user_access_token_controller.rb 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. class UserAccessTokenController < ApplicationController
  3. prepend_before_action :authenticate_and_authorize!
  4. =begin
  5. Resource:
  6. GET /api/v1/user_access_token
  7. Response:
  8. {
  9. "tokens":[
  10. {"id":1,"label":"some user access token","preferences":{"permission":["cti.agent","ticket.agent"]},"last_used_at":null,"expires_at":null,"created_at":"2018-07-11T08:18:56.947Z"}
  11. {"id":2,"label":"some user access token 2","preferences":{"permission":[ticket.agent"]},"last_used_at":null,"expires_at":null,"created_at":"2018-07-11T08:18:56.947Z"}
  12. ],
  13. "permissions":[
  14. {id: 1, name: "admin", note: "Admin Interface", preferences: {}, active: true,...},
  15. {id: 2, name: "admin.user", note: "Manage Users", preferences: {}, active: true,...},
  16. ...
  17. ]
  18. }
  19. Test:
  20. curl http://localhost/api/v1/user_access_token -v -u #{login}:#{password}
  21. =end
  22. def index
  23. tokens = Service::User::AccessToken::List.new(current_user).execute
  24. permissions = current_user.permissions_with_child_and_parent_elements
  25. render json: {
  26. tokens: tokens,
  27. permissions: permissions,
  28. }, status: :ok
  29. end
  30. =begin
  31. Resource:
  32. POST /api/v1/user_access_token
  33. Payload:
  34. {
  35. "label":"some test",
  36. "permission":["cti.agent","ticket.agent"],
  37. "expires_at":null
  38. }
  39. Response:
  40. {
  41. "name":"new_token_only_shown_once"
  42. }
  43. Test:
  44. curl http://localhost/api/v1/user_access_token -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"label":"some test","permission":["cti.agent","ticket.agent"],"expires_at":null}'
  45. =end
  46. def create
  47. if Setting.get('api_token_access') == false
  48. raise Exceptions::UnprocessableEntity, 'API token access disabled!'
  49. end
  50. if params[:name].blank?
  51. raise Exceptions::UnprocessableEntity, __("The required parameter 'name' is missing.")
  52. end
  53. token = Service::User::AccessToken::Create
  54. .new(current_user, **params.permit(:name, :expires_at, permission: []).to_h.to_options)
  55. .execute
  56. render json: {
  57. token: token.token,
  58. }, status: :ok
  59. end
  60. =begin
  61. Resource:
  62. DELETE /api/v1/user_access_token/{id}
  63. Response:
  64. {}
  65. Test:
  66. curl http://localhost/api/v1/user_access_token/{id} -v -u #{login}:#{password} -H "Content-Type: application/json" -X DELETE
  67. =end
  68. def destroy
  69. token = Token.find_by(action: 'api', user_id: current_user.id, id: params[:id])
  70. raise Exceptions::UnprocessableEntity, __('The API token could not be found.') if !token
  71. token.destroy!
  72. render json: {}, status: :ok
  73. end
  74. end