ApiController with API style auth

require_login is require_token for the api controller

It also skips the verify_authenticity_token before filter.
So all Subclasses of the ApiController will only support token auth.

Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either.

1 files changed, 9 insertions, 9 deletions

diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb
index b11b0a9..537123f 100644
--- a/app/controllers/v1/configs_controller.rb
+++ b/app/controllers/v1/configs_controller.rb
@@ -1,12 +1,4 @@
-class V1::ConfigsController < ApplicationController
-
-  CONFIGS = {
-    services: {
-      soledad: "/1/configs/soledad-service.json",
-      eip: "/1/configs/eip-service.json",
-      smtp: "/1/configs/smtp-service.json"
-    }
-  }
+class V1::ConfigsController < ApiController
 
   before_filter :require_login
 
@@ -17,4 +9,12 @@ class V1::ConfigsController < ApplicationController
   def show
   end
 
+  CONFIGS = {
+    services: {
+      soledad: "/1/configs/soledad-service.json",
+      eip: "/1/configs/eip-service.json",
+      smtp: "/1/configs/smtp-service.json"
+    }
+  }
+
 end