Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Branch: stable-2.1
Branches Tags
zammad
/
app
/
controllers
/
user_access_token_controller.rb

user_access_token_controller.rb 2.3 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 
  1. # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
    2. 

  2. 

  3. class UserAccessTokenController < ApplicationController
    4. 

  4.   prepend_before_action { authentication_check(permission: 'user_preferences.access_token') }
    5. 

  5. 

  6.   def index
    7. 

  7.     tokens = Token.where(action: 'api', persistent: true, user_id: current_user.id).order('updated_at DESC, label ASC')
    8. 

  8.     token_list = []
    9. 

  9.     tokens.each do |token|
    10. 

  10.       attributes = token.attributes
    11. 

  11.       attributes.delete('persistent')
    12. 

  12.       attributes.delete('name')
    13. 

  13.       token_list.push attributes
    14. 

  14.     end
    15. 

  15.     local_permissions = current_user.permissions
    16. 

  16.     local_permissions_new = {}
    17. 

  17.     local_permissions.each do |key, _value|
    18. 

  18.       keys = Object.const_get('Permission').with_parents(key)
    19. 

  19.       keys.each do |local_key|
    20. 

  20.         next if local_permissions_new.key?([local_key])
    21. 

  21.         if local_permissions[local_key] == true
    22. 

  22.           local_permissions_new[local_key] = true
    23. 

  23.           next
    24. 

  24.         end
    25. 

  25.         local_permissions_new[local_key] = false
    26. 

  26.       end
    27. 

  27.     end
    28. 

  28.     permissions = []
    29. 

  29.     Permission.all.where(active: true).order(:name).each do |permission|
    30. 

  30.       next if !local_permissions_new.key?(permission.name) && !current_user.permissions?(permission.name)
    31. 

  31.       permission_attributes = permission.attributes
    32. 

  32.       if local_permissions_new[permission.name] == false
    33. 

  33.         permission_attributes['preferences']['disabled'] = true
    34. 

  34.       end
    35. 

  35.       permissions.push permission_attributes
    36. 

  36.     end
    37. 

  37. 

  38.     render json: {
    39. 

  39.       tokens: token_list,
    40. 

  40.       permissions: permissions,
    41. 

  41.     }, status: :ok
    42. 

  42.   end
    43. 

  43. 

  44.   def create
    45. 

  45.     if Setting.get('api_token_access') == false
    46. 

  46.       raise Exceptions::UnprocessableEntity, 'API token access disabled!'
    47. 

  47.     end
    48. 

  48.     if params[:label].empty?
    49. 

  49.       raise Exceptions::UnprocessableEntity, 'Need label!'
    50. 

  50.     end
    51. 

  51.     token = Token.create(
    52. 

  52.       action:      'api',
    53. 

  53.       label:       params[:label],
    54. 

  54.       persistent:  true,
    55. 

  55.       user_id:     current_user.id,
    56. 

  56.       expires_at:  params[:expires_at],
    57. 

  57.       preferences: {
    58. 

  58.         permission: params[:permission]
    59. 

  59.       }
    60. 

  60.     )
    61. 

  61.     render json: {
    62. 

  62.       name: token.name,
    63. 

  63.     }, status: :ok
    64. 

  64.   end
    65. 

  65. 

  66.   def destroy
    67. 

  67.     token = Token.find_by(action: 'api', user_id: current_user.id, id: params[:id])
    68. 

  68.     raise Exceptions::UnprocessableEntity, 'Unable to find api token!' if !token
    69. 

  69.     token.destroy
    70. 

  70.     render json: {}, status: :ok
    71. 

  71.   end
    72. 

  72. 

  73. end
    74.