Chatwoot/app/controllers/api/base_controller.rb

class Api::BaseController < ApplicationController
  include AccessTokenAuthHelper
  respond_to :json
  before_action :authenticate_access_token!, if: :authenticate_by_access_token?
  before_action :validate_bot_access_token!, if: :authenticate_by_access_token?
  before_action :authenticate_user!, unless: :authenticate_by_access_token?

  private

  def authenticate_by_access_token?
    request.headers[:api_access_token].present? || request.headers[:HTTP_API_ACCESS_TOKEN].present?
  end

  def check_authorization(model = nil)
    model ||= controller_name.classify.constantize

    authorize(model)
  end

  def check_admin_authorization?
    raise Pundit::NotAuthorizedError unless Current.account_user.administrator?
  end
end
Initial Commit Co-authored-by: Subin <subinthattaparambil@gmail.com> Co-authored-by: Manoj <manojmj92@gmail.com> Co-authored-by: Nithin <webofnithin@gmail.com> 2019-08-14 09:48:44 +00:00			`class Api::BaseController < ApplicationController`
Feature: Access tokens for API access (#604) Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-10 18:32:15 +00:00			`include AccessTokenAuthHelper`
Initial Commit Co-authored-by: Subin <subinthattaparambil@gmail.com> Co-authored-by: Manoj <manojmj92@gmail.com> Co-authored-by: Nithin <webofnithin@gmail.com> 2019-08-14 09:48:44 +00:00			`respond_to :json`
Feature: Access tokens for API access (#604) Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-10 18:32:15 +00:00			`before_action :authenticate_access_token!, if: :authenticate_by_access_token?`
			`before_action :validate_bot_access_token!, if: :authenticate_by_access_token?`
			`before_action :authenticate_user!, unless: :authenticate_by_access_token?`
Initial Commit Co-authored-by: Subin <subinthattaparambil@gmail.com> Co-authored-by: Manoj <manojmj92@gmail.com> Co-authored-by: Nithin <webofnithin@gmail.com> 2019-08-14 09:48:44 +00:00
			`private`

Feature: Access tokens for API access (#604) Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-10 18:32:15 +00:00			`def authenticate_by_access_token?`
Feature: Business logo API for web widget (#674) Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-04-07 04:49:19 +00:00			`request.headers[:api_access_token].present? \|\| request.headers[:HTTP_API_ACCESS_TOKEN].present?`
Feature: Access tokens for API access (#604) Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-10 18:32:15 +00:00			`end`
chore: DRY up check_authorization method (#1351) 2020-10-20 13:52:21 +00:00
			`def check_authorization(model = nil)`
			`model \|\|= controller_name.classify.constantize`

			`authorize(model)`
			`end`
chore: Ensure privilege validations for API endpoints (#2224) Co-authored-by: Pranav Raj S <pranav@chatwoot.com> 2021-06-11 06:14:31 +00:00
			`def check_admin_authorization?`
			`raise Pundit::NotAuthorizedError unless Current.account_user.administrator?`
			`end`
Initial Commit Co-authored-by: Subin <subinthattaparambil@gmail.com> Co-authored-by: Manoj <manojmj92@gmail.com> Co-authored-by: Nithin <webofnithin@gmail.com> 2019-08-14 09:48:44 +00:00			`end`