Sha256: 18b56b77dd61f64892f556d04a96eac76496f152a40900a7aed93ca132c49e6f
Contents?: true
Size: 1.04 KB
Versions: 1
Compression:
Stored size: 1.04 KB
Contents
module OauthService
class AccessController < OauthService.parent_controller.constantize
before_filter :check_access
def get_user
if (api_code = request.headers["HTTP_API_CODE"]) && api_code!=""
user = ::User.find_by(api_code: api_code)
end
user = user.nil? ? ::User.find_by(name: "guest") : user
end
def check_access
check_status = false
path = request.path
http_method = request.method.to_s
user = get_user
user_urls = ::Url.by_user user.id
check_status = user_urls.any? do |user_url|
path[Regexp.new(user_url.url_pattern)]==path &&
(user_url.http_method.nil? || http_method==user_url.http_method)
end
unless check_status
if request.headers["HTTP_API_CODE"] && user.name != "guest"
render :json => {:success => false, :error => "Not authorized"}, :status => 401
else
render :json => {:success => false, :error => "Permission denied"}, :status => 403
end
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| oauth_service-0.0.2 | app/controllers/oauth_service/access_controller.rb |