Sha256: 8fde99eaf3dcd4ad7222e64cf599a9b3897b30a0ce5d59fee553985a18236ace
Contents?: true
Size: 1 KB
Versions: 1
Compression:
Stored size: 1 KB
Contents
module OauthService
class AccessController < OauthService.parent_controller.constantize
before_filter :check_access
def get_user_id
if (api_code = request.headers["HTTP_API_CODE"]) && api_code!=""
user = ::User.find_by(api_code: api_code)
else
user = ::User.find_by(name: "guest")
end
user.id
end
def check_access
check_status = false
path = request.path
http_method = request.method.to_s
user_urls = ::Url.by_user get_user_id
check_status = user_urls.any? do |user_url|
path[Regexp.new(user_url.url_pattern)]==path &&
(user_url.http_method.nil? || http_method==user_url.http_method)
end
unless check_status
if request.headers["HTTP_API_CODE"]
render :json => {:success => false, :error => "Not authorized"}, :status => 401
else
render :json => {:success => false, :error => "Permission denied"}, :status => 403
end
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| oauth_service-0.0.1 | app/controllers/oauth_service/access_controller.rb |