Created
December 4, 2014 01:56
-
-
Save mberman84/b3b6695fc2fc8d4699ea to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class PingWidgetsController < ApplicationController | |
skip_before_filter :verify_authenticity_token, only: [:cors_set_access_control_headers, :cors_preflight_check] | |
before_filter :cors_preflight_check | |
after_filter :cors_set_access_control_headers | |
def settings | |
headers['Access-Control-Allow-Origin'] = '*' | |
if params.has_key?(:uuid) | |
# Checks to see if there's a PingWidget by the uuid. | |
begin | |
@ping_widget = PingWidget.find_by_uuid(params[:uuid]) | |
# If UUID invalid or not in db, we'll get this error, but we don't want to do anything if this happens. | |
rescue PG::InvalidTextRepresentation | |
# In all cases where we don't find a PingWidget, return a 404. | |
ensure | |
unless @ping_widget | |
raise ActiveRecord::RecordNotFound | |
end | |
end | |
# If we make it through these errors, then get the phone number. | |
@phone_number = @ping_widget.company.open_phone_number_digits | |
end | |
render json: {:ping_widget => @ping_widget, :phone_number => @phone_number} | |
end | |
def show | |
authorize! :read, PingWidget | |
@ping_widget = current_company.ping_widget | |
@ping_widget_uuid = @ping_widget.uuid | |
end | |
def update | |
authorize! :update, PingWidget | |
@ping_widget = current_company.ping_widget | |
respond_to do |format| | |
if @ping_widget.update_attributes(params[:ping_widget].permit(:button_color, :button_text, :button_delay)) | |
format.html { redirect_to ping_path, notice: 'Settings saved.' } | |
format.json { head :no_content } | |
else | |
format.html { render action: 'show' } | |
format.json { render json: ping_widget.errors, status: :unprocessable_entity } | |
end | |
end | |
end | |
def cors_set_access_control_headers | |
headers['Access-Control-Allow-Origin'] = '*' | |
headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS' | |
headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, Authorization, Token' | |
headers['Access-Control-Max-Age'] = "1728000" | |
end | |
def cors_preflight_check | |
if request.method == 'OPTIONS' | |
headers['Access-Control-Allow-Origin'] = '*' | |
headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS' | |
headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version, Token' | |
headers['Access-Control-Max-Age'] = '1728000' | |
render :text => '', :content_type => 'text/plain' | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment