diff options
author | elijah <elijah@riseup.net> | 2014-11-11 13:06:42 -0800 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2014-11-11 13:06:42 -0800 |
commit | c3305f1c29a1a37913bfb05cd11d547e9d7f16a0 (patch) | |
tree | cbe7844b1cf7c3b0370080af27f76702564e1c18 /app | |
parent | c8b9e7ac72d27997603dbede8001fca7d3f40e1a (diff) | |
parent | cbf73046f42aeafb760e378d872f8c06f8bdfe86 (diff) |
Merge branch 'test/feature-for-service-endpoint' of https://github.com/azul/leap_web into develop
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/api_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/v1/certs_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/v1/configs_controller.rb | 35 | ||||
-rw-r--r-- | app/controllers/v1/services_controller.rb | 2 |
4 files changed, 27 insertions, 22 deletions
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 0aa9507..70b3cac 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -3,9 +3,15 @@ class ApiController < ApplicationController skip_before_filter :verify_authenticity_token respond_to :json + protected + def require_login require_token end + def anonymous_access_allowed? + APP_CONFIG[:allow_anonymous_certs] + end + end diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb index 68d6586..99aec16 100644 --- a/app/controllers/v1/certs_controller.rb +++ b/app/controllers/v1/certs_controller.rb @@ -1,6 +1,6 @@ class V1::CertsController < ApiController - before_filter :require_login, :unless => :anonymous_certs_allowed? + before_filter :require_login, :unless => :anonymous_access_allowed? # GET /cert # deprecated - we actually create a new cert and that can @@ -18,10 +18,6 @@ class V1::CertsController < ApiController protected - def anonymous_certs_allowed? - APP_CONFIG[:allow_anonymous_certs] - end - def service_level current_user.effective_service_level end diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb index 0af21d2..4a6f455 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/v1/configs_controller.rb @@ -1,8 +1,9 @@ class V1::ConfigsController < ApiController include ControllerExtension::JsonFile - before_filter :require_login, :unless => :anonymous_certs_allowed? - before_filter :sanitize_filename, only: :show + before_filter :require_login, :unless => :anonymous_access_allowed? + before_filter :sanitize_id, only: :show + before_filter :lookup_file, only: :show before_filter :fetch_file, only: :show def index @@ -13,26 +14,26 @@ class V1::ConfigsController < ApiController send_file end - SERVICES = { - soledad: "soledad-service.json", - eip: "eip-service.json", - smtp: "smtp-service.json" - } - protected - def anonymous_certs_allowed? - APP_CONFIG[:allow_anonymous_certs] - end + SERVICE_IDS = { + soledad: "soledad-service", + eip: "eip-service", + smtp: "smtp-service" + } def service_paths - Hash[SERVICES.map{|k,v| [k,"/1/configs/#{v}"] } ] + Hash[SERVICE_IDS.map{|k,v| [k,"/1/configs/#{v}.json"] } ] + end + + def sanitize_id + @id = params[:id].downcase + access_denied unless SERVICE_IDS.values.include? @id end - def sanitize_filename - @filename = params[:id].downcase - @filename += '.json' unless @filename.ends_with?('.json') - access_denied unless SERVICES.values.include? @filename - @filename = Rails.root.join('public', '1', 'config', @filename) + def lookup_file + path = APP_CONFIG[:config_file_paths][@id] + not_found if path.blank? + @filename = Rails.root.join path end end diff --git a/app/controllers/v1/services_controller.rb b/app/controllers/v1/services_controller.rb index 114870f..523eb44 100644 --- a/app/controllers/v1/services_controller.rb +++ b/app/controllers/v1/services_controller.rb @@ -1,5 +1,7 @@ class V1::ServicesController < ApiController + before_filter :require_login, :unless => :anonymous_access_allowed? + def show respond_with current_user.effective_service_level end |