Files
fizzy/app/controllers/concerns/authorization.rb
T
Mike Dalessio ec54014832 Add account slug middleware
and set Current.account
2025-11-17 09:11:42 -05:00

50 lines
1.5 KiB
Ruby

module Authorization
extend ActiveSupport::Concern
included do
prepend_before_action :set_account, if: -> { request_account_id.present? }
before_action :ensure_can_access_account, if: -> { Current.account.present? && authenticated? }
end
class_methods do
def allow_unauthorized_access(**options)
skip_before_action :ensure_can_access_account, **options
end
def require_access_without_a_user(**options)
skip_before_action :ensure_can_access_account, **options
before_action :redirect_existing_user, **options
end
end
private
def set_account
Current.account = Account.find_by(external_account_id: request_account_id)
end
def ensure_admin
head :forbidden unless Current.user.admin?
end
def ensure_staff
head :forbidden unless Current.user.staff?
end
def ensure_can_access_account
if Current.account.nil?
redirect_to session_menu_url(script_name: nil)
elsif Current.membership.blank?
Rails.logger.debug "MIKE: blank membership, session is #{Current.session.inspect}"
redirect_to session_menu_url(script_name: nil)
elsif Current.user.nil? && Current.membership.join_code.present?
redirect_to new_users_join_path
elsif !Current.user&.active?
redirect_to unlink_membership_url(script_name: nil, membership_id: Current.membership.signed_id(purpose: :unlinking))
end
end
def redirect_existing_user
redirect_to root_path if Current.user
end
end