Revision 03abfb63
Added by Tomáš Strachota almost 12 years ago
- ID 03abfb63f9437ecfa2dcdbb685a8d38ef6dbedeb
app/controllers/api/base_controller.rb | ||
---|---|---|
class BaseController < ActionController::Base
|
||
|
||
before_filter :set_default_response_format
|
||
before_filter :authorize
|
||
|
||
respond_to :json
|
||
|
||
def process_error hash = {}
|
||
hash[:object] ||= get_resource || raise("Param 'object' was not defined")
|
||
|
||
hash[:json_code] ||= :unprocessable_entity
|
||
def process_error options = {}
|
||
|
||
options[:json_code] ||= :unprocessable_entity
|
||
|
||
errors = if hash[:object].respond_to?(:errors)
|
||
logger.info "Failed to save: #{hash[:object].errors.full_messages.join(", ")}"
|
||
hash[:object].errors.full_messages
|
||
errors = if options[:error]
|
||
options[:error]
|
||
else
|
||
raise("Object has to respond to errors")
|
||
options[:object] ||= get_resource || raise("No error to process")
|
||
if options[:object].respond_to?(:errors)
|
||
logger.info "Failed to save: #{options[:object].errors.full_messages.join(", ")}"
|
||
options[:object].errors.full_messages
|
||
else
|
||
raise("No error to process")
|
||
end
|
||
end
|
||
|
||
# set 403 status on permission errors
|
||
if errors.any? { |error| error =~ /You do not have permission/ }
|
||
options[:json_code] = :forbidden
|
||
end
|
||
|
||
render :json => {"errors" => errors} , :status => hash[:json_code]
|
||
render :json => {"errors" => errors} , :status => options[:json_code]
|
||
end
|
||
|
||
def get_resource
|
||
... | ... | |
end
|
||
|
||
|
||
def request_from_katello_cli?
|
||
request.headers['User-Agent'].to_s =~ /^katello-cli/
|
||
|
||
# Authorize the user for the requested action
|
||
def authorize(ctrl = params[:controller], action = params[:action])
|
||
|
||
if SETTINGS[:login]
|
||
unless User.current
|
||
user_to_login = nil
|
||
if result = authenticate_with_http_basic { |u, p| user_to_login = u; User.try_to_login(u, p) }
|
||
User.current = result
|
||
else
|
||
process_error({:error => "Unable to authenticate user %s" % user_to_login, :json_code => :unauthorized})
|
||
return false
|
||
end
|
||
end
|
||
else
|
||
# We assume we always have a user logged in, if authentication is disabled, the user is the build-in admin account.
|
||
User.current = User.find_by_login("admin")
|
||
end
|
||
|
||
# FIXME the following breaks bookmark controller as it has no Autho restrictions in the model.
|
||
# Moreover it probably doesn't make sense to have it in API controller.
|
||
#allowed = User.current.allowed_to?({:controller => ctrl.gsub(/::/, "_").underscore, :action => action})
|
||
#allowed ? true : deny_access
|
||
end
|
||
|
||
def deny_access
|
||
process_error({:error => "Access denied", :json_code => :unauthorized})
|
||
return false
|
||
end
|
||
|
||
|
||
protected
|
||
# searches for an object based on its name and assign it to an instance variable
|
||
# required for models which implement the to_param method
|
Also available in: Unified diff
api v1 - Authorization