demarches-normaliennes/app/controllers/api/v2/base_controller.rb
2023-09-20 14:11:10 +02:00

45 lines
1.1 KiB
Ruby

class API::V2::BaseController < ApplicationController
skip_forgery_protection if: -> { request.headers.key?('HTTP_AUTHORIZATION') }
skip_before_action :setup_tracking
before_action :authenticate_from_token
private
def context
if @api_token.present?
@api_token.context
# web interface (/graphql) give current_administrateur
elsif current_administrateur.present?
graphql_web_interface_context
else
unauthenticated_request_context
end
end
private
def graphql_web_interface_context
{
administrateur_id: current_administrateur.id,
procedure_ids: current_administrateur.procedure_ids,
write_access: true
}
end
def unauthenticated_request_context
{
administrateur_id: nil,
procedure_ids: [],
write_access: false
}
end
def authenticate_from_token
@api_token = authenticate_with_http_token { |t, _o| APIToken.authenticate(t) }
if @api_token.present?
@api_token.touch(:last_v2_authenticated_at)
@current_user = @api_token.administrateur.user
end
end
end