Improved rest permission checks.
This commit is contained in:
parent
a74fec3366
commit
2db0959477
17 changed files with 127 additions and 62 deletions
|
@ -83,15 +83,10 @@ class ApplicationController < ActionController::Base
|
||||||
# check http basic auth
|
# check http basic auth
|
||||||
authenticate_with_http_basic do |username, password|
|
authenticate_with_http_basic do |username, password|
|
||||||
puts 'http basic auth check'
|
puts 'http basic auth check'
|
||||||
userdata = User.lookup( :login => username )
|
userdata = User.authenticate( username, password )
|
||||||
message = ''
|
message = ''
|
||||||
if !userdata
|
if !userdata
|
||||||
message = 'authentication failed, user'
|
message = 'authentication failed'
|
||||||
else
|
|
||||||
success = User.authenticate( username, password )
|
|
||||||
if !success
|
|
||||||
message = 'authentication failed, pw'
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# return auth ok
|
# return auth ok
|
||||||
|
@ -183,8 +178,11 @@ class ApplicationController < ActionController::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def is_not_role( role_name )
|
def is_not_role( role_name )
|
||||||
|
deny_if_not_role( role_name )
|
||||||
|
end
|
||||||
|
def deny_if_not_role( role_name )
|
||||||
return false if is_role( role_name )
|
return false if is_role( role_name )
|
||||||
response_access_deny()
|
response_access_deny
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -94,7 +94,7 @@ curl http://localhost/api/channels.json -v -u #{login}:#{password}
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def index
|
def index
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_index_render(Channel, params)
|
model_index_render(Channel, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -117,7 +117,7 @@ curl http://localhost/api/channels/#{id}.json -v -u #{login}:#{password}
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def show
|
def show
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_show_render(Channel, params)
|
model_show_render(Channel, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -153,7 +153,7 @@ curl http://localhost/api/channels.json -v -u #{login}:#{password} -H "Content-T
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_create_render(Channel, params)
|
model_create_render(Channel, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -190,7 +190,7 @@ curl http://localhost/api/channels.json -v -u #{login}:#{password} -H "Content-T
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_update_render(Channel, params)
|
model_update_render(Channel, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -208,7 +208,7 @@ curl http://localhost/api/channels.json -v -u #{login}:#{password} -H "Content-T
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_destory_render(Channel, params)
|
model_destory_render(Channel, params)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -97,7 +97,7 @@ curl http://localhost/api/email_addresses.json -v -u #{login}:#{password} -H "Co
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_create_render(EmailAddress, params)
|
model_create_render(EmailAddress, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -128,7 +128,7 @@ curl http://localhost/api/email_addresses.json -v -u #{login}:#{password} -H "Co
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_update_render(EmailAddress, params)
|
model_update_render(EmailAddress, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -143,7 +143,7 @@ Test:
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_destory_render(EmailAddress, params)
|
model_destory_render(EmailAddress, params)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -101,7 +101,7 @@ curl http://localhost/api/groups.json -v -u #{login}:#{password} -H "Content-Typ
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_create_render(Group, params)
|
model_create_render(Group, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -133,7 +133,7 @@ curl http://localhost/api/groups.json -v -u #{login}:#{password} -H "Content-Typ
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_update_render(Group, params)
|
model_update_render(Group, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -148,7 +148,7 @@ Test:
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_destory_render(Group, params)
|
model_destory_render(Group, params)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -47,7 +47,17 @@ curl http://localhost/api/organizations.json -v -u #{login}:#{password}
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def index
|
def index
|
||||||
model_index_render(Organization, params)
|
|
||||||
|
# only allow customer to fetch his own organization
|
||||||
|
organizations = []
|
||||||
|
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
|
||||||
|
if current_user.organization_id
|
||||||
|
organizations = Organization.where( :id => current_user.organization_id )
|
||||||
|
end
|
||||||
|
else
|
||||||
|
organizations = Organization.all
|
||||||
|
end
|
||||||
|
render :json => organizations
|
||||||
end
|
end
|
||||||
|
|
||||||
=begin
|
=begin
|
||||||
|
@ -68,6 +78,18 @@ curl http://localhost/api/organizations/#{id}.json -v -u #{login}:#{password}
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def show
|
def show
|
||||||
|
|
||||||
|
# only allow customer to fetch his own organization
|
||||||
|
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
|
||||||
|
