diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/api/companies_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/authenticated_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/master_controller.rb | 2 |
3 files changed, 8 insertions, 2 deletions
diff --git a/app/controllers/api/companies_controller.rb b/app/controllers/api/companies_controller.rb index 9d6cb1c..21744de 100644 --- a/app/controllers/api/companies_controller.rb +++ b/app/controllers/api/companies_controller.rb @@ -4,7 +4,7 @@ module Api # CompaniesController class CompaniesController < MasterController skip_before_action :validate_jwt, only: %i[show index] - skip_before_action :assert_master_role, onlt: %i[show index] + skip_before_action :assert_master_role, only: %i[show index] def index @companies = Company.all diff --git a/app/controllers/authenticated_controller.rb b/app/controllers/authenticated_controller.rb index de02cab..56159ab 100644 --- a/app/controllers/authenticated_controller.rb +++ b/app/controllers/authenticated_controller.rb @@ -13,6 +13,12 @@ class AuthenticatedController < ApplicationController @current_user_account ||= UserAccount.find_by(email:) end + def current_user_role + return if decoded_token.nil? + + decoded_token[0]['aud'] + end + def authentication_token @authentication_token ||= request.headers[:authorization]&.sub(/^Bearer /, '') end diff --git a/app/controllers/master_controller.rb b/app/controllers/master_controller.rb index b2075d5..38cd441 100644 --- a/app/controllers/master_controller.rb +++ b/app/controllers/master_controller.rb @@ -7,7 +7,7 @@ class MasterController < AuthenticatedController private def assert_master_role - return if current_user_account.role == 'master' + return if current_user_role == 'master' render json: { error_message: 'No cuenta con los permisos necesarios' }, status: :forbidden end |