Home Explore Help
Register Sign In
maarten
/
aardbei
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Commits 243 Releases 0 Wiki
Browse Source

:except has precedence over :if

Maarten van den Berg 6 years ago
parent
6b0000f298
commit
a784502b38
1 changed files with 5 additions and 4 deletions
Split View Show Diff Stats
  1. 5 4
      app/controllers/api/groups_controller.rb

+ 5 - 4
app/controllers/api/groups_controller.rb
View File 

@@ -8,9 +8,10 @@ class Api::GroupsController < ApiController
8 8 
   has_no_group = [:index]
9 9
10 10 
   # Session-based authentication / authorization filters
11 
-  before_action :set_group,           except: has_no_group, unless: 'request.authorization'
12 
-  before_action :require_membership!, except: has_no_group, unless: 'request.authorization'
13 
-  before_action :api_require_admin!,  only: has_no_group,   unless: 'request.authorization'
11 
+  before_action :set_group,           except: has_no_group
12 
+  before_action :require_membership!, except: has_no_group
13 
+  before_action :api_require_admin!,  only:   has_no_group
14 
+  skip_before_action :set_group, :require_membership!, :api_require_authentication!, if: 'request.authorization'
14 15
15 16 
   # API key based filter (both authenticates and authorizes)
16 17 
   before_action :api_auth_token, if: 'request.authorization'
 
@@ -53,7 +54,7 @@ class Api::GroupsController < ApiController
53 54 
   # @group variable from the key's associated group.
54 55 
   def api_auth_token
55 56 
     words = request.authorization.split(' ')
56 
-    head :unauthorized unless words[0].casecmp('Group').zero?
57 
+    head :unauthorized unless words[0].casecmp('group').zero?
57 58
58 59 
     @group = Group.find_by api_token: words[1]
59 60 
     head :unauthorized unless @group