12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 |
- # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
- class UserAccessTokenController < ApplicationController
- prepend_before_action { authentication_check(permission: 'user_preferences.access_token') }
- def index
- tokens = Token.where(action: 'api', persistent: true, user_id: current_user.id).order('updated_at DESC, label ASC')
- token_list = []
- tokens.each do |token|
- attributes = token.attributes
- attributes.delete('persistent')
- attributes.delete('name')
- token_list.push attributes
- end
- local_permissions = current_user.permissions
- local_permissions_new = {}
- local_permissions.each_key do |key|
- keys = Object.const_get('Permission').with_parents(key)
- keys.each do |local_key|
- next if local_permissions_new.key?([local_key])
- if local_permissions[local_key] == true
- local_permissions_new[local_key] = true
- next
- end
- local_permissions_new[local_key] = false
- end
- end
- permissions = []
- Permission.all.where(active: true).order(:name).each do |permission|
- next if !local_permissions_new.key?(permission.name) && !current_user.permissions?(permission.name)
- permission_attributes = permission.attributes
- if local_permissions_new[permission.name] == false
- permission_attributes['preferences']['disabled'] = true
- end
- permissions.push permission_attributes
- end
- render json: {
- tokens: token_list,
- permissions: permissions,
- }, status: :ok
- end
- def create
- if Setting.get('api_token_access') == false
- raise Exceptions::UnprocessableEntity, 'API token access disabled!'
- end
- if params[:label].blank?
- raise Exceptions::UnprocessableEntity, 'Need label!'
- end
- token = Token.create!(
- action: 'api',
- label: params[:label],
- persistent: true,
- user_id: current_user.id,
- expires_at: params[:expires_at],
- preferences: {
- permission: params[:permission]
- }
- )
- render json: {
- name: token.name,
- }, status: :ok
- end
- def destroy
- token = Token.find_by(action: 'api', user_id: current_user.id, id: params[:id])
- raise Exceptions::UnprocessableEntity, 'Unable to find api token!' if !token
- token.destroy!
- render json: {}, status: :ok
- end
- end
|