X-Git-Url: http://git.osdn.net/view?p=pettanr%2Fpettanr.git;a=blobdiff_plain;f=app%2Fcontrollers%2Fapplication_controller.rb;h=be0c189277666059b968a9b69c57e7976c261ae6;hp=0c17b70e64b2ad117cb3854097d9585f2b6b6a40;hb=d7c8065be895b67dc453b0e11ad0f259f1ca6706;hpb=644f57fc419372cbe20d11bc96b4ec5a3d200448

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0c17b70e..be0c1892 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,7 +1,9 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
+  protect_from_forgery with: :null_session, if: Proc.new {|c| c.request.format == 'application/json'}
   layout :devise_layout
   before_action :bf
+  before_action :authenticate_user_from_token!, if: -> {params[:email].present? or request.headers[:email]}
   
   def devise_layout
     if devise_controller?
@@ -51,6 +53,14 @@ class ApplicationController < ActionController::Base
     @operators = Operator.new [user, author, artist, admin, demand_user]
   end
   
+  def authenticate_user_from_token!
+    user = User.find_by(email: (params[:email] or request.headers[:email]))
+    if Devise.secure_compare(user.try(:authentication_token), (params[:token] or request.headers[:token]))
+      sign_in user, store: false
+      self.bf
+    end
+  end
+  
   def authenticate_reader
     authenticate_user! unless @operators.reader?
   end
@@ -140,7 +150,7 @@ class ApplicationController < ActionController::Base
       res = {
         :page_status => {
           :type => :default, :total => @finder.total_count, :total_page => @finder.total_pages, 
-          :page => @finder.page, :page_size => @finder.limit_value, 
+          :page => @finder.current_page, :page_size => @finder.limit_value, 
           :item_name => @my_action.return_item_name
         },
         # rails3.2 has problem