if !current_user.organization_id
|
||||||
|
render :json => {}
|
||||||
|
return
|
||||||
|
end
|
||||||
|
if params[:id].to_i != current_user.organization_id
|
||||||
|
response_access_deny
|
||||||
|
return
|
||||||
|
end
|
||||||
|
end
|
||||||
model_show_render(Organization, params)
|
model_show_render(Organization, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -97,7 +119,7 @@ curl http://localhost/api/organizations.json -v -u #{login}:#{password} -H "Cont
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
return if is_not_role('Agent')
|
return if deny_if_not_role('Agent')
|
||||||
model_create_render(Organization, params)
|
model_create_render(Organization, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -128,7 +150,7 @@ curl http://localhost/api/organizations.json -v -u #{login}:#{password} -H "Cont
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
return if is_not_role('Agent')
|
return if deny_if_not_role('Agent')
|
||||||
model_update_render(Organization, params)
|
model_update_render(Organization, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -143,7 +165,7 @@ Test:
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
return if is_not_role('Agent')
|
return if deny_if_not_role('Agent')
|
||||||
model_destory_render(Organization, params)
|
model_destory_render(Organization, params)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -52,7 +52,7 @@ curl http://localhost/api/overviews.json -v -u #{login}:#{password}
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def index
|
def index
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_index_render(Overview, params)
|
model_index_render(Overview, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ curl http://localhost/api/overviews/#{id}.json -v -u #{login}:#{password}
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def show
|
def show
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_show_render(Overview, params)
|
model_show_render(Overview, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -108,7 +108,7 @@ curl http://localhost/api/overviews.json -v -u #{login}:#{password} -H "Content-
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_create_render(Overview, params)
|
model_create_render(Overview, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -142,7 +142,7 @@ curl http://localhost/api/overviews.json -v -u #{login}:#{password} -H "Content-
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_update_render(Overview, params)
|
model_update_render(Overview, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -160,7 +160,7 @@ curl http://localhost/api/overviews.json -v -u #{login}:#{password} -H "Content-
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_destory_render(Overview, params)
|
model_destory_render(Overview, params)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -5,7 +5,7 @@ class PackagesController < ApplicationController
|
||||||
|
|
||||||
# GET /api/packages
|
# GET /api/packages
|
||||||
def index
|
def index
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
packages = Package.all( :order => 'name' )
|
packages = Package.all( :order => 'name' )
|
||||||
render :json => {
|
render :json => {
|
||||||
:packages => packages
|
:packages => packages
|
||||||
|
@ -14,7 +14,7 @@ class PackagesController < ApplicationController
|
||||||
|
|
||||||
# POST /api/packages
|
# POST /api/packages
|
||||||
def install
|
def install
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
|
|
||||||
Package.install( :string => params[:file_upload].read )
|
Package.install( :string => params[:file_upload].read )
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ class PackagesController < ApplicationController
|
||||||
|
|
||||||
# DELETE /api/packages
|
# DELETE /api/packages
|
||||||
def uninstall
|
def uninstall
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
|
|
||||||
package = Package.find( params[:id] )
|
package = Package.find( params[:id] )
|
||||||
|
|
||||||
|
|
|
@ -54,7 +54,7 @@ curl http://localhost/api/postmaster_filters.json -v -u #{login}:#{password}
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def index
|
def index
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_index_render(PostmasterFilter, params)
|
model_index_render(PostmasterFilter, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -76,7 +76,7 @@ curl http://localhost/api/postmaster_filters/#{id}.json -v -u #{login}:#{passwor
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def show
|
def show
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_show_render(PostmasterFilter, params)
|
model_show_render(PostmasterFilter, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -121,7 +121,7 @@ curl http://localhost/api/postmaster_filters.json -v -u #{login}:#{password} -H
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_create_render(PostmasterFilter, params)
|
model_create_render(PostmasterFilter, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -164,7 +164,7 @@ curl http://localhost/api/postmaster_filters.json -v -u #{login}:#{password} -H
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_update_render(PostmasterFilter, params)
|
model_update_render(PostmasterFilter, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -179,7 +179,7 @@ Test:
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_destory_render(PostmasterFilter, params)
|
