
def check_browser
|
|
BROWSER.value = BrowserService.get_browser(request)
|
|
end
|
|
|
|
def load_navbar_left_pannel_partial_url
|
|
controller = request.controller_class
|
|
method = params[:action]
|
|
service = RenderPartialService.new(controller, method)
|
|
@navbar_url = service.navbar
|
|
@left_pannel_url = service.left_panel
|
|
@facade_data_view = nil
|
|
end
|
|
|
|
protected
|
|
|
|
def authenticate_gestionnaire!
|
|
if gestionnaire_signed_in?
|
|
super
|
|
else
|
|
redirect_to new_user_session_path
|
|
end
|
|
end
|
|
|
|
def authenticate_administrateur!
|
|
if administrateur_signed_in?
|
|
super
|
|
else
|
|
redirect_to new_user_session_path
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def logged_users
|
|
@logged_users ||= [
|
|
current_user,
|
|
current_gestionnaire,
|
|
current_administrateur,
|
|
current_administration
|
|
].compact
|
|
end
|
|
|
|
def logged_user_roles
|
|
roles = logged_users.map { |logged_user| logged_user.class.name }
|
|
roles.any? ? roles.join(', ') : 'Guest'
|
|
end
|
|
|
|
def logged_user_info
|
|
logged_user = logged_users.first
|
|
|
|
if logged_user
|
|
{
|
|
id: logged_user.id,
|
|
email: logged_user.email
|
|
}
|
|
end
|
|
end
|
|
|
|
def set_raven_context
|
|
context = {
|
|
ip_address: request.ip,
|
|
roles: logged_user_roles
|
|
}
|
|
context.merge!(logged_user_info || {})
|
|
|
|
Raven.user_context(context)
|
|
end
|
|
|
|
def append_info_to_payload(payload)
|
|
payload.merge!({
|
|
user_agent: request.user_agent,
|
|
current_user: logged_user_info,
|
|
current_user_roles: logged_user_roles
|
|
}.compact)
|
|
|
|
if browser.known?
|
|
payload.merge!({
|
|
browser: browser.name,
|
|
browser_version: browser.version.to_s,
|
|
platform: browser.platform.name,
|
|
})
|
|
end
|
|
end
|
|
|
|
def permit_smart_listing_params
|
|
# FIXME: remove when
|
|
# https://github.com/Sology/smart_listing/issues/134
|
|
# is fixed
|
|
self.params = params.permit(
|
|
dossiers_smart_listing:
|
|
[
|
|
:page,
|
|
:per_page,
|
|
{ sort: [:id, :'procedure.libelle', :state, :updated_at] }
|
|
],
|
|
gestionnaires_smart_listing:
|
|
[
|
|
:page,
|
|
:per_page,
|
|
{ sort: [:email] }
|
|
],
|
|
procedures_smart_listing:
|
|
[
|
|
:page,
|
|
:per_page,
|
|
{ sort: [:id, :libelle, :published_at] }
|
|
]
|
|
)
|
|
# END OF FIXME
|
|
end
|
|
end
|