-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
base_controller.rb
66 lines (56 loc) 路 2.06 KB
/
base_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
module Spree
module Admin
class BaseController < Spree::BaseController
helper 'spree/admin/navigation'
helper 'spree/admin/tables'
layout '/spree/layouts/admin'
before_action :authorize_admin
protected
def action
params[:action].to_sym
end
def authorize_admin
if respond_to?(:model_class, true) && model_class
record = model_class
else
record = controller_name.to_sym
end
authorize! :admin, record
authorize! action, record
end
# Need to generate an API key for a user due to some backend actions
# requiring authentication to the Spree API
def generate_admin_api_key
if (user = try_spree_current_user) && user.spree_api_key.blank?
user.generate_spree_api_key!
end
end
def flash_message_for(object, event_sym)
resource_desc = object.class.model_name.human
resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?
Spree.t(event_sym, :resource => resource_desc)
end
def render_js_for_destroy
render :partial => '/spree/admin/shared/destroy'
end
# Index request for JSON needs to pass a CSRF token in order to prevent JSON Hijacking
def check_json_authenticity
return unless request.format.js? or request.format.json?
return unless protect_against_forgery?
auth_token = params[request_forgery_protection_token]
unless (auth_token and form_authenticity_token == URI.unescape(auth_token))
raise(ActionController::InvalidAuthenticityToken)
end
end
def config_locale
Spree::Backend::Config[:locale]
end
def can_not_transition_without_customer_info
unless @order.billing_address.present?
flash[:notice] = Spree.t(:fill_in_customer_info)
redirect_to edit_admin_order_customer_url(@order)
end
end
end
end
end