diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/account_controller.rb | 17 | ||||
| -rw-r--r-- | app/controllers/api/certs_controller.rb (renamed from app/controllers/v1/certs_controller.rb) | 2 | ||||
| -rw-r--r-- | app/controllers/api/configs_controller.rb (renamed from app/controllers/v1/configs_controller.rb) | 14 | ||||
| -rw-r--r-- | app/controllers/api/identities_controller.rb (renamed from app/controllers/v1/identities_controller.rb) | 2 | ||||
| -rw-r--r-- | app/controllers/api/messages_controller.rb (renamed from app/controllers/v1/messages_controller.rb) | 2 | ||||
| -rw-r--r-- | app/controllers/api/services_controller.rb (renamed from app/controllers/v1/services_controller.rb) | 2 | ||||
| -rw-r--r-- | app/controllers/api/sessions_controller.rb (renamed from app/controllers/v1/sessions_controller.rb) | 2 | ||||
| -rw-r--r-- | app/controllers/api/smtp_certs_controller.rb (renamed from app/controllers/v1/smtp_certs_controller.rb) | 2 | ||||
| -rw-r--r-- | app/controllers/api/users_controller.rb (renamed from app/controllers/v1/users_controller.rb) | 9 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/controller_extension/fetch_user.rb | 2 | ||||
| -rw-r--r-- | app/controllers/controller_extension/json_file.rb | 23 | ||||
| -rw-r--r-- | app/controllers/static_config_controller.rb | 11 | ||||
| -rw-r--r-- | app/controllers/users_controller.rb | 28 |
14 files changed, 64 insertions, 54 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb new file mode 100644 index 0000000..ee7cca4 --- /dev/null +++ b/app/controllers/account_controller.rb @@ -0,0 +1,17 @@ +class AccountController < ApplicationController + + before_filter :require_registration_allowed + before_filter :redirect_if_logged_in + + def new + @user = User.new + end + + protected + + def require_registration_allowed + unless APP_CONFIG[:allow_registration] + redirect_to home_path + end + end +end diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/api/certs_controller.rb index ffa6e35..46a84d3 100644 --- a/app/controllers/v1/certs_controller.rb +++ b/app/controllers/api/certs_controller.rb @@ -1,4 +1,4 @@ -class V1::CertsController < ApiController +class Api::CertsController < ApiController before_filter :require_login, :unless => :anonymous_access_allowed? before_filter :require_enabled diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/api/configs_controller.rb index 4a6f455..0f9b8a6 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/api/configs_controller.rb @@ -1,17 +1,15 @@ -class V1::ConfigsController < ApiController +class Api::ConfigsController < ApiController include ControllerExtension::JsonFile before_filter :require_login, :unless => :anonymous_access_allowed? before_filter :sanitize_id, only: :show - before_filter :lookup_file, only: :show - before_filter :fetch_file, only: :show def index render json: {services: service_paths} end def show - send_file + send_file lookup_file end protected @@ -23,7 +21,11 @@ class V1::ConfigsController < ApiController } def service_paths - Hash[SERVICE_IDS.map{|k,v| [k,"/1/configs/#{v}.json"] } ] + Hash[SERVICE_IDS.map{|k,v| [k,"/#{api_version}/configs/#{v}.json"] } ] + end + + def api_version + ["1", "2"].include?(params[:version]) ? params[:version] : "2" end def sanitize_id @@ -34,6 +36,6 @@ class V1::ConfigsController < ApiController def lookup_file path = APP_CONFIG[:config_file_paths][@id] not_found if path.blank? - @filename = Rails.root.join path + Rails.root.join path end end diff --git a/app/controllers/v1/identities_controller.rb b/app/controllers/api/identities_controller.rb index 4efd1f5..ab2ac00 100644 --- a/app/controllers/v1/identities_controller.rb +++ b/app/controllers/api/identities_controller.rb @@ -1,4 +1,4 @@ -module V1 +module Api class IdentitiesController < ApiController before_filter :token_authenticate before_filter :require_monitor diff --git a/app/controllers/v1/messages_controller.rb b/app/controllers/api/messages_controller.rb index c0ca0c7..a69a40a 100644 --- a/app/controllers/v1/messages_controller.rb +++ b/app/controllers/api/messages_controller.rb @@ -1,4 +1,4 @@ -module V1 +module Api class MessagesController < ApiController before_filter :require_login diff --git a/app/controllers/v1/services_controller.rb b/app/controllers/api/services_controller.rb index 523eb44..da2774b 100644 --- a/app/controllers/v1/services_controller.rb +++ b/app/controllers/api/services_controller.rb @@ -1,4 +1,4 @@ -class V1::ServicesController < ApiController +class Api::ServicesController < ApiController before_filter :require_login, :unless => :anonymous_access_allowed? diff --git a/app/controllers/v1/sessions_controller.rb b/app/controllers/api/sessions_controller.rb index a343d9b..c8deb7a 100644 --- a/app/controllers/v1/sessions_controller.rb +++ b/app/controllers/api/sessions_controller.rb @@ -1,4 +1,4 @@ -module V1 +module Api class SessionsController < ApiController before_filter :require_login, only: :destroy diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/api/smtp_certs_controller.rb index 5760645..d9eab7d 100644 --- a/app/controllers/v1/smtp_certs_controller.rb +++ b/app/controllers/api/smtp_certs_controller.rb @@ -1,4 +1,4 @@ -class V1::SmtpCertsController < ApiController +class Api::SmtpCertsController < ApiController before_filter :require_login before_filter :require_email_account diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/api/users_controller.rb index 6640d10..c79a729 100644 --- a/app/controllers/v1/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -1,4 +1,4 @@ -module V1 +module Api class UsersController < ApiController include ControllerExtension::FetchUser @@ -50,8 +50,7 @@ module V1 end def destroy - destroy_identity = current_user.is_monitor? || params[:identities] == "destroy" - @user.account.destroy(destroy_identity) + @user.account.destroy(release_handles) if @user == current_user logout end @@ -60,6 +59,10 @@ module V1 private + def release_handles + current_user.is_monitor? || params[:identities] == "destroy" + end + # tester auth can only create test users. def create_test_account if User::is_test?