| Age | Commit message (Collapse) | Author |
|---|
|
There are some places where we only want to require login unless you can use EIP anonymously. So far we had an anonymous_certs_allowed? method in all these controllers. Now it's replaced with ApiController#anonymous_access_allowed?. The naming better reflects that there might be other services that allow anonymous use at some point.
This also fixed a typo name -> @filename that broke the ConfigsController.
|
|
require_login is require_token for the api controller
It also skips the verify_authenticity_token before filter.
So all Subclasses of the ApiController will only support token auth.
Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either.
|
|
:api/service will return a hash of the current users service level
This is failiing if the user is not logged in. Instead it should return the service description for an anonymous user.
|
