23 lines
607 B
Ruby
23 lines
607 B
Ruby
class RequestToken < OauthToken
|
|
def authorize!(user)
|
|
return false if authorized?
|
|
self.user = user
|
|
self.authorized_at = Time.now
|
|
self.save
|
|
end
|
|
|
|
def exchange!
|
|
return false unless authorized?
|
|
RequestToken.transaction do
|
|
params = { :user => user, :client_application => client_application }
|
|
# copy the permissions from the authorised request token to the access token
|
|
client_application.permissions.each { |p|
|
|
params[p] = read_attribute(p)
|
|
}
|
|
|
|
access_token = AccessToken.create(params)
|
|
invalidate!
|
|
access_token
|
|
end
|
|
end
|
|
end
|