Chatwoot/app/controllers/api/v1/accounts/base_controller.rb

class Api::V1::Accounts::BaseController < Api::BaseController
  include SwitchLocale
  before_action :current_account
  around_action :switch_locale_using_account_locale

  private

  def current_account
    @current_account ||= ensure_current_account
    Current.account = @current_account
  end

  def ensure_current_account
    account = Account.find(params[:account_id])
    if current_user
      account_accessible_for_user?(account)
    elsif @resource&.is_a?(AgentBot)
      account_accessible_for_bot?(account)
    end
    account
  end

  def account_accessible_for_user?(account)
    @current_account_user = account.account_users.find_by(user_id: current_user.id)
    Current.account_user = @current_account_user
    render_unauthorized('You are not authorized to access this account') unless @current_account_user
  end

  def account_accessible_for_bot?(account)
    render_unauthorized('You are not authorized to access this account') unless @resource.agent_bot_inboxes.find_by(account_id: account.id)
  end
end
Chore: Code Cleanup in API controllers (#932) * Chore: Code Cleanup in API controllers * Remove unnecessary scoping for accounts controller 2020-06-07 08:28:05 +00:00			`class Api::V1::Accounts::BaseController < Api::BaseController`
fix: Move integration text to translation file (#1463) - Move integration text to translation file - Split switch_locale 2020-11-30 10:54:54 +00:00			`include SwitchLocale`
Chore: Code Cleanup in API controllers (#932) * Chore: Code Cleanup in API controllers * Remove unnecessary scoping for accounts controller 2020-06-07 08:28:05 +00:00			`before_action :current_account`
fix: Move integration text to translation file (#1463) - Move integration text to translation file - Split switch_locale 2020-11-30 10:54:54 +00:00			`around_action :switch_locale_using_account_locale`
Chore: Code Cleanup in API controllers (#932) * Chore: Code Cleanup in API controllers * Remove unnecessary scoping for accounts controller 2020-06-07 08:28:05 +00:00
			`private`

			`def current_account`
			`@current_account \|\|= ensure_current_account`
			`Current.account = @current_account`
			`end`

			`def ensure_current_account`
			`account = Account.find(params[:account_id])`
			`if current_user`
			`account_accessible_for_user?(account)`
			`elsif @resource&.is_a?(AgentBot)`
			`account_accessible_for_bot?(account)`
			`end`
			`account`
			`end`

			`def account_accessible_for_user?(account)`
			`@current_account_user = account.account_users.find_by(user_id: current_user.id)`
			`Current.account_user = @current_account_user`
			`render_unauthorized('You are not authorized to access this account') unless @current_account_user`
			`end`

			`def account_accessible_for_bot?(account)`
			`render_unauthorized('You are not authorized to access this account') unless @resource.agent_bot_inboxes.find_by(account_id: account.id)`
			`end`
			`end`