Class: ApplicationController

Inherits:

ActionController::Base

• Object
• ActionController::Base
• ApplicationController

Includes:

ActionView::Helpers::NumberHelper, ApplicationHelper, Controllers::AcceleratedFileSending, Controllers::AnalyticsEvents, Controllers::AppsignalTagging, Controllers::Authenticable, Controllers::CloudflareCaching, Controllers::DeviceDetection, Controllers::ErrorRendering, Controllers::Localizable, Controllers::Paginateable, Controllers::PaperTrailContext, Controllers::ReturnPathHandling, Controllers::SetCurrentRequestDetails, Controllers::SubdomainDetection, Controllers::TrackingDetection, Controllers::TurboStreamFlashable, Controllers::TurnstileVerification, Controllers::Webpackable, Memery

Defined in:

app/controllers/application_controller.rb

Direct Known Subclasses

Auth::AuthenticationsController, BasePortalController, CreditApplicationsController, Crm::MarketplaceShippingOptionsController, CrmController, DownloadsController, EmailEventsController, GlobalsController, HeatlossCalculationsController, LocatorRecordsController, NavbarAccountController, NavbarContactController, OnlineOfflineUsersController, PostCommentsController, PostsController, PresetJobsControllerBase, RedactorDragonfly::FilesController, RedactorDragonfly::ImagesController, VideoMediaController, Www::ErrorPreviewController, Www::LiveEventsController, Www::PaymentsController, Www::PublicationsController, Www::QuoteBuilderController, Www::RoomPlansController, Www::SitemapController, Www::SmsRedirectsController, Www::SupportArticlesController, Www::SupportPortalsController, Www::UploadsController

Constant Summary

Constants included from Controllers::AnalyticsEvents

Controllers::AnalyticsEvents::MAX_QUEUED_EVENTS, Controllers::AnalyticsEvents::SESSION_KEY

Constants included from Controllers::ErrorRendering

Controllers::ErrorRendering::NON_CONTENT_PATH_PREFIXES

Constants included from Www::SeoHelper

Www::SeoHelper::AWARDS, Www::SeoHelper::CA_ADDRESS, Www::SeoHelper::CA_BUSINESS_HOURS, Www::SeoHelper::CA_CONTACT_POINT, Www::SeoHelper::CA_CURRENCIES, Www::SeoHelper::CA_DESCRIPTION, Www::SeoHelper::CA_FOUNDING_DATE, Www::SeoHelper::CA_GLOBAL_LOCATION_NUMBER, Www::SeoHelper::CA_LEGAL_NAME, Www::SeoHelper::CA_LOCAL_BUSINESS, Www::SeoHelper::CA_ONLINE_STORE, Www::SeoHelper::CA_RETURN_POLICY, Www::SeoHelper::CA_SALES_DEPARTMENT, Www::SeoHelper::CA_SERVICE_AREA, Www::SeoHelper::CA_URL, Www::SeoHelper::CA_VAT_ID, Www::SeoHelper::CA_WAREHOUSE_DEPARTMENT, Www::SeoHelper::CA_WAREHOUSE_HOURS, Www::SeoHelper::COMPANY_EMAIL, Www::SeoHelper::COMPANY_LOGO, Www::SeoHelper::COMPANY_NAME, Www::SeoHelper::COMPANY_SLOGAN, Www::SeoHelper::EXPERTISE, Www::SeoHelper::FAX_NUMBER, Www::SeoHelper::GS1_COMPANY_PREFIX, Www::SeoHelper::ISO6523_CODE, Www::SeoHelper::PAYMENT_METHODS, Www::SeoHelper::PHONE_NUMBER, Www::SeoHelper::PRIMARY_NAICS, Www::SeoHelper::REFUND_TYPE, Www::SeoHelper::RETURN_FEES, Www::SeoHelper::RETURN_METHOD, Www::SeoHelper::RETURN_POLICY_CATEGORY, Www::SeoHelper::SECONDARY_NAICS, Www::SeoHelper::SOCIAL_PROFILES, Www::SeoHelper::US_ADDRESS, Www::SeoHelper::US_BUSINESS_HOURS, Www::SeoHelper::US_CONTACT_POINT, Www::SeoHelper::US_CURRENCIES, Www::SeoHelper::US_DESCRIPTION, Www::SeoHelper::US_FOUNDING_DATE, Www::SeoHelper::US_GLOBAL_LOCATION_NUMBER, Www::SeoHelper::US_IMAGE, Www::SeoHelper::US_LEGAL_NAME, Www::SeoHelper::US_LOCAL_BUSINESS, Www::SeoHelper::US_ONLINE_STORE, Www::SeoHelper::US_RETURN_POLICY, Www::SeoHelper::US_SALES_DEPARTMENT, Www::SeoHelper::US_SERVICE_AREA, Www::SeoHelper::US_TAX_ID, Www::SeoHelper::US_URL, Www::SeoHelper::US_WAREHOUSE_DEPARTMENT, Www::SeoHelper::US_WAREHOUSE_HOURS

Constants included from IconHelper

IconHelper::CUSTOM_ICON_MAP, IconHelper::CUSTOM_SVG_DIR, IconHelper::DEFAULT_FAMILY

Instance Method Summary

• #account_impersonated? ⇒ Boolean

  Pretender does not ship a boolean helper, but it does set session[:impersonated_account_id] whenever an impersonation is active (see vendor/bundle/.../pretender.rb).

• #add_to_flash(message, type = :error) ⇒ Object protected
• #append_token(val, persist = nil) ⇒ Object protected
• #bypass_forgery_protection? ⇒ Boolean protected
• #chat_enabled? ⇒ Boolean protected
• #cloudflare_cleared? ⇒ Boolean protected
• #default_catalog ⇒ Object protected
• #default_url_options(options = {}) ⇒ Object protected
• #enable_turbo_frames ⇒ Object

  Enable Turbo Frames and Streams for specific sections.

• #find_publication(sku, override_locale_store = nil) ⇒ Object protected
• #fix_invalid_accept_header ⇒ Object protected

  Clean possibly misconfigured proxies or old browsers.

• #init_js_utils ⇒ Object protected
• #is_globals_call? ⇒ Boolean protected
• #layout_by_resource ⇒ Object protected
• #locale_store ⇒ Object protected
• #redirect_to(options = {}, response_options = {}) ⇒ Object

  Hotwire: default redirects after mutating verbs to 303 See Other unless an explicit status: is passed (matches Turbo / Rails 7 guidance for POST/PUT/PATCH/DELETE flows).

• #require_employee_for_crm ⇒ Object protected

  Gate: every request on the CRM subdomain must be from an authenticated employee.

• #set_base_host ⇒ Object protected
• #set_real_ip ⇒ Object protected
• #set_report_errors_for ⇒ Object protected
• #should_render_layout? ⇒ Boolean protected

  Determines if a layout should be rendered based on the request type Returns false for: - Turbo Frame requests (modern Hotwire approach) - XHR requests (legacy AJAX approach) This provides backward compatibility while supporting modern Turbo Frames.

• #stamp_impersonation_context ⇒ Object protected
• #warmlyyours_canada_ip?(ip = nil) ⇒ Boolean protected
• #warmlyyours_ip?(ip = nil) ⇒ Boolean protected
• #y(value) ⇒ Object protected

Methods included from Controllers::ReturnPathHandling

#check_for_return_path, #redirect_to_return_path_or_default

Methods included from Controllers::AnalyticsEvents

#consume_queued_analytics_events, #track_event

Methods included from Controllers::DeviceDetection

#device_detector, #is_ie?

Methods included from Controllers::SubdomainDetection

#is_crm_request?, #is_www_request?, #json_request?

Methods included from Controllers::TrackingDetection

#bot_request?, #gdpr_country?, #gdpr_country_data, #prevent_bots, #set_tracking_cookie, #track_visitor?

