Sprankelprachtig aan/afmeldsysteem

api_controller.rb 1.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445
  1. class ApiController < ActionController::Base
  2. include AuthenticationHelper
  3. before_action :api_require_authentication!, except: [:status]
  4. def status
  5. @message = "Ok"
  6. render 'api/ok'
  7. end
  8. protected
  9. def api_require_authentication!
  10. return if logged_in?
  11. head :unauthorized
  12. end
  13. def api_require_admin!
  14. return if current_person&.is_admin?
  15. @message = I18n.t('authentication.admin_required')
  16. render 'api/error', status: :forbidden
  17. end
  18. # Authenticate a request by a 'Authorization: Group xxx'-header.
  19. # Asserts that the client meant to pass a Group API key, and then sets the
  20. # @group variable from the key's associated group.
  21. def api_auth_group_token
  22. words = request.authorization.split(' ')
  23. head :unauthorized unless words[0].casecmp('group').zero?
  24. @group = Group.find_by api_token: words[1]
  25. head :unauthorized unless @group
  26. end
  27. # Require user to be a member of group OR admin, requires @group set
  28. def require_membership!
  29. return if current_person&.groups&.include?(@group) || current_person&.is_admin?
  30. @message = I18n.t('authentication.membership_required')
  31. render 'api/error', status: :forbidden
  32. end
  33. end