summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2016-10-20 14:39:33 +0200
committerAzul <azul@riseup.net>2016-10-20 14:39:33 +0200
commitb97daaed9b513006ace7e8eb5232a2211e965e77 (patch)
treee27002e8368e92410e5d4af2a945260c2ea6e2d1 /app/controllers
parentc6c4d9fd10b8ca8e24889112727e44c9bf68dd60 (diff)
parent6eb2dae802e5453e2a4361ab28f614cce9294f4c (diff)
Merge remote-tracking branch 'origin/develop'
We'll only use the master branch for development from now on.
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/account_controller.rb19
-rw-r--r--app/controllers/account_settings_controller.rb0
-rw-r--r--app/controllers/api/certs_controller.rb (renamed from app/controllers/v1/certs_controller.rb)2
-rw-r--r--app/controllers/api/configs_controller.rb (renamed from app/controllers/v1/configs_controller.rb)14
-rw-r--r--app/controllers/api/identities_controller.rb (renamed from app/controllers/v1/identities_controller.rb)4
-rw-r--r--app/controllers/api/messages_controller.rb (renamed from app/controllers/v1/messages_controller.rb)2
-rw-r--r--app/controllers/api/services_controller.rb (renamed from app/controllers/v1/services_controller.rb)4
-rw-r--r--app/controllers/api/sessions_controller.rb (renamed from app/controllers/v1/sessions_controller.rb)3
-rw-r--r--app/controllers/api/smtp_certs_controller.rb (renamed from app/controllers/v1/smtp_certs_controller.rb)2
-rw-r--r--app/controllers/api/users_controller.rb (renamed from app/controllers/v1/users_controller.rb)19
-rw-r--r--app/controllers/api_controller.rb1
-rw-r--r--app/controllers/application_controller.rb13
-rw-r--r--app/controllers/controller_extension/fetch_user.rb2
-rw-r--r--app/controllers/controller_extension/json_file.rb23
-rw-r--r--app/controllers/errors_controller.rb2
-rw-r--r--app/controllers/home_controller.rb2
-rw-r--r--app/controllers/pages_controller.rb2
-rw-r--r--app/controllers/sessions_controller.rb3
-rw-r--r--app/controllers/static_config_controller.rb11
-rw-r--r--app/controllers/users_controller.rb28
20 files changed, 99 insertions, 57 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
new file mode 100644
index 0000000..42e8983
--- /dev/null
+++ b/app/controllers/account_controller.rb
@@ -0,0 +1,19 @@
+class AccountController < ApplicationController
+
+ before_filter :require_registration_allowed
+ before_filter :redirect_if_logged_in
+
+ respond_to :html
+
+ def new
+ @user = User.new
+ end
+
+ protected
+
+ def require_registration_allowed
+ unless APP_CONFIG[:allow_registration]
+ redirect_to home_path
+ end
+ end
+end
diff --git a/app/controllers/account_settings_controller.rb b/app/controllers/account_settings_controller.rb
deleted file mode 100644
index e69de29..0000000
--- a/app/controllers/account_settings_controller.rb
+++ /dev/null
diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/api/certs_controller.rb
index ffa6e35..46a84d3 100644
--- a/app/controllers/v1/certs_controller.rb
+++ b/app/controllers/api/certs_controller.rb
@@ -1,4 +1,4 @@
-class V1::CertsController < ApiController
+class Api::CertsController < ApiController
before_filter :require_login, :unless => :anonymous_access_allowed?
before_filter :require_enabled
diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/api/configs_controller.rb
index 4a6f455..0f9b8a6 100644
--- a/app/controllers/v1/configs_controller.rb
+++ b/app/controllers/api/configs_controller.rb
@@ -1,17 +1,15 @@
-class V1::ConfigsController < ApiController
+class Api::ConfigsController < ApiController
include ControllerExtension::JsonFile
before_filter :require_login, :unless => :anonymous_access_allowed?
before_filter :sanitize_id, only: :show
- before_filter :lookup_file, only: :show
- before_filter :fetch_file, only: :show
def index
render json: {services: service_paths}
end
def show
- send_file
+ send_file lookup_file
end
protected
@@ -23,7 +21,11 @@ class V1::ConfigsController < ApiController
}
def service_paths
- Hash[SERVICE_IDS.map{|k,v| [k,"/1/configs/#{v}.json"] } ]
+ Hash[SERVICE_IDS.map{|k,v| [k,"/#{api_version}/configs/#{v}.json"] } ]
+ end
+
+ def api_version
+ ["1", "2"].include?(params[:version]) ? params[:version] : "2"
end
def sanitize_id
@@ -34,6 +36,6 @@ class V1::ConfigsController < ApiController
def lookup_file
path = APP_CONFIG[:config_file_paths][@id]
not_found if path.blank?