Methods included from Controllers::AcceleratedFileSending

#send_file_accelerated, #send_upload_accelerated

Methods included from Controllers::ErrorRendering

#excp_string, #mail_to_for_error_reporting, #render_400, #render_404, #render_406, #render_410, #render_500, #render_invalid_authenticity_token, #render_ip_spoof_error, #safe_referer_or_fallback

Methods included from Controllers::TurnstileVerification

#load_turnstile_script_tag, #turnstile_lazy_widget, #turnstile_script_tag, #turnstile_widget, #validate_turnstile!

Methods included from Controllers::CloudflareCaching

edge_cached, #edge_cached_action?, #reset_cloudflare_cache, #set_cloudflare_cache, #skip_session

Methods included from Controllers::Webpackable

#preload_webpack_fonts, #webpack_css_include, #webpack_css_url, #webpack_js_include, #wpd_is_running?

Methods included from Controllers::Localizable

#cloudflare_country_locale, #determine_request_locale, #geocoder_locale, #guest_user_locale_check, #locale_optional_www_auth_path?, #param_locale, #set_locale, #set_request_locale, #skip_localization?, #warmlyyours_ip_locale

Methods included from Controllers::Authenticable

#access_denied, #authenticate_account, #authenticate_account!, #authenticate_account_from_login_token!, #authenticate_account_from_token!, #check_is_a_manager, #check_is_a_sales_manager, #check_is_an_admin, #check_is_an_employee, #check_party, #clear_mismatched_guest_user, #create_guest_user, #credentials?, #current_or_guest_user, #current_or_guest_user_id_read_only, #current_user, #devise_mapping, #fully_logged_in?, #generate_bot_id, #guest_user, #identifiable?, #init_current_user, #initialize_guest, #load_context_user, #logging_in, #resource, #resource_name, #restrict_access_for_non_employees, #scrubbed_request_path, #user_object, #warn_on_session_guest_id_leak

Methods included from ApplicationHelper

#better_number_to_currency, #check_force_logout, #check_or_cross, #check_or_times, #error_messages, #general_disclaimer_on_product_installation_and_local_codes, #gridjs_from_html_table, #gridjs_table, #is_wy_ip, #line_break, #parent_layout, #pass_or_fail, #render_error_messages_list, #render_video_card, #resolved_auth_form_turbo_frame, #return_path_or, #safe_css_color, #set_return_path_if_present, #set_section_if_present, #tab_frame_id, #to_underscore, #track_page?, #turbo_section_wrapper, #turbo_tabs_request?, #url_on_same_domain_as_request, #widget_index_daily_focus_index_path, #working_hours?, #yes_or_no, #yes_or_no_highlighted, #yes_or_no_with_check_or_cross, #youtube_video

Methods included from UppyUploaderHelper

#file_uploader, #image_uploader, #large_file_uploader_s3, #lead_sketch_uploader, #rma_image_uploader, #rma_image_uploader_s3, #uppy_uploader, #video_uploader

Methods included from Www::ImagesHelper

#image_asset_tag, #image_asset_url

Methods included from Www::SeoHelper

#add_page_schema, #canada?, #company_social_links, #ensure_context_json, #json_ld_script_tag, #local_business_schema, #online_store_id, #online_store_schema, #page_main_entity, #page_main_entity_json, #render_auto_collection_page_schema, #render_collection_page_schema, #render_local_business_schema, #render_online_store_schema, #render_page_schemas, #render_page_video_schemas, #render_webpage_schema, #render_webpage_schema_with_collections, #usa?

Methods included from UrlsHelper

#catalog_breadcrumb_links, #catalog_link, #catalog_link_for_product_line, #catalog_link_for_sku, #cms_link, #delocalized_path, #path_to_sales_product_sku, #path_to_sales_product_sku_for_product_line, #path_to_sales_product_sku_for_product_line_slug, #product_line_from_catalog_link, #protocol_neutral_url, #sanitize_external_url, #valid_external_url?

Methods included from IconHelper

#account_nav_icon, #fa_icon, #star_rating_html

Instance Method Details

#account_impersonated? ⇒ Boolean

Pretender does not ship a boolean helper, but it does set
session[:impersonated_account_id] whenever an impersonation is active
(see vendor/bundle/.../pretender.rb). We define one here as the canonical
check used everywhere in the app (views, MasqueradeGuarded, AnalyticsEvents,
AppsignalTagging, etc.).

