main
rb 54 lines 1.61 KB
Raw
1 class ApplicationController < ActionController::Base
2 include ActionView::Helpers::SanitizeHelper
3
4 # Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
5 allow_browser versions: :modern
6
7 # Changes to the importmap will invalidate the etag for HTML responses
8 stale_when_importmap_changes
9
10 helper_method :current_user, :signed_in?, :current_user_admin?
11
12 private
13
14 def current_user
15 @current_user ||= User.find_by(id: session[:user_id]) if session[:user_id]
16 end
17
18 def signed_in?
19 current_user.present?
20 end
21
22 # True only for signed-in staff. Drives the /admin console gate and the
23 # conditional "Admin" link in the account menu.
24 def current_user_admin?
25 signed_in? && current_user.admin?
26 end
27
28 def require_sign_in!
29 unless signed_in?
30 session[:return_to] = request.fullpath
31 redirect_to signin_path, alert: "Please sign in to continue."
32 end
33 end
34
35 # Gate for the admin console. Non-admins are sent home with a 404-ish message
36 # rather than a 403 so we don't advertise the console's existence.
37 def require_admin!
38 return if current_user_admin?
39
40 if signed_in?
41 redirect_to root_path, alert: "Not found."
42 else
43 session[:return_to] = request.fullpath
44 redirect_to signin_path, alert: "Please sign in to continue."
45 end
46 end
47
48 # Marks the current response as off-limits to search engines. The SEO partial
49 # reads @noindex and emits <meta name="robots" content="noindex, nofollow">.
50 # Use for auth, settings, billing, and other non-content/transactional pages.
51 def noindex!
52 @noindex = true
53 end
54 end