app/controllers/scrivito/webservice_controller.rb in scrivito_sdk-1.6.1 vs app/controllers/scrivito/webservice_controller.rb in scrivito_sdk-1.7.0.rc1

- old
+ new

@@ -7,13 +7,13 @@ @error = error @timestamp = Time.zone.now render 'scrivito/webservice/error', formats: :json, status: error.http_code end - before_filter :verify_authenticity_token_for_every_request - before_filter :merge_correctly_parsed_json_params - before_filter :authorize + before_action :verify_authenticity_token_for_every_request + before_action :merge_correctly_parsed_json_params if Scrivito::LegacySwitch.rails4? + before_action :authorize private # similar to Rails' verify_authenticity_token, but also protects GET and HEAD def verify_authenticity_token_for_every_request @@ -63,14 +63,10 @@ def authorize_workspace_access(verb, workspace) can_user_access_workspace?(verb, workspace) ? yield : render_forbidden end def render_forbidden - render text: 'Forbidden', status: 403 - end - - def render_empty_json - render 'scrivito/webservice/empty', formats: :json + render plain: 'Forbidden', status: 403 end def can_user_read_workspace?(workspace) can_user_access_workspace?(:read, workspace) end