diff options
author | elijah <elijah@riseup.net> | 2016-03-28 15:56:21 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2016-03-28 16:03:54 -0700 |
commit | 9a8577a2d19aa51318dce6ff9ffe1bd26f25c09e (patch) | |
tree | 924fe73125e20c26778dca035c0efb28842c40e3 /app/controllers | |
parent | e072ac2fa8bc93ed782df1ff95130f4794f9640f (diff) |
api: added get(:show) to identities and users, allow monitors to create/delete test & tmp users.
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/controller_extension/authentication.rb | 6 | ||||
-rw-r--r-- | app/controllers/v1/identities_controller.rb | 12 | ||||
-rw-r--r-- | app/controllers/v1/users_controller.rb | 51 |
3 files changed, 61 insertions, 8 deletions
diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb index e2b24f0..63b9e5f 100644 --- a/app/controllers/controller_extension/authentication.rb +++ b/app/controllers/controller_extension/authentication.rb @@ -34,6 +34,12 @@ module ControllerExtension::Authentication access_denied unless admin? end + def require_monitor + unless current_user.is_monitor? || current_user.is_admin? + access_denied + end + end + def authentication_errors return unless attempted_login? errors = get_warden_errors diff --git a/app/controllers/v1/identities_controller.rb b/app/controllers/v1/identities_controller.rb new file mode 100644 index 0000000..1d8c542 --- /dev/null +++ b/app/controllers/v1/identities_controller.rb @@ -0,0 +1,12 @@ +module V1 + class IdentitiesController < ApiController + before_filter :token_authenticate + before_filter :require_monitor + + def show + @identity = Identity.find_by_address(params[:id]) + respond_with @identity + end + + end +end diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb index 2e840d9..8296eb0 100644 --- a/app/controllers/v1/users_controller.rb +++ b/app/controllers/v1/users_controller.rb @@ -2,10 +2,12 @@ module V1 class UsersController < ApiController include ControllerExtension::FetchUser + # allow optional access to this controller using API auth tokens: + before_filter :token_authenticate + before_filter :fetch_user, :only => [:update, :destroy] - before_filter :require_admin, :only => [:index] + before_filter :require_monitor, :only => [:index, :show] before_filter :require_login, :only => [:index, :update, :destroy] - before_filter :require_registration_allowed, only: :create respond_to :json @@ -19,9 +21,27 @@ module V1 end end + def show + if params[:login] + @user = User.find_by_login(params[:login]) + elsif params[:id] + @user = User.find(params[:id]) + end + if @user + respond_with @user + else + not_found + end + end + def create - @user = Account.create(params[:user]) - respond_with @user # return ID instead? + if current_user.is_monitor? + create_test_account + elsif APP_CONFIG[:allow_registration] + create_account + else + head :forbidden + end end def update @@ -30,19 +50,34 @@ module V1 end def destroy - @user.account.destroy(params[:identities] == "destroy") + destroy_identity = current_user.is_monitor? || params[:identities] == "destroy" + @user.account.destroy(destroy_identity) if @user == current_user logout end render :json => {'success' => 'user deleted'} end - protected + private + + # tester auth can only create test users. + def create_test_account + if User::is_test?(params[:user][:login]) + @user = Account.create(params[:user]) + respond_with @user + else + head :forbidden + end + end - def require_registration_allowed - unless APP_CONFIG[:allow_registration] + def create_account + if APP_CONFIG[:allow_registration] + @user = Account.create(params[:user]) + respond_with @user # return ID instead? + else head :forbidden end end + end end |