app/controllers/api/base_controller.rb in spree_api-0.30.2 vs app/controllers/api/base_controller.rb in spree_api-0.40.0
- old
+ new
@@ -1,41 +1,41 @@
class Api::BaseController < Spree::BaseController
def self.resource_controller_for_api
resource_controller
+ before_filter :check_http_authorization
skip_before_filter :verify_authenticity_token, :if => lambda { admin_token_passed_in_headers }
- index.response do |wants|
+ index do
wants.json { render :json => collection.to_json(collection_serialization_options) }
end
- show.response do |wants|
+ show do
wants.json { render :json => object.to_json(object_serialization_options) }
+ failure.wants.json { render :text => "Failure\n", :status => 500 }
end
create do
- wants.json { redirect_to object_url, :status => 201 }
- failure.wants.json { render :json => object_errors.to_json, :status => 422 }
+ wants.json { render :text => "Resource created\n", :status => 201, :location => object_url }
+ failure.wants.json { render :text => "Failure\n", :status => 500 }
end
update do
wants.json { render :nothing => true }
- failure.wants.json { render :json => object_errors.to_json, :status => 422 }
+ failure.wants.json { render :text => "Failure\n", :status => 500 }
end
define_method :admin_token_passed_in_headers do
- token = request.headers['X-SpreeAPIKey']
- return access_denied unless token
- @current_user = User.find_by_api_key(token)
+ request.headers['HTTP_AUTHORIZATION'].present?
end
define_method :end_of_association_chain do
parent? ? parent_association.scoped : model.scoped(:include => eager_load_associations)
end
define_method :collection do
- @collection ||= search.do_search.all(:limit => 100)
+ @collection ||= search.do_search.limit(100)
end
end
def access_denied
render :text => 'access_denied', :status => 401
@@ -90,7 +90,12 @@
end
def object_errors
{:errors => object.errors.full_messages}
end
+
+ private
+ def check_http_authorization
+ render :text => "Access Denied\n", :status => 401 unless request.headers['HTTP_AUTHORIZATION'].present?
+ end
end