summaryrefslogtreecommitdiff
path: root/app/controllers/v1/users_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/v1/users_controller.rb')
-rw-r--r--app/controllers/v1/users_controller.rb14
1 files changed, 11 insertions, 3 deletions
diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb
index abaefd8..5c9e33f 100644
--- a/app/controllers/v1/users_controller.rb
+++ b/app/controllers/v1/users_controller.rb
@@ -1,10 +1,9 @@
module V1
- class UsersController < UsersBaseController
+ class UsersController < ApiController
- skip_before_filter :verify_authenticity_token
before_filter :fetch_user, :only => [:update]
before_filter :require_admin, :only => [:index]
- before_filter :require_token, :only => [:update]
+ before_filter :require_login, :only => [:index, :update]
before_filter :require_registration_allowed, only: :create
respond_to :json
@@ -29,11 +28,20 @@ module V1
respond_with @user
end
+ protected
+
def require_registration_allowed
unless APP_CONFIG[:allow_registration]
head :forbidden
end
end
+ def fetch_user
+ @user = User.find(params[:id])
+ if @user != current_user
+ access_denied
+ end
+ end
+
end
end