Files

55 lines
2.2 KiB
Ruby

module Dunlop
module Ember
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :authenticate_user_from_token!
before_action :authenticate_user!
def ember_path
app_globals = {}
if adapter_name = params[:adapter].to_s.scan(/\w+/).first.presence
return render html: '403 - unauthorized, no adapter engine', status: 403 unless adapter = Panda.adapters[adapter_name]
@app_index = Rails.root.join("public/adapters/#{adapter.url_name}/app/index.html")
#app_globals = adapter.settings # load through request instead. More stable then changing environments
unless Rails.application.config.try(:loose_ember_app_authorization)
return render html: '403 - unauthorized, no adapter engine permission', status: 403 unless current_user.admin? or can?(:read, adapter.engine)
end
else
@app_index = Rails.root.join('public/app/index.html')
end
Rails.logger.info "Loading ember app for path '#/#{params[:rest]}' adapter: '#{params[:adapter].presence || 'main_app'}'"
if @app_index.exist?
index_html = @app_index.read.to_s
app_globals[:flash] = flash.to_h if flash.present?
index_html.sub! 'app_globals={}', "app_globals=#{app_globals.to_json}" if app_globals.present?
render html: index_html.html_safe
else
render html: "App file <tt>#{@app_index.to_s}</tt> not found".html_safe
end
end
rescue_from CanCan::AccessDenied do
if request.format.json?
head 403
else
render 'application/403', status: 403
end
end
private
def authenticate_user_from_token!
# https://romulomachado.github.io/2015/09/28/using-ember-simple-auth-with-devise.html
authenticate_with_http_token do |token, options|
user_email = options[:email].presence
user = user_email && User.find_by_email(user_email)
if user && Devise.secure_compare(user.authentication_token, token)
sign_in user, store: false
end
end
end
end
end
end