trabajo-afectivo/app/controllers/user_access_token_controller.rb

# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/

class UserAccessTokenController < ApplicationController
  before_action { authentication_check(permission: 'user_preferences.access_token') }

  def index
    tokens = Token.where(action: 'api', persistent: true, user_id: current_user.id).order('updated_at DESC, label ASC')
    token_list = []
    tokens.each { |token|
      attributes = token.attributes
      attributes.delete('persistent')
      attributes.delete('name')
      token_list.push attributes
    }
    local_permissions = current_user.permissions
    local_permissions_new = {}
    local_permissions.each { |key, _value|
      keys = Object.const_get('Permission').with_parents(key)
      keys.each { |local_key|
        next if local_permissions_new.key?([local_key])
        if local_permissions[local_key] == true
          local_permissions_new[local_key] = true
          next
        end
        local_permissions_new[local_key] = false
      }
    }
    permissions = []
    Permission.all.order(:name).each { |permission|
      next if !local_permissions_new.key?(permission.name)
      permission_attributes = permission.attributes
      if local_permissions_new[permission.name] == false
        permission_attributes['preferences']['disabled'] = true
      end
      permissions.push permission_attributes
    }

    render json: {
      tokens: token_list,
      permissions: permissions,
    }, status: :ok
  end

  def create
    if Setting.get('api_token_access') == false
      raise Exceptions::UnprocessableEntity, 'API token access disabled!'
    end
    if params[:label].empty?
      raise Exceptions::UnprocessableEntity, 'Need label!'
    end
    token = Token.create(
      action:      'api',
      label:       params[:label],
      persistent:  true,
      user_id:     current_user.id,
      preferences: {
        permission: params[:permission]
      }
    )
    render json: {
      name: token.name,
    }, status: :ok
  end

  def destroy
    token = Token.find_by(action: 'api', user_id: current_user.id, id: params[:id])
    raise Exceptions::UnprocessableEntity, 'Unable to find api token!' if !token
    token.destroy
    render json: {}, status: :ok
  end

end
Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00			`# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/`

			`class UserAccessTokenController < ApplicationController`
Init version of permission management of personal tokens. 2016-08-16 07:09:09 +00:00			`before_action { authentication_check(permission: 'user_preferences.access_token') }`
Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00
			`def index`
			`tokens = Token.where(action: 'api', persistent: true, user_id: current_user.id).order('updated_at DESC, label ASC')`
			`token_list = []`
			`tokens.each { \|token\|`
			`attributes = token.attributes`
			`attributes.delete('persistent')`
			`attributes.delete('name')`
			`token_list.push attributes`
			`}`
Init version of permission management of personal tokens. 2016-08-16 07:09:09 +00:00			`local_permissions = current_user.permissions`
			`local_permissions_new = {}`
			`local_permissions.each { \|key, _value\|`
			`keys = Object.const_get('Permission').with_parents(key)`
			`keys.each { \|local_key\|`
Improved permission check of personal tokens. 2016-08-16 08:00:44 +00:00			`next if local_permissions_new.key?([local_key])`
			`if local_permissions[local_key] == true`
			`local_permissions_new[local_key] = true`
			`next`
			`end`
Init version of permission management of personal tokens. 2016-08-16 07:09:09 +00:00			`local_permissions_new[local_key] = false`
			`}`
			`}`
			`permissions = []`
			`Permission.all.order(:name).each { \|permission\|`
			`next if !local_permissions_new.key?(permission.name)`
Improved permission check of personal tokens. 2016-08-16 08:00:44 +00:00			`permission_attributes = permission.attributes`
			`if local_permissions_new[permission.name] == false`
			`permission_attributes['preferences']['disabled'] = true`
			`end`
			`permissions.push permission_attributes`
Init version of permission management of personal tokens. 2016-08-16 07:09:09 +00:00			`}`

			`render json: {`
			`tokens: token_list,`
			`permissions: permissions,`
			`}, status: :ok`
Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00			`end`

			`def create`
			`if Setting.get('api_token_access') == false`
			`raise Exceptions::UnprocessableEntity, 'API token access disabled!'`
			`end`
			`if params[:label].empty?`
			`raise Exceptions::UnprocessableEntity, 'Need label!'`
			`end`
			`token = Token.create(`
Moved from to new permission management. 2016-08-12 16:39:09 +00:00			`action: 'api',`
			`label: params[:label],`
			`persistent: true,`
			`user_id: current_user.id,`
			`preferences: {`
			`permission: params[:permission]`
			`}`
Added api setting to admin interface and tokens to user preferences. 2016-07-28 10:09:32 +00:00			`)`
			`render json: {`
			`name: token.name,`
			`}, status: :ok`
			`end`

			`def destroy`
			`token = Token.find_by(action: 'api', user_id: current_user.id, id: params[:id])`
			`raise Exceptions::UnprocessableEntity, 'Unable to find api token!' if !token`
			`token.destroy`
			`render json: {}, status: :ok`
			`end`

			`end`