Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
trabajo-afectivo/app/controllers/user_access_token_controller.rb

136 lines
3.6 KiB
Ruby
Raw Normal View History

Updated copyright.
2016-10-19 03:11:36 +00:00
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
Added api setting to admin interface and tokens to user preferences.
2016-07-28 10:09:32 +00:00
class UserAccessTokenController < ApplicationController
Improved session validation and usage of cors headers.
2017-02-15 12:29:25 +00:00
prepend_before_action { authentication_check(permission: 'user_preferences.access_token') }
Added api setting to admin interface and tokens to user preferences.
2016-07-28 10:09:32 +00:00
Added api doc to controller (and also to docs repo).
2018-08-16 11:13:20 +00:00
=begin
Resource:
GET /api/v1/user_access_token
Response:
{
"tokens":[
{"id":1,"label":"some user access token","preferences":{"permission":["cti.agent","ticket.agent"]},"last_used_at":null,"expires_at":null,"created_at":"2018-07-11T08:18:56.947Z"}
{"id":2,"label":"some user access token 2","preferences":{"permission":[ticket.agent"]},"last_used_at":null,"expires_at":null,"created_at":"2018-07-11T08:18:56.947Z"}
],
"permissions":[
{id: 1, name: "admin", note: "Admin Interface", preferences: {}, active: true,...},
{id: 2, name: "admin.user", note: "Manage Users", preferences: {}, active: true,...},
...
]
}
Test:
curl http://localhost/api/v1/user_access_token -v -u #{login}:#{password}
=end
Added api setting to admin interface and tokens to user preferences.
2016-07-28 10:09:32 +00:00
def index
tokens = Token.where(action: 'api', persistent: true, user_id: current_user.id).order('updated_at DESC, label ASC')
token_list = []
Applied RuboCop Style/BlockDelimiters to improve readability.
2017-10-01 12:25:52 +00:00
tokens.each do |token|
Added api setting to admin interface and tokens to user preferences.
2016-07-28 10:09:32 +00:00
attributes = token.attributes
attributes.delete('persistent')
attributes.delete('name')
token_list.push attributes
Applied RuboCop Style/BlockDelimiters to improve readability.
2017-10-01 12:25:52 +00:00
end
Init version of permission management of personal tokens.
2016-08-16 07:09:09 +00:00
local_permissions = current_user.permissions
local_permissions_new = {}
Applied changes for Rubocop 0.51.
2017-11-23 08:09:44 +00:00
local_permissions.each_key do |key|
Init version of permission management of personal tokens.
2016-08-16 07:09:09 +00:00
keys = Object.const_get('Permission').with_parents(key)
Applied RuboCop Style/BlockDelimiters to improve readability.
2017-10-01 12:25:52 +00:00
keys.each do |local_key|
Improved permission check of personal tokens.
2016-08-16 08:00:44 +00:00
next if local_permissions_new.key?([local_key])
Updated rubocop to latest version (0.59.2) and applied required changes.
2018-10-09 06:17:41 +00:00
Improved permission check of personal tokens.
2016-08-16 08:00:44 +00:00
if local_permissions[local_key] == true
local_permissions_new[local_key] = true
next
end
Init version of permission management of personal tokens.
2016-08-16 07:09:09 +00:00
local_permissions_new[local_key] = false
Applied RuboCop Style/BlockDelimiters to improve readability.
2017-10-01 12:25:52 +00:00
end
end
Init version of permission management of personal tokens.
2016-08-16 07:09:09 +00:00
permissions = []
Applied RuboCop Style/BlockDelimiters to improve readability.
2017-10-01 12:25:52 +00:00
Permission.all.where(active: true).order(:name).each do |permission|
Added multi permission check to Token.check.
2016-08-17 11:24:51 +00:00
next if !local_permissions_new.key?(permission.name) && !current_user.permissions?(permission.name)
Updated rubocop to latest version (0.59.2) and applied required changes.
2018-10-09 06:17:41 +00:00
Improved permission check of personal tokens.
2016-08-16 08:00:44 +00:00
permission_attributes = permission.attributes
if local_permissions_new[permission.name] == false
permission_attributes['preferences']['disabled'] = true
end
permissions.push permission_attributes
Applied RuboCop Style/BlockDelimiters to improve readability.
2017-10-01 12:25:52 +00:00
end
Init version of permission management of personal tokens.
2016-08-16 07:09:09 +00:00
render json: {
Updated rubocop - applied custom Layout/AlignHash style.
2018-12-19 17:31:51 +00:00
tokens: token_list,
Init version of permission management of personal tokens.
2016-08-16 07:09:09 +00:00
permissions: permissions,
}, status: :ok
Added api setting to admin interface and tokens to user preferences.
2016-07-28 10:09:32 +00:00
end
Added api doc to controller (and also to docs repo).
2018-08-16 11:13:20 +00:00
=begin
Resource:
POST /api/v1/user_access_token
Payload:
{
"label":"some test",
"permission":["cti.agent","ticket.agent"],
"expires_at":null
}
Response:
{
"name":"new_token_only_shown_once"
}
Test:
curl http://localhost/api/v1/user_access_token -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"label":"some test","permission":["cti.agent","ticket.agent"],"expires_at":null}'
=end
Added api setting to admin interface and tokens to user preferences.
2016-07-28 10:09:32 +00:00
def create
if Setting.get('api_token_access') == false
raise Exceptions::UnprocessableEntity, 'API token access disabled!'
end
Small code cleanup.
2017-11-21 14:25:04 +00:00
if params[:label].blank?
Added api setting to admin interface and tokens to user preferences.
2016-07-28 10:09:32 +00:00
raise Exceptions::UnprocessableEntity, 'Need label!'
end
Updated rubocop to latest version (0.59.2) and applied required changes.
2018-10-09 06:17:41 +00:00
Small code cleanup.
2017-11-21 14:25:04 +00:00
token = Token.create!(
Moved from to new permission management.
2016-08-12 16:39:09 +00:00
action: 'api',
label: params[:label],
persistent: true,
user_id: current_user.id,
Added token attributes last_used_at and expires_at.
2016-08-30 14:26:27 +00:00
expires_at: params[:expires_at],
Moved from to new permission management.
2016-08-12 16:39:09 +00:00
preferences: {
permission: params[:permission]
}
Added api setting to admin interface and tokens to user preferences.
2016-07-28 10:09:32 +00:00
)
render json: {
name: token.name,
}, status: :ok
end
Added api doc to controller (and also to docs repo).
2018-08-16 11:13:20 +00:00
=begin
Resource:
DELETE /api/v1/user_access_token/{id}
Response:
{}
Test:
curl http://localhost/api/v1/user_access_token/{id} -v -u #{login}:#{password} -H "Content-Type: application/json" -X DELETE
=end
Added api setting to admin interface and tokens to user preferences.
2016-07-28 10:09:32 +00:00
def destroy
token = Token.find_by(action: 'api', user_id: current_user.id, id: params[:id])
raise Exceptions::UnprocessableEntity, 'Unable to find api token!' if !token
Updated rubocop to latest version (0.59.2) and applied required changes.
2018-10-09 06:17:41 +00:00
Small code cleanup.
2017-11-21 14:25:04 +00:00
token.destroy!
Added api setting to admin interface and tokens to user preferences.
2016-07-28 10:09:32 +00:00
render json: {}, status: :ok
end
end
Reference in a new issue Copy permalink