khadzhinov · August 18, 2018 12:56
diff --git a/base_controller b/base_controller
 module Api
  module V3
    class BaseController < ActionController::Base
      include Mixins::Audit
      respond_to :json
      before_filter :authenticate, except: :api_key
      before_filter :set_user_time_zone, except: :api_key
      doorkeeper_for :all, except: :api_key, unless: -> { request.params['api_key'].present? }

      attr_accessor :current_user, :account, :parent_resource

      swagger_controller :base, 'Base'

      swagger_api :api_key do
        summary 'Get API key for user'
        notes 'It use user email and password'
        param :query, :email, :string, :required, 'Email'
        param :query, :password, :string, :required, 'Password'
        response :unauthorized
      end

      def api_resource_name
        @resource_name ||= self.class.name.sub('Controller', '').sub('Api::V3::', '').singularize.underscore
      end

      def api_resource
        account.public_send(api_resource_name.pluralize)
      end

      def api_key
        u = User.authenticate(params[:email], params[:password])
        if u
          respond_to do |format|
            format.json { render json: { api_key: u.api_key, name: u.full_name, user_id: u.id, avatar: u.photo } }
            format.html { render inline: u.api_key }
            format.xml { render xml: { api_key: u.api_key } }
          end
        else
          head :unauthorized
        end
      end

      def index
        page = params[:page].to_i > 0 ? params[:page].to_i : 1
        per_page = params[:per_page].to_i > 0 ? params[:per_page].to_i : 30
        @resources = api_resource.paginate(page: page, per_page: per_page)
        respond_with(:api, :v3, @resources) do |format|
          format.json { render json: @resources, root: false }
        end
      end

      def show
        @resource = api_resource.find_by_id(params[:id])
        if @resource
          respond_with :api, :v3, @resource
        else
          render json: '', status: :not_found
        end
      end

      def create
        @resource = api_resource.build(params[api_resource_name])
        @resource.save
        respond_with :api, :v3, @resource
      end

      def update
        @resource = api_resource.find(params[:id])
        @resource.update_attributes(params[api_resource_name])
        respond_with :api, :v3, @resource
      end

      def destroy
        @resource = api_resource.find_by_id(params[:id])
        if @resource
          @resource.destroy
          respond_with :api, :v3, @resource
        else
          head :not_found
        end
      end

      protected

      def set_user_time_zone
        Time.zone = current_user.time_zone if current_user.present?
      rescue
        Time.zone = 'UTC'
      end

      def authenticate
        token = doorkeeper_token
        @current_user = token ? User.find_by_id(token.resource_owner_id) : User.find_by_api_key(params[:api_key])
        if @current_user && @current_user.active &&
           !@current_user.account.deleted && @current_user.account.active? && !@current_user.account.unpaid?
          @account = @current_user.account
          Account.current = @current_user.account
        else
          head :unauthorized
        end
      end

      private

      def current_account
        account
      end
    end
  end
 end
	module Api
	module V3
	class BaseController < ActionController::Base
	include Mixins::Audit
	respond_to :json
	before_filter :authenticate, except: :api_key
	before_filter :set_user_time_zone, except: :api_key
	doorkeeper_for :all, except: :api_key, unless: -> { request.params['api_key'].present? }

	attr_accessor :current_user, :account, :parent_resource

	swagger_controller :base, 'Base'

	swagger_api :api_key do
	summary 'Get API key for user'
	notes 'It use user email and password'
	param :query, :email, :string, :required, 'Email'
	param :query, :password, :string, :required, 'Password'
	response :unauthorized
	end

	def api_resource_name
	@resource_name \|\|= self.class.name.sub('Controller', '').sub('Api::V3::', '').singularize.underscore
	end

	def api_resource
	account.public_send(api_resource_name.pluralize)
	end

	def api_key
	u = User.authenticate(params[:email], params[:password])
	if u
	respond_to do \|format\|
	format.json { render json: { api_key: u.api_key, name: u.full_name, user_id: u.id, avatar: u.photo } }
	format.html { render inline: u.api_key }
	format.xml { render xml: { api_key: u.api_key } }
	end
	else
	head :unauthorized
	end
	end

	def index
	page = params[:page].to_i > 0 ? params[:page].to_i : 1
	per_page = params[:per_page].to_i > 0 ? params[:per_page].to_i : 30
	@resources = api_resource.paginate(page: page, per_page: per_page)
	respond_with(:api, :v3, @resources) do \|format\|
	format.json { render json: @resources, root: false }
	end
	end

	def show
	@resource = api_resource.find_by_id(params[:id])
	if @resource
	respond_with :api, :v3, @resource
	else
	render json: '', status: :not_found
	end
	end

	def create
	@resource = api_resource.build(params[api_resource_name])
	@resource.save
	respond_with :api, :v3, @resource
	end

	def update
	@resource = api_resource.find(params[:id])
	@resource.update_attributes(params[api_resource_name])
	respond_with :api, :v3, @resource
	end

	def destroy
	@resource = api_resource.find_by_id(params[:id])
	if @resource
	@resource.destroy
	respond_with :api, :v3, @resource
	else
	head :not_found
	end
	end

	protected

	def set_user_time_zone
	Time.zone = current_user.time_zone if current_user.present?
	rescue
	Time.zone = 'UTC'
	end

	def authenticate
	token = doorkeeper_token
	@current_user = token ? User.find_by_id(token.resource_owner_id) : User.find_by_api_key(params[:api_key])
	if @current_user && @current_user.active &&
	!@current_user.account.deleted && @current_user.account.active? && !@current_user.account.unpaid?
	@account = @current_user.account
	Account.current = @current_user.account
	else
	head :unauthorized
	end
	end

	private

	def current_account
	account
	end
	end
	end
	end