ERROR_ACTIONS = [:render_error, :render_not_found]
around_filter :thread_clear
- before_filter :permit_anonymous_browsing_for_public_data
around_filter :set_thread_api_token
# Methods that don't require login should
# skip_around_filter :require_thread_api_token
def setup_user_session
return false unless params[:api_token]
Thread.current[:arvados_api_token] = params[:api_token]
- Thread.current[:arvados_anonymous_api_token] = nil
begin
user = User.current
rescue ArvadosApiClient::NotLoggedInException
end
end
- def permit_anonymous_browsing_for_public_data
- if !Thread.current[:arvados_api_token] && !params[:api_token] && !session[:arvados_api_token]
- Thread.current[:arvados_anonymous_api_token] = Rails.configuration.anonymous_user_token
- end
- end
-
# Save the session API token in thread-local storage, and yield.
# This method also takes care of session setup if the request
# provides a valid api_token parameter.
# Use anonymous token if available when it is a GET request
if ((query["_method"] == "GET") or (query[:_method] == "GET")) && !Thread.current[:user]
- if Thread.current[:arvados_anonymous_api_token]
- query["api_token"] = Thread.current[:arvados_anonymous_api_token]
+ if Rails.configuration.respond_to? :anonymous_user_token
+ query["api_token"] = Rails.configuration.anonymous_user_token
end
end