Age | Commit message (Collapse) | Author |
|
We used to just ignore the key.
Also separated the code for handling key updates from other
user updates. This should eventually be moved to a different
route. Mixing the two makes the implementation really hard.
|
|
feat: allow unauthenticated access to list of configs
Closes #8800
See merge request leap/webapp!45
|
|
fixes #8801
Includes a test reproducing 500 on lynx
We now make use of ActionController::Parameters require and permit
methods.
|
|
This should simplify client code significantly according to
platform#8849
|
|
We now use the hash of the token for comparison and as the id.
In order to use it you need the original token though. So forms and
thus the session should have token.to_s rather than token.id.
|
|
If you inherit respond to and call it again in your controller
it will not overwrite the previous but add to it.
Since we always have some exceptions from the rules it's probably
easiest to be explicit in the controllers that require it themselves.
|
|
for him/herself
So that it we do not expose the is_admin property to anyone else
including other admins.
|
|
This expresses the intent rather than the implementation.
Also replace temp with query refactoring.
|
|
Now we test both api versions. We want this for backwards compatibility.
|
|
|