83425edd8d
Fixes #4861 Since the around_action is defined before authorize_resource is called, the handler needs to pass on the CanCan::AccessDenied exception. I've added the timeouts where I think they were missing (e.g. UserPreferencesController) but I've kept the exception for changeset#upload and traces#create
25 lines
840 B
Ruby
25 lines
840 B
Ruby
module Api
|
|
class PermissionsController < ApiController
|
|
authorize_resource :class => false
|
|
|
|
before_action :setup_user_auth
|
|
before_action :set_request_formats
|
|
|
|
# External apps that use the api are able to query which permissions
|
|
# they have. This currently returns a list of permissions granted to the current user:
|
|
# * if authenticated via OAuth, this list will contain all permissions granted by the user to the access_token.
|
|
# * unauthenticated users have no permissions, so the list will be empty.
|
|
def show
|
|
@permissions = if doorkeeper_token.present?
|
|
doorkeeper_token.scopes.map { |s| :"allow_#{s}" }
|
|
else
|
|
[]
|
|
end
|
|
|
|
respond_to do |format|
|
|
format.xml
|
|
format.json
|
|
end
|
|
end
|
|
end
|
|
end
|