fab-manager/app/controllers/application_controller.rb

# frozen_string_literal: true

# Main controller for the backend application. All controllers inherits from it
class ApplicationController < ActionController::Base
  include Pundit
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
  after_action :set_csrf_cookie
  cache_sweeper :stylesheet_sweeper

  respond_to :html, :json

  before_action :configure_permitted_parameters, if: :devise_controller?
  around_action :switch_locale

  # Globally rescue Authorization Errors in controller.
  # Returning 403 Forbidden if permission is denied
  rescue_from Pundit::NotAuthorizedError, with: :permission_denied

  def index; end

  def sso_redirect
    @authorization_token = request.query_parameters[:auth_token]
    @authentication_token = form_authenticity_token
    @active_provider = AuthProvider.active
  end

  protected

  def set_csrf_cookie
    cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?
  end

  def verified_request?
    super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN'])
  end

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up,
                                      keys: [
                                        {
                                          profile_attributes: %i[phone last_name first_name interest software_mastered],
                                          invoicing_profile_attributes: [
                                            organization_attributes: [:name, address_attributes: [:address]],
                                            user_profile_custom_fields_attributes: %i[profile_custom_field_id value],
                                            address_attributes: [:address]
                                          ],
                                          statistic_profile_attributes: %i[gender birthday]
                                        },
                                        :username, :is_allow_contact, :is_allow_newsletter, :cgu, :group_id
                                      ])
  end

  def default_url_options
    {
      host: Rails.application.secrets.default_host,
      protocol: Rails.application.secrets.default_protocol
    }
  end

  def permission_denied
    head 403
  end

  # Set the configured locale for each action (API call)
  # @see https://guides.rubyonrails.org/i18n.html
  def switch_locale(&action)
    locale = params[:locale] || Rails.application.secrets.rails_locale
    I18n.with_locale(locale, &action)
  end

  # @return [User]
  # This is a placeholder for Devise's current_user.
  # As Devise generate the method at runtime, IDEs autocomplete features will complain about 'method not found'
  def current_user
    super
  end

  # This is a placeholder for Devise's authenticate_user! method.
  def authenticate_user!
    super
  end

  # N+1 query detection (https://github.com/flyerhzm/bullet)
  def skip_bullet
    previous_value = Bullet.enable?
    Bullet.enable = false
    yield
  ensure
    Bullet.enable = previous_value
  end
end
refactored ApplicationController + rubymine stub for devise 2019-01-14 14:45:23 +01:00			`# frozen_string_literal: true`

			`# Main controller for the backend application. All controllers inherits from it`
init depot fabmanager 2015-05-05 03:10:25 +02:00			`class ApplicationController < ActionController::Base`
			`include Pundit`
			`# Prevent CSRF attacks by raising an exception.`
			`# For APIs, you may want to use :null_session instead.`
			`protect_from_forgery with: :exception`
			`after_action :set_csrf_cookie`
release 2.0 rc 2016-03-23 18:39:41 +01:00			`cache_sweeper :stylesheet_sweeper`
init depot fabmanager 2015-05-05 03:10:25 +02:00
			`respond_to :html, :json`

			`before_action :configure_permitted_parameters, if: :devise_controller?`
[bug] invalid currency in notifications for locales with region 2021-05-14 11:57:52 +02:00			`around_action :switch_locale`
init depot fabmanager 2015-05-05 03:10:25 +02:00
release 2.0 rc 2016-03-23 18:39:41 +01:00			`# Globally rescue Authorization Errors in controller.`
			`# Returning 403 Forbidden if permission is denied`
			`rescue_from Pundit::NotAuthorizedError, with: :permission_denied`

refactored ApplicationController + rubymine stub for devise 2019-01-14 14:45:23 +01:00			`def index; end`
init depot fabmanager 2015-05-05 03:10:25 +02:00
migrated links to /users/auth from GET to POST see https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284 for more info 2019-10-02 14:37:47 +02:00			`def sso_redirect`
			`@authorization_token = request.query_parameters[:auth_token]`
			`@authentication_token = form_authenticity_token`
			`@active_provider = AuthProvider.active`
			`end`

init depot fabmanager 2015-05-05 03:10:25 +02:00			`protected`
refactored ApplicationController + rubymine stub for devise 2019-01-14 14:45:23 +01:00
init depot fabmanager 2015-05-05 03:10:25 +02:00			`def set_csrf_cookie`
			`cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?`
			`end`

