module Garage::ControllerHelper

Attributes

field_selector[RW]
representation[RW]

Public Instance Methods

allow_access?(klass, action = :read) click to toggle source
# File lib/garage/controller_helper.rb, line 78
def allow_access?(klass, action = :read)
  ability_from_token.allow?(klass, action)
end
cache_context() click to toggle source
# File lib/garage/controller_helper.rb, line 72
def cache_context
  { t: access_token.try(:id) }
end
current_resource_owner() click to toggle source

Implement by using `resource_owner_id` like:

def current_resource_owner
  @current_resource_owner ||= User.find(resource_owner_id) if resource_owner_id
end
# File lib/garage/controller_helper.rb, line 47
def current_resource_owner
  raise "Your ApplicationController needs to implement current_resource_owner!"
end
doorkeeper_token() click to toggle source

For backword compatiblility.

# File lib/garage/controller_helper.rb, line 26
def doorkeeper_token
  access_token
end
has_scope?(scope) click to toggle source

Public: returns if the current request includes the given OAuth scope

# File lib/garage/controller_helper.rb, line 68
def has_scope?(scope)
  access_token && access_token.scopes.include?(scope)
end
requested_by?(resource) click to toggle source

Check if the current resource is the same as the requester. The resource must respond to `resource.id` method.

# File lib/garage/controller_helper.rb, line 53
def requested_by?(resource)
  user = resource.respond_to?(:owner) ? resource.owner : resource
  case
  when current_resource_owner.nil?
    false
  when !user.is_a?(current_resource_owner.class)
    false
  when current_resource_owner.id == user.id
    true
  else
    false
  end
end
resource_owner_id() click to toggle source
# File lib/garage/controller_helper.rb, line 30
def resource_owner_id
  access_token.try(:resource_owner_id)
end
unauthorized_render_options(error: nil) click to toggle source

Use this method to render 'unauthorized'. Garage user may overwrite this method to response custom unauthorized response. @return [Hash]

# File lib/garage/controller_helper.rb, line 37
def unauthorized_render_options(error: nil)
  { json: { status_code: 401, error: "Unauthorized (invalid token)" } }
end

Private Instance Methods

ability_from_token() click to toggle source
# File lib/garage/controller_helper.rb, line 84
def ability_from_token
  Garage::TokenScope.ability(current_resource_owner, access_token.try(:scopes) || [])
end
notify_request_stats() { || ... } click to toggle source
# File lib/garage/controller_helper.rb, line 88
def notify_request_stats
  yield
ensure
  begin
    payload = {
      :controller => self,
      :token => access_token,
      :resource_owner => current_resource_owner,
    }
    ActiveSupport::Notifications.instrument("garage.request", payload)
  rescue Exception
  end
end
verify_auth() click to toggle source
# File lib/garage/controller_helper.rb, line 102
def verify_auth
  if !access_token || !access_token.accessible?
    error_status = :unauthorized
    options = unauthorized_render_options
    render options.merge(status: error_status)
  end
end