34 lines
897 B
Ruby
34 lines
897 B
Ruby
# frozen_string_literal: true
|
|
|
|
class ApplicationController < ActionController::Base
|
|
skip_before_action :verify_authenticity_token
|
|
|
|
before_action :ensure_authentication
|
|
|
|
rescue_from StandardError, with: :standard_error unless Rails.env.development?
|
|
rescue_from CanCan::AccessDenied, with: :access_denied unless Rails.env.development?
|
|
|
|
protected
|
|
|
|
def ensure_authentication
|
|
redirect_to login_path if current_user.blank?
|
|
end
|
|
|
|
def current_user
|
|
@current_user ||= User.find_by(id: session[:current_user_id])
|
|
end
|
|
|
|
def current_ability
|
|
@current_ability ||= Ability.new(current_user)
|
|
end
|
|
|
|
def access_denied
|
|
# NOTE: For security reasons, consider using 404 when denied access to a read operation.
|
|
render 'application/access_denied', status: :unauthorized
|
|
end
|
|
|
|
def standard_error
|
|
render 'application/standard_error', status: :internal_server_error
|
|
end
|
|
end
|