model_destory_render(PostmasterFilter, params)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -95,7 +95,7 @@ curl http://localhost/api/roles.json -v -u #{login}:#{password} -H "Content-Type
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_create_render(Role, params)
|
model_create_render(Role, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -124,7 +124,7 @@ curl http://localhost/api/roles.json -v -u #{login}:#{password} -H "Content-Type
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_update_render(Role, params)
|
model_update_render(Role, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -139,7 +139,7 @@ Test:
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_destory_render(Role, params)
|
model_destory_render(Role, params)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -10,6 +10,10 @@ module ExtraCollection
|
||||||
|
|
||||||
if !user.is_role('Customer')
|
if !user.is_role('Customer')
|
||||||
collections['Organization'] = Organization.all
|
collections['Organization'] = Organization.all
|
||||||
|
else
|
||||||
|
if user.organization_id
|
||||||
|
collections['Organization'] = Organization.find( user.organization_id )
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
def push( collections, user )
|
def push( collections, user )
|
||||||
|
@ -20,6 +24,10 @@ module ExtraCollection
|
||||||
|
|
||||||
if !user.is_role('Customer')
|
if !user.is_role('Customer')
|
||||||
collections['Organization'] = Organization.all
|
collections['Organization'] = Organization.all
|
||||||
|
else
|
||||||
|
if user.organization_id
|
||||||
|
collections['Organization'] = Organization.find( user.organization_id )
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
module_function :session, :push
|
module_function :session, :push
|
||||||
|
|
|
@ -5,29 +5,31 @@ class SettingsController < ApplicationController
|
||||||
|
|
||||||
# GET /settings
|
# GET /settings
|
||||||
def index
|
def index
|
||||||
|
return if deny_if_not_role('Admin')
|
||||||
model_index_render(Setting, params)
|
model_index_render(Setting, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
# GET /settings/1
|
# GET /settings/1
|
||||||
def show
|
def show
|
||||||
|
return if deny_if_not_role('Admin')
|
||||||
model_show_render(Setting, params)
|
model_show_render(Setting, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
# POST /settings
|
# POST /settings
|
||||||
def create
|
def create
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_create_render(Setting, params)
|
model_create_render(Setting, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
# PUT /settings/1
|
# PUT /settings/1
|
||||||
def update
|
def update
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_update_render(Setting, params)
|
model_update_render(Setting, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
# DELETE /settings/1
|
# DELETE /settings/1
|
||||||
def destroy
|
def destroy
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_destory_render(Setting, params)
|
model_destory_render(Setting, params)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -96,7 +96,7 @@ curl http://localhost/api/signatures.json -v -u #{login}:#{password} -H "Content
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_create_render(Signature, params)
|
model_create_render(Signature, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -125,7 +125,7 @@ curl http://localhost/api/signatures.json -v -u #{login}:#{password} -H "Content
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_update_render(Signature, params)
|
model_update_render(Signature, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -140,7 +140,7 @@ Test:
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_destory_render(Signature, params)
|
model_destory_render(Signature, params)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -47,7 +47,7 @@ curl http://localhost/api/slas.json -v -u #{login}:#{password}
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def index
|
def index
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_index_render(Sla, params)
|
model_index_render(Sla, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -69,7 +69,7 @@ curl http://localhost/api/slas/#{id}.json -v -u #{login}:#{password}
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def show
|
def show
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_show_render(Sla, params)
|
model_show_render(Sla, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -98,7 +98,7 @@ curl http://localhost/api/slas.json -v -u #{login}:#{password} -H "Content-Type:
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_create_render(Sla, params)
|
model_create_render(Sla, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -127,7 +127,7 @@ curl http://localhost/api/slas.json -v -u #{login}:#{password} -H "Content-Type:
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_update_render(Sla, params)
|
model_update_render(Sla, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -145,7 +145,7 @@ curl http://localhost/api/slas.json -v -u #{login}:#{password} -H "Content-Type:
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_destory_render(Sla, params)
|
model_destory_render(Sla, params)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -15,19 +15,19 @@ class TicketPrioritiesController < ApplicationController
|
||||||
|
|
||||||
# POST /ticket_priorities
|
# POST /ticket_priorities
|
||||||
def create
|
def create
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_create_render(Ticket::Priority, params)
