32 lines
751 B
Ruby
32 lines
751 B
Ruby
# frozen_string_literal: true
|
|
|
|
class ApplicationController < ActionController::API
|
|
include Pundit
|
|
|
|
before_action :authenticate_request
|
|
after_action :verify_authorized, except: :index
|
|
after_action :verify_policy_scoped, only: :index
|
|
|
|
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
|
|
|
|
def index; end
|
|
|
|
private
|
|
|
|
def current_user
|
|
@current_user ||= authenticate_request
|
|
end
|
|
|
|
def authenticate_request
|
|
return nil if request.authorization.blank?
|
|
|
|
@authenticate_request ||= AuthorizeRequest.new(request.headers).perform
|
|
end
|
|
|
|
def user_not_authorized
|
|
render \
|
|
json: { authorization: ["You are not authorized to perform this action."] },
|
|
status: :unauthorized
|
|
end
|
|
end
|