Class: Frontend::ScreensController

Inherits:
ApplicationController
  • Object
show all
Defined in:
app/controllers/frontend/screens_controller.rb

Instance Method Summary (collapse)

Instance Method Details

- (Object) complete_auth(screen)



104
105
106
107
108
109
110
111
# File 'app/controllers/frontend/screens_controller.rb', line 104

def complete_auth(screen)
  respond_to do |format|
    format.html { redirect_to frontend_screen_path(screen), :status => :moved_permanently }
    format.json { render :json => {
      :screen_auth_token => screen.screen_token
    } }
  end
end

- (Object) index

GET /frontend Handles cases where the ID is not provided:

public legacy screens screens - a MAC address is provided instead of an ID
private screens - send to ID based on authentication token from cookie or GET param
private screen setup - a short token is stored in the session or GET param


53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# File 'app/controllers/frontend/screens_controller.rb', line 53

def index
  if !current_screen.nil?
    send_to_screen(current_screen)
  elsif params[:mac]
    screen = Screen.find_by_mac(params[:mac])
    if screen
      if screen.is_public?
        redirect_to frontend_screen_path(screen), :status => :moved_permanently
      else
        render :text => 'Forbidden.', :status => 403
      end
    else
      render :text => "Screen not found.", :status => 404
    end
  elsif @temp_token = (session[:screen_temp_token] || params[:screen_temp_token])
    screen = Screen.find_by_temp_token @temp_token
    if screen.nil?
      send_temp_token
    else
       screen
      complete_auth(screen)
    end
  else
    # We're going to store the temporary token in the session for
    # browser clients, and send it via the body for API requests.
    # Currently, the token is spoofable during the setup window,
    # but the consequences are limited.
    @temp_token = Screen.generate_temp_token
    session[:screen_temp_token] = @temp_token
    send_temp_token
  end  
end

- (Object) send_temp_token



97
98
99
100
101
102
# File 'app/controllers/frontend/screens_controller.rb', line 97

def send_temp_token 
  respond_to do |format|
    format.html { render 'sign_in', :layout => "no-topmenu" }
    format.json { render :json => {:screen_temp_token => @temp_token} }
  end
end

- (Object) send_to_screen(screen)



86
87
88
89
90
91
92
93
94
95
# File 'app/controllers/frontend/screens_controller.rb', line 86

def send_to_screen(screen)
  respond_to do |format|
    format.html { redirect_to frontend_screen_path(screen), :status => :moved_permanently }
    format.json { render :json => {
      :screen_id => screen.id,
      :screen_url => screen_url(screen),
      :frontend_url => frontend_screen_url(screen)
   } }
  end
end

- (Object) setup

GET /frontend/1/setup.json Get information required to setup the screen and display the template with positions.



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
# File 'app/controllers/frontend/screens_controller.rb', line 116

def setup
  headers['Access-Control-Allow-Origin'] = '*' unless !ConcertoConfig[:public_concerto]
  @preview = params.has_key?(:preview) && params[:preview] == "true"
  begin
    @screen = Screen.find(params[:id])
    allow_screen_if_unsecured @screen
    auth! :action => (@preview ? :preview : :display)
  rescue ActiveRecord::ActiveRecordError
    render :json => {}, :status => 404
  rescue CanCan::AccessDenied
    render :json => {}, :status => 403
  else

    field_configs = []  # Cache the field_configs
    @screen.run_callbacks(:frontend_display) do
      # Inject paths into fake attribute so they gets sent with the setup info.
      # Pretend that it's better not to change the format of the image, so we detect it's upload extension.
      if !@screen.template.media.preferred.first.nil?
        template_format = File.extname(@screen.template.media.preferred.first.file_name)[1..-1]
        @screen.template.path = frontend_screen_template_path(@screen, @screen.template, :format => template_format)
      else
        template_format = nil
        @screen.template.path = nil
      end
      css_media = @screen.template.media.where({:key => 'css'})
      if !css_media.empty?
        @screen.template.css_path = media_path(css_media.first)
      end
      @screen.template.positions.each do |p|
        p.field_contents_path = frontend_screen_field_contents_path(@screen, p.field, :format => :json)
        p.field.config = {}
        FieldConfig.default.where(:field_id => p.field_id).each do |d_fc|
          p.field.config[d_fc.key] = d_fc.value
          field_configs << d_fc
        end
        @screen.field_configs.where(:field_id => p.field_id).each do |fc|
          p.field.config[fc.key] = fc.value
          field_configs << fc
        end
      end
    end

    if stale?(:etag => @screen.frontend_cache_key(field_configs), :public => true)
    respond_to do |format|
      format.json {
        render :json => @screen.to_json(
          :only => [:name, :id],
          :include => {
            :template => {
              :include => {
                :positions => {
                  :except => [:created_at, :updated_at, :template_id, :field_id],
                  :methods => [:field_contents_path],
                  :include => {
                    :field => {
                      :methods => [:config],
                      :only => [:id, :name, :config]
                    }
                  }
                },
              },
              :only => [:id, :name],
              :methods => [:path, :css_path]
            }
          }
        )
      }
    end
    end
    unless @preview
      @screen.mark_updated
    end
  end
end

- (Object) show

GET /frontend/:id



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# File 'app/controllers/frontend/screens_controller.rb', line 9

def show
  @preview = params.has_key?(:preview) && params[:preview] == "true"
  begin
    @screen = Screen.find(params[:id])
    allow_screen_if_unsecured @screen
    auth! :action => (@preview ? :preview : :display)
  rescue ActiveRecord::ActiveRecordError
    # TODO: Could this just be a regular 404?
    render :text => "Screen not found.", :status => 404
  rescue CanCan::AccessDenied
    if current_screen.nil?
      headers['WWW-Authenticate']='Basic realm="Frontend Screen"'
      render :text=> "Screen requires authentication.", :status => 401
    else
      render :text=> "Incorrect authorization.", :status => 403
    end
  else
    @js_files = ['frontend.js']
    @debug = false
    if params[:debug]
      @debug = true
      @js_files = ['frontend_debug.js']
    end
    if params[:files]
      @js_files = params[:files].split(",")
    end
    @screen.run_callbacks(:frontend_display)
    respond_to do |format|
      format.html
    end
  end
end

- (Object) show_options

OPTIONS /frontend/:id Requested by browser to find CORS policy



44
45
46
# File 'app/controllers/frontend/screens_controller.rb', line 44

def show_options
  head :ok
end