Returns:

• (Boolean)

# File 'app/controllers/application_controller.rb', line 17

def account_impersonated?
  request.session[:impersonated_account_id].present?
end

#add_to_flash(message, type = :error) ⇒ Object (protected)

# File 'app/controllers/application_controller.rb', line 128

def add_to_flash(message, type = :error)
  return if message.blank? || (flash[type].present? && flash[type].to_s.downcase.include?(message.to_s.downcase))

  flash[type] ||= +''
  flash[type] += message
end

#append_token(val, persist = nil) ⇒ Object (protected)

# File 'app/controllers/application_controller.rb', line 118

def append_token(val, persist = nil)
  return val unless current_account

  current_account.append_token(val, persist)
end

#bypass_forgery_protection? ⇒ Boolean (protected)

Returns:

• (Boolean)

# File 'app/controllers/application_controller.rb', line 89

def bypass_forgery_protection?
  return true if json_request?
  # Because the user might be presented with a captcha, this can break the csrf check, so this is a workaround.
  return true if cloudflare_cleared?

  false
end

#chat_enabled? ⇒ Boolean (protected)

Returns:

• (Boolean)

# File 'app/controllers/application_controller.rb', line 105

def chat_enabled?
  Rails.env.production? || ENV['ENABLE_LIVECHAT'].to_b
end

#cloudflare_cleared? ⇒ Boolean (protected)

Returns:

• (Boolean)

# File 'app/controllers/application_controller.rb', line 84

def cloudflare_cleared?
  # See https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/
  request.cookies['cf_clearance'].present?
end

#default_catalog ⇒ Object (protected)

# File 'app/controllers/application_controller.rb', line 124

def default_catalog
  current_user.try(:catalog) || Catalog.locale_to_catalog(I18n.locale)
end

#default_url_options(options = {}) ⇒ Object (protected)

# File 'app/controllers/application_controller.rb', line 147

def default_url_options(options = {})
  UrlHelper.default_url_options(options)
end

#enable_turbo_frames ⇒ Object

Enable Turbo Frames and Streams for specific sections

# File 'app/controllers/application_controller.rb', line 74

def enable_turbo_frames
  @turbo_frames_enabled = true
end

#find_publication(sku, override_locale_store = nil) ⇒ Object (protected)

# File 'app/controllers/application_controller.rb', line 113

def find_publication(sku, override_locale_store = nil)
  store = override_locale_store || locale_store
  Item.find_publication(sku, store)
end

#fix_invalid_accept_header ⇒ Object (protected)

Clean possibly misconfigured proxies or old browsers

# File 'app/controllers/application_controller.rb', line 210

def fix_invalid_accept_header
  return unless is_crm_request? || is_www_request?

  request.headers['Accept'] = '*/*' if request.headers['Accept'] == '*'
end

#init_js_utils ⇒ Object (protected)

# File 'app/controllers/application_controller.rb', line 101

def init_js_utils
  @react_props = {}
end

#is_globals_call? ⇒ Boolean (protected)

Returns:

• (Boolean)

# File 'app/controllers/application_controller.rb', line 97

def is_globals_call?
  request&.fullpath.to_s.start_with?('/globals')
end

#layout_by_resource ⇒ Object (protected)

# File 'app/controllers/application_controller.rb', line 161

def layout_by_resource
  # Turbo Frame requests only consume the matching <turbo-frame> from the
  # response; the surrounding layout chrome (navbar, sidebar, head/asset
  # tags, modal containers) is rendered then immediately discarded by the
  # browser. Skip it server-side to save render time and bandwidth on every
  # frame fetch, app-wide.
  return false if turbo_frame_request?

  if devise_controller?
    if is_crm_request?
      @disable_sign_in = true
      'crm/sessions'
    else
      'www/cms_page'
    end
  elsif is_crm_request?
    'crm/crm'
  else
    'www/cms_page'
  end
end

#locale_store ⇒ Object (protected)

# File 'app/controllers/application_controller.rb', line 151

def locale_store
  Store.locale_to_catalog(I18n.locale)
end

#redirect_to(options = {}, response_options = {}) ⇒ Object

Hotwire: default redirects after mutating verbs to 303 See Other unless an explicit
status: is passed (matches Turbo / Rails 7 guidance for POST/PUT/PATCH/DELETE flows).

