summaryrefslogtreecommitdiff
path: root/users/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'users/app/controllers')
-rw-r--r--users/app/controllers/controller_extension/authentication.rb4
-rw-r--r--users/app/controllers/controller_extension/token_authentication.rb20
-rw-r--r--users/app/controllers/users_controller.rb4
-rw-r--r--users/app/controllers/v1/messages_controller.rb2
-rw-r--r--users/app/controllers/v1/sessions_controller.rb1
-rw-r--r--users/app/controllers/v1/users_controller.rb4
6 files changed, 20 insertions, 15 deletions
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index d831fbe..e83d6b2 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -15,7 +15,7 @@ module ControllerExtension::Authentication
!!current_user
end
- def authorize
+ def require_login
access_denied unless logged_in?
end
@@ -38,7 +38,7 @@ module ControllerExtension::Authentication
current_user && current_user.is_admin?
end
- def authorize_admin
+ def require_admin
access_denied unless admin?
end
diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb
index 530294a..6e0a6ce 100644
--- a/users/app/controllers/controller_extension/token_authentication.rb
+++ b/users/app/controllers/controller_extension/token_authentication.rb
@@ -1,11 +1,18 @@
module ControllerExtension::TokenAuthentication
extend ActiveSupport::Concern
- def token_authenticate
- authenticate_with_http_token do |token_id, options|
- @token = Token.find(token_id)
+ def token
+ @token ||= authenticate_with_http_token do |token_id, options|
+ Token.find(token_id)
end
- @token.authenticate if @token
+ end
+
+ def token_authenticate
+ @token_authenticated ||= token.authenticate if token
+ end
+
+ def require_token
+ access_denied unless token_authenticate
end
def logout
@@ -14,10 +21,7 @@ module ControllerExtension::TokenAuthentication
end
def clear_token
- authenticate_with_http_token do |token_id, options|
- @token = Token.find(token_id)
- @token.destroy if @token
- end
+ token.destroy if token
end
end
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb
index a5461cd..6b32d49 100644
--- a/users/app/controllers/users_controller.rb
+++ b/users/app/controllers/users_controller.rb
@@ -4,9 +4,9 @@
class UsersController < UsersBaseController
- before_filter :authorize, :only => [:show, :edit, :update, :destroy]
+ before_filter :require_login, :except => [:new]
+ before_filter :require_admin, :only => [:index, :deactivate, :enable]
before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable]
- before_filter :authorize_admin, :only => [:index, :deactivate, :enable]
respond_to :html
diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb
index 1b994ca..90986e2 100644
--- a/users/app/controllers/v1/messages_controller.rb
+++ b/users/app/controllers/v1/messages_controller.rb
@@ -2,7 +2,7 @@ module V1
class MessagesController < ApplicationController
skip_before_filter :verify_authenticity_token
- before_filter :authorize
+ before_filter :require_token
respond_to :json
diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb
index eb6c322..eae3a1e 100644
--- a/users/app/controllers/v1/sessions_controller.rb
+++ b/users/app/controllers/v1/sessions_controller.rb
@@ -2,6 +2,7 @@ module V1
class SessionsController < ApplicationController
skip_before_filter :verify_authenticity_token
+ before_filter :require_token, only: :destroy
def new
@session = Session.new
diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb
index 0903888..8897d01 100644
--- a/users/app/controllers/v1/users_controller.rb
+++ b/users/app/controllers/v1/users_controller.rb
@@ -3,8 +3,8 @@ module V1
skip_before_filter :verify_authenticity_token
before_filter :fetch_user, :only => [:update]
- before_filter :authorize, :only => [:update]
- before_filter :authorize_admin, :only => [:index]
+ before_filter :require_admin, :only => [:index]
+ before_filter :require_token, :only => [:update]
respond_to :json