codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2025-03-14 00:50:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

allow api for restricted by global password sites

Browse source
This commit is contained in:
Sam 2013-06-17 16:09:59 +10:00
parent 30df1b1815
commit 7ca5ab3da3
1 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
app/controllers/application_controller.rb
View file

@ -242,8 +242,10 @@ class ApplicationController < ActionController::Base
def check_restricted_access
# note current_user is defined in the CurrentUser mixin
if SiteSetting.access_password.present? && cookies[:_access] != SiteSetting.access_password
redirect_to request_access_path(return_path: request.fullpath)
return false
unless api_key_valid?
redirect_to request_access_path(return_path: request.fullpath)
return false
end
end
end
@ -263,7 +265,7 @@ class ApplicationController < ActionController::Base
def check_xhr
unless (controller_name == 'forums' || controller_name == 'user_open_ids')
# bypass xhr check on PUT / POST / DELETE provided api key is there, otherwise calling api is annoying
return if !request.get? && request["api_key"] && SiteSetting.api_key_valid?(request["api_key"])
return if !request.get? && api_key_valid?
raise RenderEmpty.new unless ((request.format && request.format.json?) || request.xhr?)
end
end
@ -285,4 +287,10 @@ class ApplicationController < ActionController::Base
render status: status, layout: 'no_js', formats: [:html], template: '/exceptions/not_found'
end
protected
def api_key_valid?
request["api_key"] && SiteSetting.api_key_valid?(request["api_key"])
end
end