2016-10-19 03:11:36 +00:00
|
|
|
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
|
2016-07-28 10:09:32 +00:00
|
|
|
|
|
|
|
class UserAccessTokenController < ApplicationController
|
2016-08-16 07:09:09 +00:00
|
|
|
before_action { authentication_check(permission: 'user_preferences.access_token') }
|
2016-07-28 10:09:32 +00:00
|
|
|
|
|
|
|
def index
|
|
|
|
tokens = Token.where(action: 'api', persistent: true, user_id: current_user.id).order('updated_at DESC, label ASC')
|
|
|
|
token_list = []
|
|
|
|
tokens.each { |token|
|
|
|
|
attributes = token.attributes
|
|
|
|
attributes.delete('persistent')
|
|
|
|
attributes.delete('name')
|
|
|
|
token_list.push attributes
|
|
|
|
}
|
2016-08-16 07:09:09 +00:00
|
|
|
local_permissions = current_user.permissions
|
|
|
|
local_permissions_new = {}
|
|
|
|
local_permissions.each { |key, _value|
|
|
|
|
keys = Object.const_get('Permission').with_parents(key)
|
|
|
|
keys.each { |local_key|
|
2016-08-16 08:00:44 +00:00
|
|
|
next if local_permissions_new.key?([local_key])
|
|
|
|
if local_permissions[local_key] == true
|
|
|
|
local_permissions_new[local_key] = true
|
|
|
|
next
|
|
|
|
end
|
2016-08-16 07:09:09 +00:00
|
|
|
local_permissions_new[local_key] = false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
permissions = []
|
2016-09-22 19:05:29 +00:00
|
|
|
Permission.all.where(active: true).order(:name).each { |permission|
|
2016-08-17 11:24:51 +00:00
|
|
|
next if !local_permissions_new.key?(permission.name) && !current_user.permissions?(permission.name)
|
2016-08-16 08:00:44 +00:00
|
|
|
permission_attributes = permission.attributes
|
|
|
|
if local_permissions_new[permission.name] == false
|
|
|
|
permission_attributes['preferences']['disabled'] = true
|
|
|
|
end
|
|
|
|
permissions.push permission_attributes
|
2016-08-16 07:09:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
render json: {
|
|
|
|
tokens: token_list,
|
|
|
|
permissions: permissions,
|
|
|
|
}, status: :ok
|
2016-07-28 10:09:32 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def create
|
|
|
|
if Setting.get('api_token_access') == false
|
|
|
|
raise Exceptions::UnprocessableEntity, 'API token access disabled!'
|
|
|
|
end
|
|
|
|
if params[:label].empty?
|
|
|
|
raise Exceptions::UnprocessableEntity, 'Need label!'
|
|
|
|
end
|
|
|
|
token = Token.create(
|
2016-08-12 16:39:09 +00:00
|
|
|
action: 'api',
|
|
|
|
label: params[:label],
|
|
|
|
persistent: true,
|
|
|
|
user_id: current_user.id,
|
2016-08-30 14:26:27 +00:00
|
|
|
expires_at: params[:expires_at],
|
2016-08-12 16:39:09 +00:00
|
|
|
preferences: {
|
|
|
|
permission: params[:permission]
|
|
|
|
}
|
2016-07-28 10:09:32 +00:00
|
|
|
)
|
|
|
|
render json: {
|
|
|
|
name: token.name,
|
|
|
|
}, status: :ok
|
|
|
|
end
|
|
|
|
|
|
|
|
def destroy
|
|
|
|
token = Token.find_by(action: 'api', user_id: current_user.id, id: params[:id])
|
|
|
|
raise Exceptions::UnprocessableEntity, 'Unable to find api token!' if !token
|
|
|
|
token.destroy
|
|
|
|
render json: {}, status: :ok
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|