Skip to content

Instantly share code, notes, and snippets.

@mstruve

mstruve/api.rb

Last active Aug 29, 2015
Embed
What would you like to do?
before do
client = Client.active.find_by(token: headers["Auth-Token"])
error!('Unauthorized. Invalid token.', 401) unless client
error!('Unauthorized action.', 403) unless client.user_authorization_required? && User.new(headers["X-Grpn-Email"]).authorized_action?(request.request_method)
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment