Merge pull request #176 from azul/feature/api-authenticated-configs

API: Authenticated access to config settings
author: azul <azul@leap.se> 2014-07-17 12:16:07 +0200
committer: azul <azul@leap.se> 2014-07-17 12:16:07 +0200
commit: ade74d8a9091ae607586d7b287a0579a2ee7af8e (patch)
tree: 74273b8ba7e35d0fb3c96aa79e63c93086d15146 /app/controllers/v1/users_controller.rb
parent: 952bc18e8333ca5c3e6e16f8059f84a1414d5f6f (diff)
parent: e86cccb4b89540f3bd403110d051b2723be781b9 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb
index abaefd8..bfa04fc 100644
--- a/app/controllers/v1/users_controller.rb
+++ b/app/controllers/v1/users_controller.rb
@@ -1,10 +1,10 @@
 module V1
-  class UsersController < UsersBaseController
+  class UsersController < ApiController
+    include ControllerExtension::FetchUser
 
-    skip_before_filter :verify_authenticity_token
     before_filter :fetch_user, :only => [:update]
     before_filter :require_admin, :only => [:index]
-    before_filter :require_token, :only => [:update]
+    before_filter :require_login, :only => [:index, :update]
     before_filter :require_registration_allowed, only: :create
 
     respond_to :json
@@ -29,11 +29,12 @@ module V1
       respond_with @user
     end
 
+    protected
+
     def require_registration_allowed
       unless APP_CONFIG[:allow_registration]
         head :forbidden
       end
     end
-
   end
 end
author	azul <azul@leap.se>	2014-07-17 12:16:07 +0200
committer	azul <azul@leap.se>	2014-07-17 12:16:07 +0200
commit	ade74d8a9091ae607586d7b287a0579a2ee7af8e (patch)
tree	74273b8ba7e35d0fb3c96aa79e63c93086d15146 /app/controllers/v1/users_controller.rb
parent	952bc18e8333ca5c3e6e16f8059f84a1414d5f6f (diff)
parent	e86cccb4b89540f3bd403110d051b2723be781b9 (diff)