trabajo-afectivo/app/controllers/user_access_token_controller.rb

# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/

class UserAccessTokenController < ApplicationController
  prepend_before_action { authentication_check(permission: 'user_preferences.access_token') }

=begin

Resource:
GET /api/v1/user_access_token

Response:
{
  "tokens":[
    {"id":1,"label":"some user access token","preferences":{"permission":["cti.agent","ticket.agent"]},"last_used_at":null,"expires_at":null,"created_at":"2018-07-11T08:18:56.947Z"}
    {"id":2,"label":"some user access token 2","preferences":{"permission":[ticket.agent"]},"last_used_at":null,"expires_at":null,"created_at":"2018-07-11T08:18:56.947Z"}
  ],
  "permissions":[
    {id: 1, name: "admin", note: "Admin Interface", preferences: {}, active: true,...},
    {id: 2, name: "admin.user", note: "Manage Users", preferences: {}, active: true,...},
    ...
  ]
}

Test:
curl http://localhost/api/v1/user_access_token -v -u #{login}:#{password}

=end

  def index
    tokens = Token.where(action: 'api', persistent: true, user_id: current_user.id).order('updated_at DESC, label ASC')
    token_list = []
    tokens.each do |token|
      attributes = token.attributes
      attributes.delete('persistent')
      attributes.delete('name')
      token_list.push attributes
    end
    local_permissions = current_user.permissions
    local_permissions_new = {}
    local_permissions.each_key do |key|
      keys = Object.const_get('Permission').with_parents(key)
      keys.each do |local_key|
        next if local_permissions_new.key?([local_key])
        if local_permissions[local_key] == true
          local_permissions_new[local_key] = true
          next
        end
        local_permissions_new[local_key] = false
      end
    end
    permissions = []
    Permission.all.where(active: true).order(:name).each do |permission|
      next if !local_permissions_new.key?(permission.name) && !current_user.permissions?(permission.name)
      permission_attributes = permission.attributes
      if local_permissions_new[permission.name] == false
        permission_attributes['preferences']['disabled'] = true
      end
      permissions.push permission_attributes
    end

    render json: {
      tokens: token_list,
      permissions: permissions,
    }, status: :ok
  end

=begin

Resource:
POST /api/v1/user_access_token

Payload:
{
  "label":"some test",
  "permission":["cti.agent","ticket.agent"],
  "expires_at":null
}

Response:
{
  "name":"new_token_only_shown_once"
}

Test:
curl http://localhost/api/v1/user_access_token -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"label":"some test","permission":["cti.agent","ticket.agent"],"expires_at":null}'

=end

  def create
    if Setting.get('api_token_access') == false
      raise Exceptions::UnprocessableEntity, 'API token access disabled!'
    end
    if params[:label].blank?
      raise Exceptions::UnprocessableEntity, 'Need label!'
    end
    token = Token.create!(
      action:      'api',
      label:       params[:label],
      persistent:  true,
      user_id:     current_user.id,
      expires_at:  params[:expires_at],
      preferences: {
        permission: params[:permission]
      }
    )
    render json: {
      name: token.name,
    }, status: :ok
  end

=begin

Resource:
DELETE /api/v1/user_access_token/{id}

Response:
{}

Test:
curl http://localhost/api/v1/user_access_token/{id} -v -u #{login}:#{password} -H "Content-Type: application/json" -X DELETE

=end

  def destroy
    token = Token.find_by(action: 'api', user_id: current_user.id, id: params[:id])
    raise Exceptions::UnprocessableEntity, 'Unable to find api token!' if !token
    token.destroy!
    render json: {}, status: :ok
  end

end
Updated copyright. 2016-10-19 03:11:36 +00:00			`# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/`
Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00
			`class UserAccessTokenController < ApplicationController`
Improved session validation and usage of cors headers. 2017-02-15 12:29:25 +00:00			`prepend_before_action { authentication_check(permission: 'user_preferences.access_token') }`
Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00
Added api doc to controller (and also to docs repo). 2018-08-16 11:13:20 +00:00			`=begin`

			`Resource:`
			`GET /api/v1/user_access_token`

			`Response:`
			`{`
			`"tokens":[`
			`{"id":1,"label":"some user access token","preferences":{"permission":["cti.agent","ticket.agent"]},"last_used_at":null,"expires_at":null,"created_at":"2018-07-11T08:18:56.947Z"}`
			`{"id":2,"label":"some user access token 2","preferences":{"permission":[ticket.agent"]},"last_used_at":null,"expires_at":null,"created_at":"2018-07-11T08:18:56.947Z"}`
			`],`
			`"permissions":[`
			`{id: 1, name: "admin", note: "Admin Interface", preferences: {}, active: true,...},`
			`{id: 2, name: "admin.user", note: "Manage Users", preferences: {}, active: true,...},`
			`...`
			`]`
			`}`

			`Test:`
			`curl http://localhost/api/v1/user_access_token -v -u #{login}:#{password}`

