a5bc81b304
Suppress the unnecessary CSRF warning
35 lines
1.1 KiB
Ruby
35 lines
1.1 KiB
Ruby
class PlatformController < ActionController::API
|
|
before_action :ensure_access_token
|
|
before_action :set_platform_app
|
|
before_action :set_resource, only: [:update, :show, :destroy]
|
|
before_action :validate_platform_app_permissible, only: [:update, :show, :destroy]
|
|
|
|
def show; end
|
|
|
|
def update; end
|
|
|
|
def destroy; end
|
|
|
|
private
|
|
|
|
def ensure_access_token
|
|
token = request.headers[:api_access_token] || request.headers[:HTTP_API_ACCESS_TOKEN]
|
|
@access_token = AccessToken.find_by(token: token) if token.present?
|
|
end
|
|
|
|
def set_platform_app
|
|
@platform_app = @access_token.owner if @access_token && @access_token.owner.is_a?(PlatformApp)
|
|
render json: { error: 'Invalid access_token' }, status: :unauthorized if @platform_app.blank?
|
|
end
|
|
|
|
def set_resource
|
|
# set @resource in your controller
|
|
raise 'Overwrite this method your controller'
|
|
end
|
|
|
|
def validate_platform_app_permissible
|
|
return if @platform_app.platform_app_permissibles.find_by(permissible: @resource)
|
|
|
|
render json: { error: 'Non permissible resource' }, status: :unauthorized
|
|
end
|
|
end
|