diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/v1/configs_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/v1/users_controller.rb | 12 |
2 files changed, 11 insertions, 3 deletions
diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb index 9c01605..0af21d2 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/v1/configs_controller.rb @@ -32,7 +32,7 @@ class V1::ConfigsController < ApiController def sanitize_filename @filename = params[:id].downcase @filename += '.json' unless @filename.ends_with?('.json') - access_denied unless SERVICES.values.include? name + access_denied unless SERVICES.values.include? @filename @filename = Rails.root.join('public', '1', 'config', @filename) end end diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb index bfa04fc..d57db6f 100644 --- a/app/controllers/v1/users_controller.rb +++ b/app/controllers/v1/users_controller.rb @@ -2,9 +2,9 @@ module V1 class UsersController < ApiController include ControllerExtension::FetchUser - before_filter :fetch_user, :only => [:update] + before_filter :fetch_user, :only => [:update, :destroy] before_filter :require_admin, :only => [:index] - before_filter :require_login, :only => [:index, :update] + before_filter :require_login, :only => [:index, :update, :destroy] before_filter :require_registration_allowed, only: :create respond_to :json @@ -29,6 +29,14 @@ module V1 respond_with @user end + def destroy + @user.account.destroy + if @user == current_user + logout + end + render :json => {'success' => 'user deleted'} + end + protected def require_registration_allowed |