end
def current
- @object = Thread.current[:api_client_authorization]
+ @object = Thread.current[:api_client_authorization].dup
+ if params[:remote]
+ # Client is validating a salted token. Don't return the unsalted
+ # secret!
+ @object.api_token = nil
+ end
show
end
super
end
- def find_object_by_uuid
+ def find_object_by_uuid(with_lock: false)
uuid_param = params[:uuid] || params[:id]
if (uuid_param != current_api_client_authorization.andand.uuid &&
!Thread.current[:api_client].andand.is_trusted)
@where = {}
@filters = [['uuid', '=', uuid_param]]
find_objects_for_index
- @object = @objects.first
+ query = @objects
+ if with_lock && Rails.configuration.API.LockBeforeUpdate
+ query = query.lock
+ end
+ @object = query.first
end
def current_api_client_is_trusted