From 3dae1ce143d006cc75940b746a8eb74982e6e861 Mon Sep 17 00:00:00 2001 From: HombreLaser Date: Sat, 11 Mar 2023 12:10:57 -0600 Subject: AƱade test de scoping MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/api/companies_controller.rb | 2 +- app/controllers/authenticated_controller.rb | 6 ++++++ app/controllers/master_controller.rb | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) (limited to 'app') diff --git a/app/controllers/api/companies_controller.rb b/app/controllers/api/companies_controller.rb index 9d6cb1c..21744de 100644 --- a/app/controllers/api/companies_controller.rb +++ b/app/controllers/api/companies_controller.rb @@ -4,7 +4,7 @@ module Api # CompaniesController class CompaniesController < MasterController skip_before_action :validate_jwt, only: %i[show index] - skip_before_action :assert_master_role, onlt: %i[show index] + skip_before_action :assert_master_role, only: %i[show index] def index @companies = Company.all diff --git a/app/controllers/authenticated_controller.rb b/app/controllers/authenticated_controller.rb index de02cab..56159ab 100644 --- a/app/controllers/authenticated_controller.rb +++ b/app/controllers/authenticated_controller.rb @@ -13,6 +13,12 @@ class AuthenticatedController < ApplicationController @current_user_account ||= UserAccount.find_by(email:) end + def current_user_role + return if decoded_token.nil? + + decoded_token[0]['aud'] + end + def authentication_token @authentication_token ||= request.headers[:authorization]&.sub(/^Bearer /, '') end diff --git a/app/controllers/master_controller.rb b/app/controllers/master_controller.rb index b2075d5..38cd441 100644 --- a/app/controllers/master_controller.rb +++ b/app/controllers/master_controller.rb @@ -7,7 +7,7 @@ class MasterController < AuthenticatedController private def assert_master_role - return if current_user_account.role == 'master' + return if current_user_role == 'master' render json: { error_message: 'No cuenta con los permisos necesarios' }, status: :forbidden end -- cgit v1.2.3