diff options
Diffstat (limited to 'app/controllers')
20 files changed, 99 insertions, 57 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb new file mode 100644 index 0000000..42e8983 --- /dev/null +++ b/app/controllers/account_controller.rb @@ -0,0 +1,19 @@ +class AccountController < ApplicationController + + before_filter :require_registration_allowed + before_filter :redirect_if_logged_in + + respond_to :html + + def new + @user = User.new + end + + protected + + def require_registration_allowed + unless APP_CONFIG[:allow_registration] + redirect_to home_path + end + end +end diff --git a/app/controllers/account_settings_controller.rb b/app/controllers/account_settings_controller.rb deleted file mode 100644 index e69de29..0000000 --- a/app/controllers/account_settings_controller.rb +++ /dev/null diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/api/certs_controller.rb index ffa6e35..46a84d3 100644 --- a/app/controllers/v1/certs_controller.rb +++ b/app/controllers/api/certs_controller.rb @@ -1,4 +1,4 @@ -class V1::CertsController < ApiController +class Api::CertsController < ApiController before_filter :require_login, :unless => :anonymous_access_allowed? before_filter :require_enabled diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/api/configs_controller.rb index 4a6f455..0f9b8a6 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/api/configs_controller.rb @@ -1,17 +1,15 @@ -class V1::ConfigsController < ApiController +class Api::ConfigsController < ApiController include ControllerExtension::JsonFile before_filter :require_login, :unless => :anonymous_access_allowed? before_filter :sanitize_id, only: :show - before_filter :lookup_file, only: :show - before_filter :fetch_file, only: :show def index render json: {services: service_paths} end def show - send_file + send_file lookup_file end protected @@ -23,7 +21,11 @@ class V1::ConfigsController < ApiController } def service_paths - Hash[SERVICE_IDS.map{|k,v| [k,"/1/configs/#{v}.json"] } ] + Hash[SERVICE_IDS.map{|k,v| [k,"/#{api_version}/configs/#{v}.json"] } ] + end + + def api_version + ["1", "2"].include?(params[:version]) ? params[:version] : "2" end def sanitize_id @@ -34,6 +36,6 @@ class V1::ConfigsController < ApiController def lookup_file path = APP_CONFIG[:config_file_paths][@id] not_found if path.blank? - @filename = Rails.root.join path + Rails.root.join path end end diff --git a/app/controllers/v1/identities_controller.rb b/app/controllers/api/identities_controller.rb index 4efd1f5..de4910a 100644 --- a/app/controllers/v1/identities_controller.rb +++ b/app/controllers/api/identities_controller.rb @@ -1,8 +1,10 @@ -module V1 +module Api class IdentitiesController < ApiController before_filter :token_authenticate before_filter :require_monitor + respond_to :json + def show @identity = Identity.find_by_address(params[:id]) if @identity diff --git a/app/controllers/v1/messages_controller.rb b/app/controllers/api/messages_controller.rb index c0ca0c7..a69a40a 100644 --- a/app/controllers/v1/messages_controller.rb +++ b/app/controllers/api/messages_controller.rb @@ -1,4 +1,4 @@ -module V1 +module Api class MessagesController < ApiController before_filter :require_login diff --git a/app/controllers/v1/services_controller.rb b/app/controllers/api/services_controller.rb index 523eb44..58e129c 100644 --- a/app/controllers/v1/services_controller.rb +++ b/app/controllers/api/services_controller.rb @@ -1,7 +1,9 @@ -class V1::ServicesController < ApiController +class Api::ServicesController < ApiController before_filter :require_login, :unless => :anonymous_access_allowed? + respond_to :json + def show respond_with current_user.effective_service_level end diff --git a/app/controllers/v1/sessions_controller.rb b/app/controllers/api/sessions_controller.rb index a343d9b..178f86e 100644 --- a/app/controllers/v1/sessions_controller.rb +++ b/app/controllers/api/sessions_controller.rb @@ -1,7 +1,8 @@ -module V1 +module Api class SessionsController < ApiController before_filter :require_login, only: :destroy + respond_to :json def new @session = Session.new diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/api/smtp_certs_controller.rb index 5760645..d9eab7d 100644 --- a/app/controllers/v1/smtp_certs_controller.rb +++ b/app/controllers/api/smtp_certs_controller.rb @@ -1,4 +1,4 @@ -class V1::SmtpCertsController < ApiController +class Api::SmtpCertsController < ApiController before_filter :require_login before_filter :require_email_account diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/api/users_controller.rb index 6640d10..709e076 100644 --- a/app/controllers/v1/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -1,4 +1,4 @@ -module V1 +module Api class UsersController < ApiController include ControllerExtension::FetchUser @@ -28,12 +28,20 @@ module V1 @user = User.find(params[:id]) end if @user - respond_with @user + respond_with user_response else not_found end end + def user_response + @user.to_hash.tap do |user_hash| + if @user == current_user + user_hash['is_admin'] = @user.is_admin? + end + end + end + def create if current_user.is_monitor? create_test_account @@ -50,8 +58,7 @@ module V1 end def destroy - destroy_identity = current_user.is_monitor? || params[:identities] == "destroy" - @user.account.destroy(destroy_identity) + @user.account.destroy(release_handles) if @user == current_user logout end @@ -60,6 +67,10 @@ module V1 private + def release_handles + current_user.is_monitor? || params[:identities] == "destroy" + end + # tester auth can only create test users. def create_test_account if User::is_test?