- @filename = Rails.root.join path
+ Rails.root.join path
end
end
diff --git a/app/controllers/v1/identities_controller.rb b/app/controllers/api/identities_controller.rb
index 4efd1f5..de4910a 100644
--- a/app/controllers/v1/identities_controller.rb
+++ b/app/controllers/api/identities_controller.rb
@@ -1,8 +1,10 @@
-module V1
+module Api
class IdentitiesController < ApiController
before_filter :token_authenticate
before_filter :require_monitor
+ respond_to :json
+
def show
@identity = Identity.find_by_address(params[:id])
if @identity
diff --git a/app/controllers/v1/messages_controller.rb b/app/controllers/api/messages_controller.rb
index c0ca0c7..a69a40a 100644
--- a/app/controllers/v1/messages_controller.rb
+++ b/app/controllers/api/messages_controller.rb
@@ -1,4 +1,4 @@
-module V1
+module Api
class MessagesController < ApiController
before_filter :require_login
diff --git a/app/controllers/v1/services_controller.rb b/app/controllers/api/services_controller.rb
index 523eb44..58e129c 100644
--- a/app/controllers/v1/services_controller.rb
+++ b/app/controllers/api/services_controller.rb
@@ -1,7 +1,9 @@
-class V1::ServicesController < ApiController
+class Api::ServicesController < ApiController
before_filter :require_login, :unless => :anonymous_access_allowed?
+ respond_to :json
+
def show
respond_with current_user.effective_service_level
end
diff --git a/app/controllers/v1/sessions_controller.rb b/app/controllers/api/sessions_controller.rb
index a343d9b..178f86e 100644
--- a/app/controllers/v1/sessions_controller.rb
+++ b/app/controllers/api/sessions_controller.rb
@@ -1,7 +1,8 @@
-module V1
+module Api
class SessionsController < ApiController
before_filter :require_login, only: :destroy
+ respond_to :json
def new
@session = Session.new
diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/api/smtp_certs_controller.rb
index 5760645..d9eab7d 100644
--- a/app/controllers/v1/smtp_certs_controller.rb
+++ b/app/controllers/api/smtp_certs_controller.rb
@@ -1,4 +1,4 @@
-class V1::SmtpCertsController < ApiController
+class Api::SmtpCertsController < ApiController
before_filter :require_login
before_filter :require_email_account
diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/api/users_controller.rb
index 6640d10..709e076 100644
--- a/app/controllers/v1/users_controller.rb
+++ b/app/controllers/api/users_controller.rb
@@ -1,4 +1,4 @@
-module V1
+module Api
class UsersController < ApiController
include ControllerExtension::FetchUser
@@ -28,12 +28,20 @@ module V1
@user = User.find(params[:id])
end
if @user
- respond_with @user
+ respond_with user_response
else
not_found
end
end
+ def user_response
+ @user.to_hash.tap do |user_hash|
+ if @user == current_user
+ user_hash['is_admin'] = @user.is_admin?
+ end
+ end
+ end
+
def create
if current_user.is_monitor?
create_test_account
@@ -50,8 +58,7 @@ module V1
end
def destroy
- destroy_identity = current_user.is_monitor? || params[:identities] == "destroy"
- @user.account.destroy(destroy_identity)
+ @user.account.destroy(release_handles)
if @user == current_user
logout
end
@@ -60,6 +67,10 @@ module V1
private
+ def release_handles
+ current_user.is_monitor? || params[:identities] == "destroy"
+ end
+
# tester auth can only create test users.
def create_test_account
if User::is_test?(params[:user][:login])
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 70b3cac..95c8f57 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -1,7 +1,6 @@
class ApiController < ApplicationController
skip_before_filter :verify_authenticity_token
- respond_to :json
protected
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 079dc18..8d08a2c 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,13 +4,24 @@ class ApplicationController < ActionController::Base
before_filter :no_cache_header
before_filter :no_frame_header
before_filter :language_header
+
+ # UPGRADE: this won't be needed in Rails 5 anymore as it's the default
+ # behavior if a template is present but a different format would be
+ # rendered and that template is not present
+ before_filter :verify_request_format!, if: :mime_types_specified
+
rescue_from StandardError, :with => :default_error_handler
- rescue_from RestClient::Exception, :with => :default_error_handler
+ rescue_from CouchRest::Exception, :with => :default_error_handler
ActiveSupport.run_load_hooks(:application_controller, self)
protected
+ def mime_types_specified
+ mimes = collect_mimes_from_class_level
+ mimes.present?
+ end
+
def default_error_handler(exc)
respond_to do |format|
format.json { render_json_error(exc) }
diff --git a/app/controllers/controller_extension/fetch_user.rb b/app/controllers/controller_extension/fetch_user.rb
index 97f92fa..632291d 100644
--- a/app/controllers/controller_extension/fetch_user.rb
+++ b/app/controllers/controller_extension/fetch_user.rb
@@ -22,7 +22,7 @@ module ControllerExtension::FetchUser
@user = User.find(params[:user_id] || params[:id])
if current_user.is_admin? || current_user.is_monitor?
if @user.nil?
