eceb6c9b43
* Add self-service account deletion * Disable access to cancelled accounts & implement Stripe interactions * Add tests * Fix failing tests * Remove cancelled accounts from lists * Fix incorrect redirect * Use _path instead of _url for consistency * Don't track how far the inicieration job got We still want the step tracking so that the job can be interrupted. But, since the scope is idempotent, we don't need to track how far it got. * Specify the exact time when the data will be deleted * Fix crash due to unadvancable cursor * Rename up_for_incineration to due_for_incineration * Regenrate the schema * Fix incorrect path check * Migrate the SQLite schema * Only show the cancel button on cancellable accounts * Check that a subscirption method exists before calling it * Ignore job failures due to missing records when an account gets deleted * Skip sending notifications on cancelled accounts * Use collbacks to integrate * Add a blank line between queue_as and discard_on * Break checks into methods * Inline methods * Rename Account::IncinerateJob * Run migrations * Migrate SQLite
45 lines
1.1 KiB
Ruby
45 lines
1.1 KiB
Ruby
module Authorization
|
|
extend ActiveSupport::Concern
|
|
|
|
included do
|
|
before_action :ensure_can_access_account, if: :authenticated_account_access?
|
|
end
|
|
|
|
class_methods do
|
|
def allow_unauthorized_access(**options)
|
|
skip_before_action :ensure_can_access_account, **options
|
|
end
|
|
|
|
def require_access_without_a_user(**options)
|
|
skip_before_action :ensure_can_access_account, **options
|
|
before_action :redirect_existing_user, **options
|
|
end
|
|
end
|
|
|
|
private
|
|
def ensure_admin
|
|
head :forbidden unless Current.user.admin?
|
|
end
|
|
|
|
def ensure_staff
|
|
head :forbidden unless Current.identity.staff?
|
|
end
|
|
|
|
def authenticated_account_access?
|
|
Current.account.present? && authenticated?
|
|
end
|
|
|
|
def ensure_can_access_account
|
|
unless Current.account.active? && Current.user&.active?
|
|
respond_to do |format|
|
|
format.html { redirect_to session_menu_path(script_name: nil) }
|
|
format.json { head :forbidden }
|
|
end
|
|
end
|
|
end
|
|
|
|
def redirect_existing_user
|
|
redirect_to root_path if Current.user
|
|
end
|
|
end
|