(params[:user][:login]) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 079dc18..2af2f29 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,7 +5,7 @@ class ApplicationController < ActionController::Base before_filter :no_frame_header before_filter :language_header rescue_from StandardError, :with => :default_error_handler - rescue_from RestClient::Exception, :with => :default_error_handler + rescue_from CouchRest::Exception, :with => :default_error_handler ActiveSupport.run_load_hooks(:application_controller, self) diff --git a/app/controllers/controller_extension/fetch_user.rb b/app/controllers/controller_extension/fetch_user.rb index 97f92fa..632291d 100644 --- a/app/controllers/controller_extension/fetch_user.rb +++ b/app/controllers/controller_extension/fetch_user.rb @@ -22,7 +22,7 @@ module ControllerExtension::FetchUser @user = User.find(params[:user_id] || params[:id]) if current_user.is_admin? || current_user.is_monitor? if @user.nil? - not_found(t(:no_such_thing, :thing => 'user'), users_url) + not_found(t(:no_such_user), users_url) elsif current_user.is_monitor? access_denied unless @user.is_test? end diff --git a/app/controllers/controller_extension/json_file.rb b/app/controllers/controller_extension/json_file.rb index 6be919a..df9cf55 100644 --- a/app/controllers/controller_extension/json_file.rb +++ b/app/controllers/controller_extension/json_file.rb @@ -4,20 +4,25 @@ module ControllerExtension::JsonFile protected - def send_file - if stale?(:last_modified => @file.mtime) - response.content_type = 'application/json' - render :text => @file.read + def send_file(filename) + file = fetch_file(filename) + if file.present? + send_file_or_cache_hit(file) + else + not_found end end - def fetch_file - if File.exists?(@filename) - @file = File.new(@filename) - else - not_found + def send_file_or_cache_hit(file) + if stale?(:last_modified => file.mtime) + response.content_type = 'application/json' + render :text => file.read end end + def fetch_file(filename) + File.new(filename) if File.exist?(filename) + end + end diff --git a/app/controllers/static_config_controller.rb b/app/controllers/static_config_controller.rb index c78e006..46e7cd2 100644 --- a/app/controllers/static_config_controller.rb +++ b/app/controllers/static_config_controller.rb @@ -5,13 +5,9 @@ class StaticConfigController < ActionController::Base include ControllerExtension::JsonFile before_filter :set_minimum_client_version - before_filter :set_filename - before_filter :fetch_file - - PROVIDER_JSON = Rails.root.join('config', 'provider', 'provider.json') def provider - send_file + send_file provider_json end protected @@ -23,7 +19,8 @@ class StaticConfigController < ActionController::Base APP_CONFIG[:minimum_client_version].to_s end - def set_filename - @filename = PROVIDER_JSON + def provider_json + Rails.root.join APP_CONFIG[:config_file_paths]['provider'] end + end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 1404b0e..4d198b9 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -5,11 +5,9 @@ class UsersController < ApplicationController include ControllerExtension::FetchUser - before_filter :require_login, :except => [:new] - before_filter :redirect_if_logged_in, :only => [:new] + before_filter :require_login before_filter :require_admin, :only => [:index, :deactivate, :enable] - before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable] - before_filter :require_registration_allowed, only: :new + before_filter :fetch_user, :only => [:show, :edit, :destroy, :deactivate, :enable] respond_to :html @@ -27,25 +25,12 @@ class UsersController < ApplicationController @users = @users.limit(100) end - def new - @user = User.new - end - def show end def edit end - ## added so updating service level works, but not sure we will actually want this. also not sure that this is place to prevent user from updating own effective service level, but here as placeholder: - def update - @user.update_attributes(params[:user]) unless (!admin? and params[:user][:effective_service_level]) - if @user.valid? - flash[:notice] = I18n.t(:changes_saved) - end - respond_with @user, :location => edit_user_path(@user) - end - def deactivate @user.account.disable flash[:notice] = I18n.t("actions.user_disabled_message", username: @user.username) @@ -73,10 +58,11 @@ class UsersController < ApplicationController protected - def require_registration_allowed - unless APP_CONFIG[:allow_registration] - redirect_to home_path + def user_params + if admin? + params.require(:user).permit(:effective_service_level) + else + params.require(:user).permit(:password, :password_confirmation) end end - end |