diff --git a/app/assets/javascripts/app/controllers/_profile/token_access.coffee b/app/assets/javascripts/app/controllers/_profile/token_access.coffee
index e02b88562..b80ae775a 100644
--- a/app/assets/javascripts/app/controllers/_profile/token_access.coffee
+++ b/app/assets/javascripts/app/controllers/_profile/token_access.coffee
@@ -1,7 +1,7 @@
class Index extends App.ControllerContent
requiredPermission: 'user_preferences.access_token'
events:
- 'click [data-type=delete]': 'delete'
+ 'click .js-delete': 'delete'
'submit form.js-create': 'create'
constructor: ->
@@ -22,24 +22,35 @@ class Index extends App.ControllerContent
type: 'GET'
url: "#{@apiPath}/user_access_token"
success: (data) =>
+ tokens = data.tokens
# verify is rerender is needed
- if !force && @lastestUpdated && data && data[0] && @lastestUpdated.updated_at is data[0].updated_at
+ if !force && @lastestUpdated && tokens && tokens[0] && @lastestUpdated.updated_at is tokens[0].updated_at
return
- @lastestUpdated = data[0]
- @data = data
+ @lastestUpdated = tokens[0]
+ @tokens = data.tokens
+ @permissions = data.permissions
@render()
)
render: =>
@html App.view('profile/token_access')(
- tokens: @data
+ tokens: @tokens
+ permissions: @permissions
)
create: (e) =>
e.preventDefault()
params = @formParam(e.target)
+ # check if min one permission exists
+ if _.isEmpty(params['permission'])
+ alert('Min. one permission is needed!')
+ return
+
+ if !_.isArray(params['permission'])
+ params['permission'] = [params['permission']]
+
@ajax(
id: 'user_access_token_create'
type: 'POST'
diff --git a/app/assets/javascripts/app/views/generic/permission.jst.eco b/app/assets/javascripts/app/views/generic/permission.jst.eco
index 20646a163..101e1ecb7 100644
--- a/app/assets/javascripts/app/views/generic/permission.jst.eco
+++ b/app/assets/javascripts/app/views/generic/permission.jst.eco
@@ -1,4 +1,4 @@
-
+
<% for permission in @permissions: %>
<% if !permission.name.match(/\./): %>
+
+
+
@@ -24,6 +51,7 @@
<%- @T('Name') %> |
+ <%- @T('Permission') %> |
<%- @T('Created') %> |
|
<% end %>
diff --git a/app/controllers/user_access_token_controller.rb b/app/controllers/user_access_token_controller.rb
index c6f759ad4..906a55da8 100644
--- a/app/controllers/user_access_token_controller.rb
+++ b/app/controllers/user_access_token_controller.rb
@@ -1,7 +1,7 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class UserAccessTokenController < ApplicationController
- before_action :authentication_check
+ before_action { authentication_check(permission: 'user_preferences.access_token') }
def index
tokens = Token.where(action: 'api', persistent: true, user_id: current_user.id).order('updated_at DESC, label ASC')
@@ -12,7 +12,25 @@ class UserAccessTokenController < ApplicationController
attributes.delete('name')
token_list.push attributes
}
- model_index_render_result(token_list)
+ local_permissions = current_user.permissions
+ local_permissions_new = {}
+ local_permissions.each { |key, _value|
+ keys = Object.const_get('Permission').with_parents(key)
+ keys.each { |local_key|
+ next if local_permissions_new[local_key]
+ local_permissions_new[local_key] = false
+ }
+ }
+ permissions = []
+ Permission.all.order(:name).each { |permission|
+ next if !local_permissions_new.key?(permission.name)
+ permissions.push permission
+ }
+
+ render json: {
+ tokens: token_list,
+ permissions: permissions,
+ }, status: :ok
end
def create
diff --git a/app/controllers/user_devices_controller.rb b/app/controllers/user_devices_controller.rb
index 3b9c9a3da..d2105f984 100644
--- a/app/controllers/user_devices_controller.rb
+++ b/app/controllers/user_devices_controller.rb
@@ -1,7 +1,7 @@
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
class UserDevicesController < ApplicationController
- before_action :authentication_check
+ before_action { authentication_check(permission: 'user_preferences.device') }
def index
devices = UserDevice.where(user_id: current_user.id).order('updated_at DESC, name ASC')