module RailsConnector class ObjsController < ActionController::Base before_filter :restrict_non_allow_access respond_to :json def update raise "Required parameter 'obj' is missing." unless params[:obj].present? raise "Parameter 'obj' is not a hash." unless params[:obj].is_a?(Hash) begin changed_obj = CmsRestApi.put( "revisions/#{Workspace.current.revision_id}/objs/#{params[:id]}", { :obj => params[:obj] } ) render :json => changed_obj rescue ClientError => e render :json => {:error => e.message}, :status => e.http_code end end private def restrict_non_allow_access unless allow_access? render(:text => 'Forbidden', :status => 403) end end # If +true+, allow access to ObjsController, else deny access. # See {RailsConnector::Configuration.editing_auth} for details. # @return [Bool] def allow_access? Configuration.editing_auth_callback.call(request.env) end end end