Sha256: 9bf28d1842c0792ea1e1f50efe3f8df88dac4a7408a27a4dcabe6137393b066b
Contents?: true
Size: 1.04 KB
Versions: 1
Compression:
Stored size: 1.04 KB
Contents
module AssetHostCore
module Api
class BaseController < ApplicationController
layout false
before_filter :authenticate_api_user
respond_to :json
private
def set_access_control_headers
response.headers['Access-Control-Allow-Origin'] =
request.env['HTTP_ORIGIN'] || "*"
end
# For the authentication/authorization checks, if the API is being
# accessed by AssetHost, then we should give it full write permission.
# If we add write ability via the API to Outputs or anything else,
# we should reassess this decision.
def authenticate_api_user
return true if current_user
@api_user = ApiUser.authenticate(params[:auth_token])
if !@api_user
render_unauthorized and return false
end
end
def authorize(ability, resource)
return true if current_user
if !@api_user.may?(ability, resource)
render_forbidden and return false
else
return true
end
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| asset_host_core-2.0.0.beta | app/controllers/asset_host_core/api/base_controller.rb |