			`def verified_request?`
			`super \|\| valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN'])`
			`end`

			`def configure_permitted_parameters`
[security] updated devise + updated rails 2019-03-25 14:57:48 +01:00			`devise_parameter_sanitizer.permit(:sign_up,`
			`keys: [`
moving organization & address to invoicingProfile + refactored doc about postgre 2019-05-29 14:28:14 +02:00			`{`
move gender & birthday to statistic_profile 2019-06-04 13:33:00 +02:00			`profile_attributes: %i[phone last_name first_name interest software_mastered],`
moving organization & address to invoicingProfile + refactored doc about postgre 2019-05-29 14:28:14 +02:00			`invoicing_profile_attributes: [`
address required - Ability to set the address as a mandatory field - The address is new requested when creating an account - The profile completion page is less fuzzy for people landing on it without enabled SSO 2021-03-23 11:49:05 +01:00			`organization_attributes: [:name, address_attributes: [:address]],`
add user validation required setting, user proof of identity upload and organization custom field 2022-03-18 19:44:30 +01:00			`user_profile_custom_fields_attributes: %i[profile_custom_field_id value],`
address required - Ability to set the address as a mandatory field - The address is new requested when creating an account - The profile completion page is less fuzzy for people landing on it without enabled SSO 2021-03-23 11:49:05 +01:00			`address_attributes: [:address]`
move gender & birthday to statistic_profile 2019-06-04 13:33:00 +02:00			`],`
			`statistic_profile_attributes: %i[gender birthday]`
moving organization & address to invoicingProfile + refactored doc about postgre 2019-05-29 14:28:14 +02:00			`},`
[security] updated devise + updated rails 2019-03-25 14:57:48 +01:00			`:username, :is_allow_contact, :is_allow_newsletter, :cgu, :group_id`
			`])`
init depot fabmanager 2015-05-05 03:10:25 +02:00			`end`

			`def default_url_options`
define default_protocol & default_host from the UI + fix email_from + various minor fixes 2020-06-01 17:32:32 +02:00			`{`
configure default_host & default_protocol from env reverts 478a6c40 (partially) & b2434864 2020-06-02 18:29:24 +02:00			`host: Rails.application.secrets.default_host,`
			`protocol: Rails.application.secrets.default_protocol`
define default_protocol & default_host from the UI + fix email_from + various minor fixes 2020-06-01 17:32:32 +02:00			`}`
init depot fabmanager 2015-05-05 03:10:25 +02:00			`end`
release 2.0 rc 2016-03-23 18:39:41 +01:00
			`def permission_denied`
			`head 403`
			`end`
refactored ApplicationController + rubymine stub for devise 2019-01-14 14:45:23 +01:00
[bug] invalid currency in notifications for locales with region 2021-05-14 11:57:52 +02:00			`# Set the configured locale for each action (API call)`
			`# @see https://guides.rubyonrails.org/i18n.html`
			`def switch_locale(&action)`
			`locale = params[:locale] \|\| Rails.application.secrets.rails_locale`
			`I18n.with_locale(locale, &action)`
			`end`

refactored ApplicationController + rubymine stub for devise 2019-01-14 14:45:23 +01:00			`# @return [User]`
			`# This is a placeholder for Devise's current_user.`
			`# As Devise generate the method at runtime, IDEs autocomplete features will complain about 'method not found'`
			`def current_user`
			`super`
			`end`
improved member autocompletion with multiple words + refactored members controller 2019-01-21 15:17:56 +01:00
			`# This is a placeholder for Devise's authenticate_user! method.`
			`def authenticate_user!`
			`super`
			`end`
Optimized multiple DB queries 2022-01-11 16:04:14 +01:00
			`# N+1 query detection (https://github.com/flyerhzm/bullet)`
			`def skip_bullet`
			`previous_value = Bullet.enable?`
			`Bullet.enable = false`
			`yield`
			`ensure`
			`Bullet.enable = previous_value`
			`end`
init depot fabmanager 2015-05-05 03:10:25 +02:00			`end`