diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 1b9fa24cc..0cfd7205b 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -10,4 +10,10 @@ class Api::BaseController < ApplicationController def authenticate_by_access_token? request.headers[:api_access_token].present? || request.headers[:HTTP_API_ACCESS_TOKEN].present? end + + def check_authorization(model = nil) + model ||= controller_name.classify.constantize + + authorize(model) + end end diff --git a/app/controllers/api/v1/accounts/agents_controller.rb b/app/controllers/api/v1/accounts/agents_controller.rb index dacd66e46..ed9d3ebc8 100644 --- a/app/controllers/api/v1/accounts/agents_controller.rb +++ b/app/controllers/api/v1/accounts/agents_controller.rb @@ -27,7 +27,7 @@ class Api::V1::Accounts::AgentsController < Api::V1::Accounts::BaseController private def check_authorization - authorize(User) + super(User) end def fetch_agent diff --git a/app/controllers/api/v1/accounts/contacts_controller.rb b/app/controllers/api/v1/accounts/contacts_controller.rb index a82a30414..031b8b706 100644 --- a/app/controllers/api/v1/accounts/contacts_controller.rb +++ b/app/controllers/api/v1/accounts/contacts_controller.rb @@ -41,10 +41,6 @@ class Api::V1::Accounts::ContactsController < Api::V1::Accounts::BaseController private - def check_authorization - authorize(Contact) - end - def build_contact_inbox return if params[:inbox_id].blank? diff --git a/app/controllers/api/v1/accounts/inboxes_controller.rb b/app/controllers/api/v1/accounts/inboxes_controller.rb index 98163bae7..41b64b76d 100644 --- a/app/controllers/api/v1/accounts/inboxes_controller.rb +++ b/app/controllers/api/v1/accounts/inboxes_controller.rb @@ -55,10 +55,6 @@ class Api::V1::Accounts::InboxesController < Api::V1::Accounts::BaseController @agent_bot = AgentBot.find(params[:agent_bot]) if params[:agent_bot] end - def check_authorization - authorize(Inbox) - end - def create_channel case permitted_params[:channel][:type] when 'web_widget' diff --git a/app/controllers/api/v1/accounts/labels_controller.rb b/app/controllers/api/v1/accounts/labels_controller.rb index 12c026e66..547b9e6d6 100644 --- a/app/controllers/api/v1/accounts/labels_controller.rb +++ b/app/controllers/api/v1/accounts/labels_controller.rb @@ -28,10 +28,6 @@ class Api::V1::Accounts::LabelsController < Api::V1::Accounts::BaseController @label = Current.account.labels.find(params[:id]) end - def check_authorization - authorize(Label) - end - def permitted_params params.require(:label).permit(:title, :description, :color, :show_on_sidebar) end diff --git a/app/controllers/api/v1/accounts/webhooks_controller.rb b/app/controllers/api/v1/accounts/webhooks_controller.rb index 9e61904d6..58f9b21a0 100644 --- a/app/controllers/api/v1/accounts/webhooks_controller.rb +++ b/app/controllers/api/v1/accounts/webhooks_controller.rb @@ -29,8 +29,4 @@ class Api::V1::Accounts::WebhooksController < Api::V1::Accounts::BaseController def fetch_webhook @webhook = Current.account.webhooks.find(params[:id]) end - - def check_authorization - authorize(Webhook) - end end diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb index 933bd5a3a..5d7064fd0 100644 --- a/app/controllers/api/v1/accounts_controller.rb +++ b/app/controllers/api/v1/accounts_controller.rb @@ -44,10 +44,6 @@ class Api::V1::AccountsController < Api::BaseController private - def check_authorization - authorize(Account) - end - def confirmed? super_admin? && params[:confirmed] end