30 lines
590 B
Ruby
30 lines
590 B
Ruby
|
class API::RestfulController < ActionController::Base
|
||
|
snorlax_used_rest!
|
||
|
|
||
|
def show
|
||
|
load_resource
|
||
|
raise AccessDenied.new unless resource.authorize_to_show(current_user)
|
||
|
respond_with_resource
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
def current_user
|
||
|
super || token_user || LoggedOutUser.new
|
||
|
end
|
||
|
|
||
|
def token_user
|
||
|
authenticate_with_http_token do |token, options|
|
||
|
access_token = Token.find_by_token(token)
|
||
|
if access_token
|
||
|
@token_user ||= access_token.user
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
|
||
|
def permitted_params
|
||
|
@permitted_params ||= PermittedParams.new(params)
|
||
|
end
|
||
|
|
||
|
end
|