NOTE: explicitly public because this override sits below the protected keyword
above. Without this, the inherited public redirect_to becomes protected on the
whole app, and any gem that calls controller.redirect_to(...) externally (e.g. the
responders gem used by Devise's respond_with) raises NoMethodError.

# File 'app/controllers/application_controller.rb', line 232

public def redirect_to(options = {}, response_options = {})
  response_options = {} unless response_options.is_a?(Hash)
  unless response_options.key?(:status) || (options.is_a?(Hash) && options.key?(:status))
    if %w[POST PUT PATCH DELETE].include?(request.request_method)
      response_options = { status: :see_other }.merge(response_options)
    end
  end
  super
end

#require_employee_for_crm ⇒ Object (protected)

Gate: every request on the CRM subdomain must be from an authenticated employee.
Controllers with legitimate open access (webhooks, OAuth, token downloads) must
explicitly declare: skip_before_action :require_employee_for_crm

# File 'app/controllers/application_controller.rb', line 186

def require_employee_for_crm
  return unless is_crm_request?
  return if devise_controller?
  return if current_account&.is_employee?

  if current_account
    flash[:error] = "Access to the CRM is restricted to employees."
    redirect_to cms_link('/my_account')
  else
    flash[:info] = t('controllers.authenticable.sign_in_to_proceed')
    redirect_to new_account_session_path(devise_return_path: request.fullpath)
  end
end

#set_base_host ⇒ Object (protected)

# File 'app/controllers/application_controller.rb', line 200

def set_base_host
  @base_url = "#{request.scheme}://#{request.host_with_port}"
end

#set_real_ip ⇒ Object (protected)

# File 'app/controllers/application_controller.rb', line 204

def set_real_ip
  # Fake our location in development when working locally, this is what request geocoder uses
  request.env['HTTP_X_REAL_IP'] = NetworkConstants::REAL_FAKE_IP if Rails.env.development?
end

#set_report_errors_for ⇒ Object (protected)

# File 'app/controllers/application_controller.rb', line 155

def set_report_errors_for
  # Stub, override in your own controllers, put the models that are updated in the array, note use instance variable @ not symbols
  @report_errors_for = []
  logger.debug "set_report_errors_for is set to #{@report_errors_for.join(', ')}" if @report_errors_for.present?
end

#should_render_layout? ⇒ Boolean (protected)

Determines if a layout should be rendered based on the request type
Returns false for:

• Turbo Frame requests (modern Hotwire approach)
• XHR requests (legacy AJAX approach)
  This provides backward compatibility while supporting modern Turbo Frames

Returns:

• (Boolean)

# File 'app/controllers/application_controller.rb', line 221

def should_render_layout?
  !turbo_frame_request? && !request.xhr?
end

#stamp_impersonation_context ⇒ Object (protected)

# File 'app/controllers/application_controller.rb', line 80

def stamp_impersonation_context
  CurrentScope.true_account_id = account_impersonated? ? true_account&.id : nil
end

#warmlyyours_canada_ip?(ip = nil) ⇒ Boolean (protected)

Returns:

• (Boolean)

# File 'app/controllers/application_controller.rb', line 142

def warmlyyours_canada_ip?(ip = nil)
  ip ||= request.remote_ip
  IpDetector.warmlyyours_canada_ip?(ip)
end

#warmlyyours_ip?(ip = nil) ⇒ Boolean (protected)

Returns:

• (Boolean)

# File 'app/controllers/application_controller.rb', line 137

def warmlyyours_ip?(ip = nil)
  ip ||= request.remote_ip
  IpDetector.warmlyyours_ip?(ip)
end

#y(value) ⇒ Object (protected)

# File 'app/controllers/application_controller.rb', line 109

def y(value)
  value.to_b ? 'Yes' : 'No'
end