rename pipeline to pipeline template. refs #1416

[arvados.git] / app / controllers / application_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 49dbc241ad5d72fd15d9c015b4887eff39ecd16d..6535888996304af716e9b12c1ab26b056960b0ff 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,7 +1,7 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
-  before_filter :find_object_by_uuid, :except => [:index, :render_exception, :render_not_found]
   around_filter :thread_with_api_token, :except => [:render_exception, :render_not_found]
+  before_filter :find_object_by_uuid, :except => [:index, :render_exception, :render_not_found]
 
   unless Rails.application.config.consider_all_requests_local
     rescue_from Exception,
@@ -56,10 +56,20 @@ class ApplicationController < ActionController::Base
 
   def show
     if !@object
-      render_not_found("object not found")
+      return render_not_found("object not found")
     end
     respond_to do |f|
       f.json { render json: @object }
+      f.html { render }
+    end
+  end
+
+  def current_user
+    if Thread.current[:orvos_api_token]
+      @current_user ||= User.current
+    else
+      logger.error "No API token in Thread"
+      return nil
     end
   end
 
@@ -73,7 +83,7 @@ class ApplicationController < ActionController::Base
     if params[:id] and params[:id].match /\D/
       params[:uuid] = params.delete :id
     end
-    @object = model_class.where('uuid=?', params[:uuid]).first
+    @object = model_class.where(uuid: params[:uuid]).first
   end
 
   def thread_with_api_token
@@ -136,4 +146,11 @@ class ApplicationController < ActionController::Base
       false
     end
   end
+
+  def ensure_current_user_is_admin
+    unless current_user and current_user.is_admin
+      @errors = ['Permission denied']
+      self.render_error status: 401
+    end
+  end
 end