summaryrefslogtreecommitdiff
path: root/app/controllers/v1/messages_controller.rb
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-07-14 12:18:18 +0200
committerAzul <azul@leap.se>2014-07-14 13:04:08 +0200
commitb80be9832526ee956b3a73a634896c6cd8d2914e (patch)
tree3c8d4ebafd6a7d063fedaeb0d307667b05c05e74 /app/controllers/v1/messages_controller.rb
parent3885308e9a2aa48f25313567525e375362253f47 (diff)
ApiController with API style auth
require_login is require_token for the api controller It also skips the verify_authenticity_token before filter. So all Subclasses of the ApiController will only support token auth. Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either.
Diffstat (limited to 'app/controllers/v1/messages_controller.rb')
-rw-r--r--app/controllers/v1/messages_controller.rb7
1 files changed, 2 insertions, 5 deletions
diff --git a/app/controllers/v1/messages_controller.rb b/app/controllers/v1/messages_controller.rb
index 85156b7..a9b93a9 100644
--- a/app/controllers/v1/messages_controller.rb
+++ b/app/controllers/v1/messages_controller.rb
@@ -1,10 +1,7 @@
module V1
- class MessagesController < ApplicationController
+ class MessagesController < ApiController
- skip_before_filter :verify_authenticity_token
- before_filter :require_token
-
- respond_to :json
+ before_filter :require_login
def index
render json: current_user.messages