remove skip auth from api and check user modified

2018-04-09 09:58:22 +06:30
parent 1811e53dd1
commit cb3f9c4cd7
7 changed files with 17 additions and 14 deletions
--- a/app/controllers/api/restaurant/item_sets_controller.rb
+++ b/app/controllers/api/restaurant/item_sets_controller.rb
@@ -1,5 +1,4 @@
 class Api::Restaurant::ItemSetsController < Api::ApiController
-
  #Description
  # Pull the default menu details and also other available (active) menus
  # Input Params - order_id
--- a/app/controllers/api/restaurant/menu_categories_controller.rb
+++ b/app/controllers/api/restaurant/menu_categories_controller.rb
@@ -1,5 +1,4 @@
-class Api::Restaurant::MenuCategoriesController < Api::ApiController
- skip_before_action  :authenticate
+class Api::Restaurant::MenuCategoriesController < Api::ApiController 
  #Description
  # Pull the default menu details and also other available (active) menus
  # Input Params - order_id
--- a/app/controllers/api/restaurant/menu_controller.rb
+++ b/app/controllers/api/restaurant/menu_controller.rb
@@ -1,5 +1,4 @@
 class Api::Restaurant::MenuController < Api::ApiController
-  skip_before_action  :authenticate
  #Description
  # Pull the default menu details and also other available (active) menus
  # Input Params - order_id
--- a/app/controllers/api/restaurant/menu_item_attributes_controller.rb
+++ b/app/controllers/api/restaurant/menu_item_attributes_controller.rb
@@ -1,5 +1,4 @@
-class Api::Restaurant::MenuItemAttributesController < Api::ApiController
-	skip_before_action  :authenticate
+class Api::Restaurant::MenuItemAttributesController < Api::ApiController	
  #Description
  # Pull the default menu details and also other available (active) menus
  # Input Params - order_id
--- a/app/controllers/api/restaurant/menu_item_instances_controller.rb
+++ b/app/controllers/api/restaurant/menu_item_instances_controller.rb
@@ -1,5 +1,4 @@
-class Api::Restaurant::MenuItemInstancesController < Api::ApiController
-  skip_before_action  :authenticate
+class Api::Restaurant::MenuItemInstancesController < Api::ApiController  
  #Description
  # Pull the default menu details and also other available (active) menus
  # Input Params - order_id
--- a/app/controllers/base_origami_controller.rb
+++ b/app/controllers/base_origami_controller.rb
@@ -15,9 +15,17 @@ class BaseOrigamiController < ActionController::Base
    redirect_to origami_dashboard_path
  end

-  def check_user
-    if current_user.nil?
-      redirect_to root_path
+  def check_user   
+    if check_mobile     
+      if current_user.nil?
+        return render status: 401, json: {
+          message: "User using other device!"          
+        }.to_json
+      end
+    else 
+      if current_user.nil?
+        redirect_to root_path    
+      end
    end
  end

@@ -41,8 +49,8 @@ class BaseOrigamiController < ActionController::Base
    authenticate_with_http_token do |token, options|   
      if token
        session[:webview] = true
-      end
-      session[:session_token] = token
+        session[:session_token] = token
+      end            
    end
    
    if session[:webview] && request.user_agent =~ /android|blackberry|iphone|ipad|ipod|iemobile|mobile|webos/i
--- a/app/controllers/concerns/token_verification.rb
+++ b/app/controllers/concerns/token_verification.rb
@@ -9,7 +9,7 @@ module TokenVerification

  protected
  # Authenticate the user with token based authentication
-  def authenticate
+  def authenticate    
    authenticate_token || render_unauthorized
  end