# frozen_string_literal: true

class ApplicationController < ActionController::Base
  skip_before_action :verify_authenticity_token

  before_action :ensure_authentication

  rescue_from StandardError, with: :standard_error unless Rails.env.development?
  rescue_from CanCan::AccessDenied, with: :access_denied unless Rails.env.development?

  protected

  def ensure_authentication
    redirect_to login_path if current_user.blank?
  end

  def current_user
    @current_user ||= User.find_by(id: session[:current_user_id])
  end

  def current_ability
    @current_ability ||= Ability.new(current_user)
  end

  def access_denied
    # NOTE: For security reasons, consider using 404 when denied access to a read operation.
    render 'application/access_denied', status: :unauthorized
  end

  def standard_error
    render 'application/standard_error', status: :internal_server_error
  end
end