app/controllers/master_controller.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

# frozen_string_literal: true

# The father class of all controllers that require the master role to fulfill requests.
class MasterController < AuthenticatedController
  before_action :assert_master_role
  skip_before_action :validate_jwt, only: %i[show index]
  skip_before_action :assert_master_role, only: %i[show index]

  private

  def assert_master_role
    return if current_user_role == 'master'

    render json: { error_message: 'No cuenta con los permisos necesarios' }, status: :forbidden
  end
end