Class: Admin::ApiController
- Inherits:
-
AdminController
- Object
- AdminController
- Admin::ApiController
- Defined in:
- app/controllers/admin/api_controller.rb
Constant Summary collapse
- INDEX_LIMIT =
Note: in the REST API, ApiKeys are referred to simply as “key” If we used “api_key”, then our user provider would try to use the value for authentication
50
Instance Method Summary collapse
- #create ⇒ Object
- #destroy ⇒ Object
- #index ⇒ Object
- #revoke_key ⇒ Object
- #scopes ⇒ Object
- #show ⇒ Object
- #undo_revoke_key ⇒ Object
- #update ⇒ Object
Instance Method Details
#create ⇒ Object
69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
# File 'app/controllers/admin/api_controller.rb', line 69 def create api_key = ApiKey.new(update_params) ApiKey.transaction do api_key.created_by = current_user api_key.api_key_scopes = build_scopes if username = params.require(:key).permit(:username)[:username].presence api_key.user = User.find_by_username(username) raise Discourse::NotFound unless api_key.user end api_key.save! log_api_key(api_key, UserHistory.actions[:api_key_create], changes: api_key.saved_changes) end render_serialized(api_key, ApiKeySerializer, root: "key") end |
#destroy ⇒ Object
60 61 62 63 64 65 66 67 |
# File 'app/controllers/admin/api_controller.rb', line 60 def destroy api_key = ApiKey.find_by!(id: params[:id]) ApiKey.transaction do api_key.destroy log_api_key(api_key, UserHistory.actions[:api_key_destroy]) end render json: success_json end |
#index ⇒ Object
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# File 'app/controllers/admin/api_controller.rb', line 9 def index offset = (params[:offset] || 0).to_i limit = fetch_limit_from_params(default: INDEX_LIMIT, max: INDEX_LIMIT) keys = ApiKey .where(hidden: false) .includes(:user, :api_key_scopes) # Sort revoked keys by revoked_at and active keys by created_at .order("revoked_at DESC NULLS FIRST, created_at DESC") .offset(offset) .limit(limit) render_json_dump(keys: serialize_data(keys, ApiKeySerializer), offset: offset, limit: limit) end |
#revoke_key ⇒ Object
95 96 97 98 99 100 101 102 103 104 |
# File 'app/controllers/admin/api_controller.rb', line 95 def revoke_key api_key = ApiKey.find_by(id: params[:id]) raise Discourse::NotFound if api_key.blank? ApiKey.transaction do api_key.update(revoked_at: Time.zone.now) log_api_key_revoke(api_key) end render_serialized(api_key, ApiKeySerializer) end |
#scopes ⇒ Object
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'app/controllers/admin/api_controller.rb', line 30 def scopes scopes = ApiKeyScope .scope_mappings .reduce({}) do |memo, (resource, actions)| memo.tap do |m| m[resource] = actions.map do |k, v| { scope_id: "#{resource}:#{k}", key: k, name: k.to_s.gsub("_", " "), params: v[:params], urls: v[:urls], } end end end render json: { scopes: scopes } end |
#show ⇒ Object
25 26 27 28 |
# File 'app/controllers/admin/api_controller.rb', line 25 def show api_key = ApiKey.includes(:api_key_scopes).find_by!(id: params[:id]) render_serialized(api_key, ApiKeySerializer, root: "key") end |
#undo_revoke_key ⇒ Object
84 85 86 87 88 89 90 91 92 93 |
# File 'app/controllers/admin/api_controller.rb', line 84 def undo_revoke_key api_key = ApiKey.find_by(id: params[:id]) raise Discourse::NotFound if api_key.blank? ApiKey.transaction do api_key.update(revoked_at: nil) log_api_key_restore(api_key) end render_serialized(api_key, ApiKeySerializer) end |
#update ⇒ Object
51 52 53 54 55 56 57 58 |
# File 'app/controllers/admin/api_controller.rb', line 51 def update api_key = ApiKey.find_by!(id: params[:id]) ApiKey.transaction do api_key.update!(update_params) log_api_key(api_key, UserHistory.actions[:api_key_update], changes: api_key.saved_changes) end render_serialized(api_key, ApiKeySerializer, root: "key") end |