(params[:user][:login]) diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 70b3cac..95c8f57 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,7 +1,6 @@ class ApiController < ApplicationController skip_before_filter :verify_authenticity_token - respond_to :json protected diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 079dc18..8d08a2c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -4,13 +4,24 @@ class ApplicationController < ActionController::Base before_filter :no_cache_header before_filter :no_frame_header before_filter :language_header + + # UPGRADE: this won't be needed in Rails 5 anymore as it's the default + # behavior if a template is present but a different format would be + # rendered and that template is not present + before_filter :verify_request_format!, if: :mime_types_specified + rescue_from StandardError, :with => :default_error_handler - rescue_from RestClient::Exception, :with => :default_error_handler + rescue_from CouchRest::Exception, :with => :default_error_handler ActiveSupport.run_load_hooks(:application_controller, self) protected + def mime_types_specified + mimes = collect_mimes_from_class_level + mimes.present? + end + def default_error_handler(exc) respond_to do |format| format.json { render_json_error(exc) } diff --git a/app/controllers/controller_extension/fetch_user.rb b/app/controllers/controller_extension/fetch_user.rb index 97f92fa..632291d 100644 --- a/app/controllers/controller_extension/fetch_user.rb +++ b/app/controllers/controller_extension/fetch_user.rb @@ -22,7 +22,7 @@ module ControllerExtension::FetchUser @user = User.find(params[:user_id] || params[:id]) if current_user.is_admin? || current_user.is_monitor? if @user.nil? - not_found(t(:no_such_thing, :thing => 'user'), users_url) + not_found(t(:no_such_user), users_url) elsif current_user.is_monitor? access_denied unless @user.is_test? end diff --git a/app/controllers/controller_extension/json_file.rb b/app/controllers/controller_extension/json_file.rb index 6be919a..df9cf55 100644 --- a/app/controllers/controller_extension/json_file.rb +++ b/app/controllers/controller_extension/json_file.rb @@ -4,20 +4,25 @@ module ControllerExtension::JsonFile protected - def send_file - if stale?(:last_modified => @file.mtime) - response.content_type = 'application/json' - render :text => @file.read + def send_file(filename) + file = fetch_file(filename) + if file.present? + send_file_or_cache_hit(file) + else + not_found end end - def fetch_file - if File.exists?(@filename) - @file = File.new(@filename) - else - not_found + def send_file_or_cache_hit(file) + if stale?(:last_modified => file.mtime) + response.content_type = 'application/json' + render :text => file.read end end + def fetch_file(filename) + File.new(filename) if File.exist?(filename) + end + end diff --git a/app/controllers/errors_controller.rb b/app/controllers/errors_controller.rb index d869ab5..80c270f 100644 --- a/app/controllers/errors_controller.rb +++ b/app/controllers/errors_controller.rb @@ -1,5 +1,7 @@ # We render http errors ourselves so we can customize them class ErrorsController < ApplicationController + respond_to :html + # 404 def not_found render status: 404 diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb index 1d62178..86c36e9 100644 --- a/app/controllers/home_controller.rb +++ b/app/controllers/home_controller.rb @@ -1,6 +1,8 @@ class HomeController < ApplicationController layout 'home' + respond_to :html + def index if logged_in? redirect_to current_user diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index e0f39e3..b9c601a 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb @@ -2,7 +2,9 @@ # Render static pages # + class PagesController < ApplicationController + respond_to :html def show @show_navigation = false diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 34d4f53..18e5216 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,6 +1,7 @@ class SessionsController < ApplicationController before_filter :redirect_if_logged_in, :only => [:new] + respond_to :html, :json def new @session = Session.new @@ -16,7 +17,7 @@ class SessionsController < ApplicationController end # - # Warden will catch all 401s and run this instead: + # Warden will catch all 401s and triggers this action: # def unauthenticated login_required diff --git a/app/controllers/static_config_controller.rb b/app/controllers/static_config_controller.rb index c78e006..46e7cd2 100644 --- a/app/controllers/static_config_controller.rb +++ b/app/controllers/static_config_controller.rb @@ -5,13 +5,9 @@ class StaticConfigController < ActionController::Base include ControllerExtension::JsonFile before_filter :set_minimum_client_version - before_filter :set_filename - before_filter :fetch_file - - PROVIDER_JSON = Rails.root.join('config', 'provider', 'provider.json') def provider - send_file + send_file provider_json end protected @@ -23,7 +19,8 @@ class StaticConfigController < ActionController::Base APP_CONFIG[:minimum_client_version].to_s end - def set_filename - @filename = PROVIDER_JSON + def provider_json + Rails.root.join APP_CONFIG[:config_file_paths]['provider'] end + end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 1404b0e..0a0f551 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -5,11 +5,9 @@ class UsersController < ApplicationController include ControllerExtension::FetchUser - before_filter :require_login, :except => [:new] - before_filter :redirect_if_logged_in, :only => [:new] + before_filter :require_login before_filter :require_admin, :only => [:index, :deactivate, :enable] - before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable] - before_filter :require_registration_allowed, only: :new + before_filter :fetch_user, :except => [:index] respond_to :html @@ -27,25 +25,12 @@ class UsersController < ApplicationController @users = @users.limit(100) end - def new - @user = User.new - end - def show end def edit end - ## added so updating service level works, but not sure we will actually want this. also not sure that this is place to prevent user from updating own effective service level, but here as placeholder: - def update - @user.update_attributes(params[:user]) unless (!admin? and params[:user][:effective_service_level]) - if @user.valid? - flash[:notice] = I18n.t(:changes_saved) - end - respond_with @user, :location => edit_user_path(@user) - end - def deactivate @user.account.disable flash[:notice] = I18n.t("actions.user_disabled_message", username: @user.username) @@ -73,10 +58,11 @@ class UsersController < ApplicationController protected - def require_registration_allowed - unless APP_CONFIG[:allow_registration] - redirect_to home_path + def user_params + if admin? + params.require(:user).permit(:effective_service_level) + else + params.require(:user).permit(:password, :password_confirmation) end end - end |