summaryrefslogtreecommitdiff
path: root/users/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'users/app/controllers')
-rw-r--r--users/app/controllers/controller_extension/authentication.rb4
-rw-r--r--users/app/controllers/controller_extension/token_authentication.rb4
-rw-r--r--users/app/controllers/users_controller.rb4
-rw-r--r--users/app/controllers/v1/users_controller.rb4
4 files changed, 10 insertions, 6 deletions
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index d831fbe..e83d6b2 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -15,7 +15,7 @@ module ControllerExtension::Authentication
!!current_user
end
- def authorize
+ def require_login
access_denied unless logged_in?
end
@@ -38,7 +38,7 @@ module ControllerExtension::Authentication
current_user && current_user.is_admin?
end
- def authorize_admin
+ def require_admin
access_denied unless admin?
end
diff --git a/users/app/controllers/controller_extension/token_authentication.rb b/users/app/controllers/controller_extension/token_authentication.rb
index cd5c074..ee24f73 100644
--- a/users/app/controllers/controller_extension/token_authentication.rb
+++ b/users/app/controllers/controller_extension/token_authentication.rb
@@ -11,6 +11,10 @@ module ControllerExtension::TokenAuthentication
token.authenticate if token
end
+ def require_token
+ access_denied unless token
+ end
+
def logout
super
clear_token
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb
index a5461cd..6b32d49 100644
--- a/users/app/controllers/users_controller.rb
+++ b/users/app/controllers/users_controller.rb
@@ -4,9 +4,9 @@
class UsersController < UsersBaseController
- before_filter :authorize, :only => [:show, :edit, :update, :destroy]
+ before_filter :require_login, :except => [:new]
+ before_filter :require_admin, :only => [:index, :deactivate, :enable]
before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable]
- before_filter :authorize_admin, :only => [:index, :deactivate, :enable]
respond_to :html
diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb
index 0903888..a16c6e9 100644
--- a/users/app/controllers/v1/users_controller.rb
+++ b/users/app/controllers/v1/users_controller.rb
@@ -3,8 +3,8 @@ module V1
skip_before_filter :verify_authenticity_token
before_filter :fetch_user, :only => [:update]
- before_filter :authorize, :only => [:update]
- before_filter :authorize_admin, :only => [:index]
+ before_filter :require_login, :only => [:update, :index]
+ before_filter :require_admin, :only => [:index]
respond_to :json