首页 探索 帮助
注册 登录
maarten
/
aardbei
关注 1
点赞 0
派生 0
代码 工单管理 0 合并请求 0 提交历史 243 版本发布 0 Wiki
浏览代码

:except has precedence over :if

Maarten van den Berg 6 年之前
父节点
6b0000f298
当前提交
a784502b38
共有 1 个文件被更改,包括 5 次插入4 次删除
合并视图 显示文件统计
  1. 5 4
      app/controllers/api/groups_controller.rb

+ 5 - 4
app/controllers/api/groups_controller.rb
查看文件

8 
   has_no_group = [:index]
 8 
   has_no_group = [:index]
9
9
10 
   # Session-based authentication / authorization filters
 10 
   # Session-based authentication / authorization filters
11 
-  before_action :set_group,           except: has_no_group, unless: 'request.authorization'
12 
-  before_action :require_membership!, except: has_no_group, unless: 'request.authorization'
13 
-  before_action :api_require_admin!,  only: has_no_group,   unless: 'request.authorization'
11 
+  before_action :set_group,           except: has_no_group
12 
+  before_action :require_membership!, except: has_no_group
13 
+  before_action :api_require_admin!,  only:   has_no_group
14 
+  skip_before_action :set_group, :require_membership!, :api_require_authentication!, if: 'request.authorization'
14
15
15 
   # API key based filter (both authenticates and authorizes)
 16 
   # API key based filter (both authenticates and authorizes)
16 
   before_action :api_auth_token, if: 'request.authorization'
 17 
   before_action :api_auth_token, if: 'request.authorization'
53 
   # @group variable from the key's associated group.
 54 
   # @group variable from the key's associated group.
54 
   def api_auth_token
 55 
   def api_auth_token
55 
     words = request.authorization.split(' ')
 56 
     words = request.authorization.split(' ')
56 
-    head :unauthorized unless words[0].casecmp('Group').zero?
57 
+    head :unauthorized unless words[0].casecmp('group').zero?
57
58
58 
     @group = Group.find_by api_token: words[1]
 59 
     @group = Group.find_by api_token: words[1]
59 
     head :unauthorized unless @group
 60 
     head :unauthorized unless @group