- not_found(t(:no_such_thing, :thing => 'user'), users_url)
+ not_found(t(:no_such_user), users_url)
elsif current_user.is_monitor?
access_denied unless @user.is_test?
end
diff --git a/app/controllers/controller_extension/json_file.rb b/app/controllers/controller_extension/json_file.rb
index 6be919a..df9cf55 100644
--- a/app/controllers/controller_extension/json_file.rb
+++ b/app/controllers/controller_extension/json_file.rb
@@ -4,20 +4,25 @@ module ControllerExtension::JsonFile
protected
- def send_file
- if stale?(:last_modified => @file.mtime)
- response.content_type = 'application/json'
- render :text => @file.read
+ def send_file(filename)
+ file = fetch_file(filename)
+ if file.present?
+ send_file_or_cache_hit(file)
+ else
+ not_found
end
end
- def fetch_file
- if File.exists?(@filename)
- @file = File.new(@filename)
- else
- not_found
+ def send_file_or_cache_hit(file)
+ if stale?(:last_modified => file.mtime)
+ response.content_type = 'application/json'
+ render :text => file.read
end
end
+ def fetch_file(filename)
+ File.new(filename) if File.exist?(filename)
+ end
+
end
diff --git a/app/controllers/errors_controller.rb b/app/controllers/errors_controller.rb
index d869ab5..80c270f 100644
--- a/app/controllers/errors_controller.rb
+++ b/app/controllers/errors_controller.rb
@@ -1,5 +1,7 @@
# We render http errors ourselves so we can customize them
class ErrorsController < ApplicationController
+ respond_to :html
+
# 404
def not_found
render status: 404
diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
index 1d62178..86c36e9 100644
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -1,6 +1,8 @@
class HomeController < ApplicationController
layout 'home'
+ respond_to :html
+
def index
if logged_in?
redirect_to current_user
diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb
index e0f39e3..b9c601a 100644
--- a/app/controllers/pages_controller.rb
+++ b/app/controllers/pages_controller.rb
@@ -2,7 +2,9 @@
# Render static pages
#
+
class PagesController < ApplicationController
+ respond_to :html
def show
@show_navigation = false
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 34d4f53..18e5216 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,6 +1,7 @@
class SessionsController < ApplicationController
before_filter :redirect_if_logged_in, :only => [:new]
+ respond_to :html, :json
def new
@session = Session.new
@@ -16,7 +17,7 @@ class SessionsController < ApplicationController
end
#
- # Warden will catch all 401s and run this instead:
+ # Warden will catch all 401s and triggers this action:
#
def unauthenticated
login_required
diff --git a/app/controllers/static_config_controller.rb b/app/controllers/static_config_controller.rb
index c78e006..46e7cd2 100644
--- a/app/controllers/static_config_controller.rb
+++ b/app/controllers/static_config_controller.rb
@@ -5,13 +5,9 @@ class StaticConfigController < ActionController::Base
include ControllerExtension::JsonFile
before_filter :set_minimum_client_version
- before_filter :set_filename
- before_filter :fetch_file
-
- PROVIDER_JSON = Rails.root.join('config', 'provider', 'provider.json')
def provider
- send_file
+ send_file provider_json
end
protected
@@ -23,7 +19,8 @@ class StaticConfigController < ActionController::Base
APP_CONFIG[:minimum_client_version].to_s
end
- def set_filename
- @filename = PROVIDER_JSON
+ def provider_json
+ Rails.root.join APP_CONFIG[:config_file_paths]['provider']
end
+
end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 1404b0e..0a0f551 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -5,11 +5,9 @@
class UsersController < ApplicationController
include ControllerExtension::FetchUser
- before_filter :require_login, :except => [:new]
- before_filter :redirect_if_logged_in, :only => [:new]
+ before_filter :require_login
before_filter :require_admin, :only => [:index, :deactivate, :enable]
- before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable]
- before_filter :require_registration_allowed, only: :new
+ before_filter :fetch_user, :except => [:index]
respond_to :html
@@ -27,25 +25,12 @@ class UsersController < ApplicationController
@users = @users.limit(100)
end
- def new
- @user = User.new
- end
-
def show
end
def edit
end
- ## added so updating service level works, but not sure we will actually want this. also not sure that this is place to prevent user from updating own effective service level, but here as placeholder:
- def update
- @user.update_attributes(params[:user]) unless (!admin? and params[:user][:effective_service_level])
- if @user.valid?
- flash[:notice] = I18n.t(:changes_saved)
- end
- respond_with @user, :location => edit_user_path(@user)
- end
-
def deactivate
@user.account.disable
flash[:notice] = I18n.t("actions.user_disabled_message", username: @user.username)
@@ -73,10 +58,11 @@ class UsersController < ApplicationController
protected
- def require_registration_allowed
- unless APP_CONFIG[:allow_registration]
- redirect_to home_path
+ def user_params
+ if admin?
+ params.require(:user).permit(:effective_service_level)
+ else
+ params.require(:user).permit(:password, :password_confirmation)
end
end
-
end