IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

allow api for restricted by global password sites

Browse Source
This commit is contained in:
Sam 2013-06-17 16:09:59 +10:00
parent 30df1b1815
commit 7ca5ab3da3
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/controllers/application_controller.rb
View File

@ -242,10 +242,12 @@ class ApplicationController < ActionController::Base
def check_restricted_access def check_restricted_access
# note current_user is defined in the CurrentUser mixin # note current_user is defined in the CurrentUser mixin
if SiteSetting.access_password.present? && cookies[:_access] != SiteSetting.access_password if SiteSetting.access_password.present? && cookies[:_access] != SiteSetting.access_password
unless api_key_valid?
redirect_to request_access_path(return_path: request.fullpath) redirect_to request_access_path(return_path: request.fullpath)
return false return false
end end
end end
end
def mini_profiler_enabled? def mini_profiler_enabled?
defined?(Rack::MiniProfiler) && current_user.try(:admin?) defined?(Rack::MiniProfiler) && current_user.try(:admin?)
@ -263,7 +265,7 @@ class ApplicationController < ActionController::Base
def check_xhr def check_xhr
unless (controller_name == 'forums' || controller_name == 'user_open_ids') unless (controller_name == 'forums' || controller_name == 'user_open_ids')
# bypass xhr check on PUT / POST / DELETE provided api key is there, otherwise calling api is annoying # bypass xhr check on PUT / POST / DELETE provided api key is there, otherwise calling api is annoying
return if !request.get? && request["api_key"] && SiteSetting.api_key_valid?(request["api_key"]) return if !request.get? && api_key_valid?
raise RenderEmpty.new unless ((request.format && request.format.json?) || request.xhr?) raise RenderEmpty.new unless ((request.format && request.format.json?) || request.xhr?)
end end
end end
@ -285,4 +287,10 @@ class ApplicationController < ActionController::Base
render status: status, layout: 'no_js', formats: [:html], template: '/exceptions/not_found' render status: status, layout: 'no_js', formats: [:html], template: '/exceptions/not_found'
end end
protected
def api_key_valid?
request["api_key"] && SiteSetting.api_key_valid?(request["api_key"])
end
end end