			`=end`

Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00			`def index`
			`tokens = Token.where(action: 'api', persistent: true, user_id: current_user.id).order('updated_at DESC, label ASC')`
			`token_list = []`
Applied RuboCop Style/BlockDelimiters to improve readability. 2017-10-01 12:25:52 +00:00			`tokens.each do \|token\|`
Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00			`attributes = token.attributes`
			`attributes.delete('persistent')`
			`attributes.delete('name')`
			`token_list.push attributes`
Applied RuboCop Style/BlockDelimiters to improve readability. 2017-10-01 12:25:52 +00:00			`end`
Init version of permission management of personal tokens. 2016-08-16 07:09:09 +00:00			`local_permissions = current_user.permissions`
			`local_permissions_new = {}`
Applied changes for Rubocop 0.51. 2017-11-23 08:09:44 +00:00			`local_permissions.each_key do \|key\|`
Init version of permission management of personal tokens. 2016-08-16 07:09:09 +00:00			`keys = Object.const_get('Permission').with_parents(key)`
Applied RuboCop Style/BlockDelimiters to improve readability. 2017-10-01 12:25:52 +00:00			`keys.each do \|local_key\|`
Improved permission check of personal tokens. 2016-08-16 08:00:44 +00:00			`next if local_permissions_new.key?([local_key])`
			`if local_permissions[local_key] == true`
			`local_permissions_new[local_key] = true`
			`next`
			`end`
Init version of permission management of personal tokens. 2016-08-16 07:09:09 +00:00			`local_permissions_new[local_key] = false`
Applied RuboCop Style/BlockDelimiters to improve readability. 2017-10-01 12:25:52 +00:00			`end`
			`end`
Init version of permission management of personal tokens. 2016-08-16 07:09:09 +00:00			`permissions = []`
Applied RuboCop Style/BlockDelimiters to improve readability. 2017-10-01 12:25:52 +00:00			`Permission.all.where(active: true).order(:name).each do \|permission\|`
Added multi permission check to Token.check. 2016-08-17 11:24:51 +00:00			`next if !local_permissions_new.key?(permission.name) && !current_user.permissions?(permission.name)`
Improved permission check of personal tokens. 2016-08-16 08:00:44 +00:00			`permission_attributes = permission.attributes`
			`if local_permissions_new[permission.name] == false`
			`permission_attributes['preferences']['disabled'] = true`
			`end`
			`permissions.push permission_attributes`
Applied RuboCop Style/BlockDelimiters to improve readability. 2017-10-01 12:25:52 +00:00			`end`
Init version of permission management of personal tokens. 2016-08-16 07:09:09 +00:00
			`render json: {`
			`tokens: token_list,`
			`permissions: permissions,`
			`}, status: :ok`
Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00			`end`

Added api doc to controller (and also to docs repo). 2018-08-16 11:13:20 +00:00			`=begin`

			`Resource:`
			`POST /api/v1/user_access_token`

			`Payload:`
			`{`
			`"label":"some test",`
			`"permission":["cti.agent","ticket.agent"],`
			`"expires_at":null`
			`}`

			`Response:`
			`{`
			`"name":"new_token_only_shown_once"`
			`}`

			`Test:`
			`curl http://localhost/api/v1/user_access_token -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"label":"some test","permission":["cti.agent","ticket.agent"],"expires_at":null}'`

			`=end`

Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00			`def create`
			`if Setting.get('api_token_access') == false`
			`raise Exceptions::UnprocessableEntity, 'API token access disabled!'`
			`end`
Small code cleanup. 2017-11-21 14:25:04 +00:00			`if params[:label].blank?`
Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00			`raise Exceptions::UnprocessableEntity, 'Need label!'`
			`end`
Small code cleanup. 2017-11-21 14:25:04 +00:00			`token = Token.create!(`
Moved from to new permission management. 2016-08-12 16:39:09 +00:00			`action: 'api',`
			`label: params[:label],`
			`persistent: true,`
			`user_id: current_user.id,`
Added token attributes last_used_at and expires_at. 2016-08-30 14:26:27 +00:00			`expires_at: params[:expires_at],`
Moved from to new permission management. 2016-08-12 16:39:09 +00:00			`preferences: {`
			`permission: params[:permission]`
			`}`
Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00			`)`
			`render json: {`
			`name: token.name,`
			`}, status: :ok`
			`end`

Added api doc to controller (and also to docs repo). 2018-08-16 11:13:20 +00:00			`=begin`

			`Resource:`
			`DELETE /api/v1/user_access_token/{id}`

			`Response:`
			`{}`

			`Test:`
			`curl http://localhost/api/v1/user_access_token/{id} -v -u #{login}:#{password} -H "Content-Type: application/json" -X DELETE`

			`=end`

Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00			`def destroy`
			`token = Token.find_by(action: 'api', user_id: current_user.id, id: params[:id])`
			`raise Exceptions::UnprocessableEntity, 'Unable to find api token!' if !token`
Small code cleanup. 2017-11-21 14:25:04 +00:00			`token.destroy!`
Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00			`render json: {}, status: :ok`
			`end`

			`end`