projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
rename pipeline to pipeline template. refs #1416
[arvados.git]
/
app
/
controllers
/
application_controller.rb
diff --git
a/app/controllers/application_controller.rb
b/app/controllers/application_controller.rb
index 49dbc241ad5d72fd15d9c015b4887eff39ecd16d..6535888996304af716e9b12c1ab26b056960b0ff 100644
(file)
--- a/
app/controllers/application_controller.rb
+++ b/
app/controllers/application_controller.rb
@@
-1,7
+1,7
@@
class ApplicationController < ActionController::Base
protect_from_forgery
class ApplicationController < ActionController::Base
protect_from_forgery
- before_filter :find_object_by_uuid, :except => [:index, :render_exception, :render_not_found]
around_filter :thread_with_api_token, :except => [:render_exception, :render_not_found]
around_filter :thread_with_api_token, :except => [:render_exception, :render_not_found]
+ before_filter :find_object_by_uuid, :except => [:index, :render_exception, :render_not_found]
unless Rails.application.config.consider_all_requests_local
rescue_from Exception,
unless Rails.application.config.consider_all_requests_local
rescue_from Exception,
@@
-56,10
+56,20
@@
class ApplicationController < ActionController::Base
def show
if !@object
def show
if !@object
- render_not_found("object not found")
+ re
turn re
nder_not_found("object not found")
end
respond_to do |f|
f.json { render json: @object }
end
respond_to do |f|
f.json { render json: @object }
+ f.html { render }
+ end
+ end
+
+ def current_user
+ if Thread.current[:orvos_api_token]
+ @current_user ||= User.current
+ else
+ logger.error "No API token in Thread"
+ return nil
end
end
end
end
@@
-73,7
+83,7
@@
class ApplicationController < ActionController::Base
if params[:id] and params[:id].match /\D/
params[:uuid] = params.delete :id
end
if params[:id] and params[:id].match /\D/
params[:uuid] = params.delete :id
end
- @object = model_class.where(
'uuid=?',
params[:uuid]).first
+ @object = model_class.where(
uuid:
params[:uuid]).first
end
def thread_with_api_token
end
def thread_with_api_token
@@
-136,4
+146,11
@@
class ApplicationController < ActionController::Base
false
end
end
false
end
end
+
+ def ensure_current_user_is_admin
+ unless current_user and current_user.is_admin
+ @errors = ['Permission denied']
+ self.render_error status: 401
+ end
+ end
end
end