mberman84/gist:b3b6695fc2fc8d4699ea

## gistfile1.txt
class PingWidgetsController < ApplicationController

  skip_before_filter :verify_authenticity_token, only: [:cors_set_access_control_headers, :cors_preflight_check]

  before_filter :cors_preflight_check
  after_filter :cors_set_access_control_headers

  def settings
    headers['Access-Control-Allow-Origin'] = '*'
    if params.has_key?(:uuid)
      # Checks to see if there's a PingWidget by the uuid.
      begin
        @ping_widget = PingWidget.find_by_uuid(params[:uuid])
      # If UUID invalid or not in db, we'll get this error, but we don't want to do anything if this happens.
      rescue PG::InvalidTextRepresentation
      # In all cases where we don't find a PingWidget, return a 404.
      ensure
        unless @ping_widget
          raise ActiveRecord::RecordNotFound
        end
      end
      # If we make it through these errors, then get the phone number.
      @phone_number = @ping_widget.company.open_phone_number_digits
    end
    render json: {:ping_widget => @ping_widget, :phone_number => @phone_number}
  end

  def show
    authorize! :read, PingWidget
    @ping_widget = current_company.ping_widget
    @ping_widget_uuid = @ping_widget.uuid
  end

  def update
    authorize! :update, PingWidget
    @ping_widget = current_company.ping_widget
    respond_to do |format|
      if @ping_widget.update_attributes(params[:ping_widget].permit(:button_color, :button_text, :button_delay))
        format.html { redirect_to ping_path, notice: 'Settings saved.' }
        format.json { head :no_content }
      else
        format.html { render action: 'show' }
        format.json { render json: ping_widget.errors, status: :unprocessable_entity }
      end
    end
  end

  def cors_set_access_control_headers
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
    headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, Authorization, Token'
    headers['Access-Control-Max-Age'] = "1728000"
  end

  def cors_preflight_check
    if request.method == 'OPTIONS'
      headers['Access-Control-Allow-Origin'] = '*'
      headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
      headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version, Token'
      headers['Access-Control-Max-Age'] = '1728000'

      render :text => '', :content_type => 'text/plain'
    end
  end

end
	class PingWidgetsController < ApplicationController

	skip_before_filter :verify_authenticity_token, only: [:cors_set_access_control_headers, :cors_preflight_check]

	before_filter :cors_preflight_check
	after_filter :cors_set_access_control_headers

	def settings
	headers['Access-Control-Allow-Origin'] = '*'
	if params.has_key?(:uuid)
	# Checks to see if there's a PingWidget by the uuid.
	begin
	@ping_widget = PingWidget.find_by_uuid(params[:uuid])
	# If UUID invalid or not in db, we'll get this error, but we don't want to do anything if this happens.
	rescue PG::InvalidTextRepresentation
	# In all cases where we don't find a PingWidget, return a 404.
	ensure
	unless @ping_widget
	raise ActiveRecord::RecordNotFound
	end
	end
	# If we make it through these errors, then get the phone number.
	@phone_number = @ping_widget.company.open_phone_number_digits
	end
	render json: {:ping_widget => @ping_widget, :phone_number => @phone_number}
	end

	def show
	authorize! :read, PingWidget
	@ping_widget = current_company.ping_widget
	@ping_widget_uuid = @ping_widget.uuid
	end

	def update
	authorize! :update, PingWidget
	@ping_widget = current_company.ping_widget
	respond_to do \|format\|
	if @ping_widget.update_attributes(params[:ping_widget].permit(:button_color, :button_text, :button_delay))
	format.html { redirect_to ping_path, notice: 'Settings saved.' }
	format.json { head :no_content }
	else
	format.html { render action: 'show' }
	format.json { render json: ping_widget.errors, status: :unprocessable_entity }
	end
	end
	end

	def cors_set_access_control_headers
	headers['Access-Control-Allow-Origin'] = '*'
	headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
	headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, Authorization, Token'
	headers['Access-Control-Max-Age'] = "1728000"
	end

	def cors_preflight_check
	if request.method == 'OPTIONS'
	headers['Access-Control-Allow-Origin'] = '*'
	headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
	headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version, Token'
	headers['Access-Control-Max-Age'] = '1728000'

	render :text => '', :content_type => 'text/plain'
	end
	end

	end