46 lines
1 KiB
Ruby
46 lines
1 KiB
Ruby
class APITokensController < ApplicationController
|
|
before_action :authenticate_administrateur!
|
|
before_action :set_api_token, only: [:update, :destroy]
|
|
|
|
def create
|
|
@api_token, @packed_token = APIToken.generate(current_administrateur)
|
|
|
|
render :index
|
|
end
|
|
|
|
def update
|
|
if become_full_access?
|
|
@api_token.become_full_access!
|
|
elsif disallow_procedure_id.present?
|
|
@api_token.untarget_procedure(disallow_procedure_id.to_i)
|
|
else
|
|
@api_token.update!(api_token_params)
|
|
end
|
|
|
|
render :index
|
|
end
|
|
|
|
def destroy
|
|
@api_token.destroy
|
|
|
|
render :index
|
|
end
|
|
|
|
private
|
|
|
|
def set_api_token
|
|
@api_token = current_administrateur.api_tokens.find(params[:id])
|
|
end
|
|
|
|
def become_full_access?
|
|
api_token_params[:become_full_access].present?
|
|
end
|
|
|
|
def disallow_procedure_id
|
|
api_token_params[:disallow_procedure_id]
|
|
end
|
|
|
|
def api_token_params
|
|
params.require(:api_token).permit(:name, :write_access, :become_full_access, :disallow_procedure_id, allowed_procedure_ids: [])
|
|
end
|
|
end
|