user_access_token_controller.rb 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135
  1. # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
  2. class UserAccessTokenController < ApplicationController
  3. prepend_before_action { authentication_check(permission: 'user_preferences.access_token') }
  4. =begin
  5. Resource:
  6. GET /api/v1/user_access_token
  7. Response:
  8. {
  9. "tokens":[
  10. {"id":1,"label":"some user access token","preferences":{"permission":["cti.agent","ticket.agent"]},"last_used_at":null,"expires_at":null,"created_at":"2018-07-11T08:18:56.947Z"}
  11. {"id":2,"label":"some user access token 2","preferences":{"permission":[ticket.agent"]},"last_used_at":null,"expires_at":null,"created_at":"2018-07-11T08:18:56.947Z"}
  12. ],
  13. "permissions":[
  14. {id: 1, name: "admin", note: "Admin Interface", preferences: {}, active: true,...},
  15. {id: 2, name: "admin.user", note: "Manage Users", preferences: {}, active: true,...},
  16. ...
  17. ]
  18. }
  19. Test:
  20. curl http://localhost/api/v1/user_access_token -v -u #{login}:#{password}
  21. =end
  22. def index
  23. tokens = Token.where(action: 'api', persistent: true, user_id: current_user.id).order('updated_at DESC, label ASC')
  24. token_list = []
  25. tokens.each do |token|
  26. attributes = token.attributes
  27. attributes.delete('persistent')
  28. attributes.delete('name')
  29. token_list.push attributes
  30. end
  31. local_permissions = current_user.permissions
  32. local_permissions_new = {}
  33. local_permissions.each_key do |key|
  34. keys = Object.const_get('Permission').with_parents(key)
  35. keys.each do |local_key|
  36. next if local_permissions_new.key?([local_key])
  37. if local_permissions[local_key] == true
  38. local_permissions_new[local_key] = true
  39. next
  40. end
  41. local_permissions_new[local_key] = false
  42. end
  43. end
  44. permissions = []
  45. Permission.all.where(active: true).order(:name).each do |permission|
  46. next if !local_permissions_new.key?(permission.name) && !current_user.permissions?(permission.name)
  47. permission_attributes = permission.attributes
  48. if local_permissions_new[permission.name] == false
  49. permission_attributes['preferences']['disabled'] = true
  50. end
  51. permissions.push permission_attributes
  52. end
  53. render json: {
  54. tokens: token_list,
  55. permissions: permissions,
  56. }, status: :ok
  57. end
  58. =begin
  59. Resource:
  60. POST /api/v1/user_access_token
  61. Payload:
  62. {
  63. "label":"some test",
  64. "permission":["cti.agent","ticket.agent"],
  65. "expires_at":null
  66. }
  67. Response:
  68. {
  69. "name":"new_token_only_shown_once"
  70. }
  71. Test:
  72. curl http://localhost/api/v1/user_access_token -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"label":"some test","permission":["cti.agent","ticket.agent"],"expires_at":null}'
  73. =end
  74. def create
  75. if Setting.get('api_token_access') == false
  76. raise Exceptions::UnprocessableEntity, 'API token access disabled!'
  77. end
  78. if params[:label].blank?
  79. raise Exceptions::UnprocessableEntity, 'Need label!'
  80. end
  81. token = Token.create!(
  82. action: 'api',
  83. label: params[:label],
  84. persistent: true,
  85. user_id: current_user.id,
  86. expires_at: params[:expires_at],
  87. preferences: {
  88. permission: params[:permission]
  89. }
  90. )
  91. render json: {
  92. name: token.name,
  93. }, status: :ok
  94. end
  95. =begin
  96. Resource:
  97. DELETE /api/v1/user_access_token/{id}
  98. Response:
  99. {}
  100. Test:
  101. curl http://localhost/api/v1/user_access_token/{id} -v -u #{login}:#{password} -H "Content-Type: application/json" -X DELETE
  102. =end
  103. def destroy
  104. token = Token.find_by(action: 'api', user_id: current_user.id, id: params[:id])
  105. raise Exceptions::UnprocessableEntity, 'Unable to find api token!' if !token
  106. token.destroy!
  107. render json: {}, status: :ok
  108. end
  109. end