diff options
Diffstat (limited to 'app/controllers/v1/users_controller.rb')
| -rw-r--r-- | app/controllers/v1/users_controller.rb | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb index abaefd8..5c9e33f 100644 --- a/app/controllers/v1/users_controller.rb +++ b/app/controllers/v1/users_controller.rb @@ -1,10 +1,9 @@ module V1 - class UsersController < UsersBaseController + class UsersController < ApiController - skip_before_filter :verify_authenticity_token before_filter :fetch_user, :only => [:update] before_filter :require_admin, :only => [:index] - before_filter :require_token, :only => [:update] + before_filter :require_login, :only => [:index, :update] before_filter :require_registration_allowed, only: :create respond_to :json @@ -29,11 +28,20 @@ module V1 respond_with @user end + protected + def require_registration_allowed unless APP_CONFIG[:allow_registration] head :forbidden end end + def fetch_user + @user = User.find(params[:id]) + if @user != current_user + access_denied + end + end + end end |