|
model_create_render(Ticket::Priority, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
# PUT /ticket_priorities/1
|
# PUT /ticket_priorities/1
|
||||||
def update
|
def update
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_update_render(Ticket::Priority, params)
|
model_update_render(Ticket::Priority, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
# DELETE /ticket_priorities/1
|
# DELETE /ticket_priorities/1
|
||||||
def destroy
|
def destroy
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_destory_render(Ticket::Priority, params)
|
model_destory_render(Ticket::Priority, params)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -15,19 +15,19 @@ class TicketStatesController < ApplicationController
|
||||||
|
|
||||||
# POST /ticket_states
|
# POST /ticket_states
|
||||||
def create
|
def create
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_create_render(Ticket::State, params)
|
model_create_render(Ticket::State, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
# PUT /ticket_states/1
|
# PUT /ticket_states/1
|
||||||
def update
|
def update
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_update_render(Ticket::State, params)
|
model_update_render(Ticket::State, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
# DELETE /ticket_states/1
|
# DELETE /ticket_states/1
|
||||||
def destroy
|
def destroy
|
||||||
return if is_not_role('Admin')
|
return if deny_if_not_role('Admin')
|
||||||
model_destory_render(Ticket::State, params)
|
model_destory_render(Ticket::State, params)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -61,12 +61,18 @@ curl http://localhost/api/users.json -v -u #{login}:#{password}
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def index
|
def index
|
||||||
users = User.all
|
|
||||||
|
# only allow customer to fetch him self
|
||||||
|
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
|
||||||
|
users = User.where( :id => current_user.id )
|
||||||
|
else
|
||||||
|
users = User.all
|
||||||
|
end
|
||||||
users_all = []
|
users_all = []
|
||||||
users.each {|user|
|
users.each {|user|
|
||||||
users_all.push User.user_data_full( user.id )
|
users_all.push User.user_data_full( user.id )
|
||||||
}
|
}
|
||||||
render :json => users_all
|
render :json => users_all, :status => :ok
|
||||||
end
|
end
|
||||||
|
|
||||||
=begin
|
=begin
|
||||||
|
@ -87,6 +93,14 @@ curl http://localhost/api/users/#{id}.json -v -u #{login}:#{password}
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def show
|
def show
|
||||||
|
|
||||||
|
# access deny
|
||||||
|
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
|
||||||
|
if params[:id].to_i != current_user.id
|
||||||
|
response_access_deny
|
||||||
|
return
|
||||||
|
end
|
||||||
|
end
|
||||||
user = User.user_data_full( params[:id] )
|
user = User.user_data_full( params[:id] )
|
||||||
render :json => user
|
render :json => user
|
||||||
end
|
end
|
||||||
|
@ -267,7 +281,10 @@ curl http://localhost/api/users/2.json -v -u #{login}:#{password} -H "Content-Ty
|
||||||
|
|
||||||
# allow user to update him self
|
# allow user to update him self
|
||||||
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
|
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
|
||||||
return if params[:id] != current_user.id
|
if params[:id] != current_user.id
|
||||||
|
response_access_deny
|
||||||
|
return
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
user = User.find( params[:id] )
|
user = User.find( params[:id] )
|
||||||
|
@ -301,13 +318,21 @@ curl http://localhost/api/users/2.json -v -u #{login}:#{password} -H "Content-Ty
|
||||||
|
|
||||||
# DELETE /api/users/1
|
# DELETE /api/users/1
|
||||||
def destroy
|
def destroy
|
||||||
return if !is_role('Admin')
|
if !is_role('Admin')
|
||||||
|
response_access_deny
|
||||||
|
return
|
||||||
|
end
|
||||||
model_destory_render(User, params)
|
model_destory_render(User, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
# GET /api/users/search
|
# GET /api/users/search
|
||||||
def search
|
def search
|
||||||
|
|
||||||
|
if is_role('Customer') && !is_role('Admin') && !is_role('Agent')
|
||||||
|
response_access_deny
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
# do query
|
# do query
|
||||||
user_all = User.search(
|
user_all = User.search(
|
||||||
:query => params[:term],
|
:query => params[:term],
|
||||||
|
@ -529,5 +554,4 @@ curl http://localhost/api/users/account.json -v -u #{login}:#{password} -H "Cont
|
||||||
render :json => { :message => 'ok' }, :status => :ok
|
render :json => { :message => 'ok' }, :status => :ok
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -203,8 +203,19 @@ class ApplicationModel < ActiveRecord::Base
|
||||||
record = self.new( data )
|
record = self.new( data )
|
||||||
record.save
|
record.save
|
||||||
return record
|
return record
|
||||||
|
elsif data[:login]
|
||||||
|
records = self.where( :login => data[:login] )
|
||||||
|
records.each {|record|
|
||||||
|
if record.login.downcase == data[:login].downcase
|
||||||
|
record.update_attributes( data )
|
||||||
|
return record
|
||||||
|
end
|
||||||
|
}
|
||||||
|
record = self.new( data )
|
||||||
|
record.save
|
||||||
|
return record
|
||||||
else
|
else
|
||||||
raise "Need name for create_or_update()"
|
raise "Need name or login for create_or_update()"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue