Class: Admin::ApiController

Inherits:
AdminController
  • Object
show all
Defined in:
app/controllers/admin/api_controller.rb

Constant Summary collapse

INDEX_LIMIT =

Note: in the REST API, ApiKeys are referred to simply as “key” If we used “api_key”, then our user provider would try to use the value for authentication

50

Instance Method Summary collapse

Instance Method Details

#createObject



72
73
74
75
76
77
78
79
80
81
82
83
84
85
# File 'app/controllers/admin/api_controller.rb', line 72

def create
  api_key = ApiKey.new(update_params)
  ApiKey.transaction do
    api_key.created_by = current_user
    api_key.api_key_scopes = build_scopes
    if username = params.require(:key).permit(:username)[:username].presence
      api_key.user = User.find_by_username(username)
      raise Discourse::NotFound unless api_key.user
    end
    api_key.save!
    log_api_key(api_key, UserHistory.actions[:api_key_create], changes: api_key.saved_changes)
  end
  render_serialized(api_key, ApiKeySerializer, root: "key")
end

#destroyObject



63
64
65
66
67
68
69
70
# File 'app/controllers/admin/api_controller.rb', line 63

def destroy
  api_key = ApiKey.find_by!(id: params[:id])
  ApiKey.transaction do
    api_key.destroy
    log_api_key(api_key, UserHistory.actions[:api_key_destroy])
  end
  render json: success_json
end

#indexObject



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# File 'app/controllers/admin/api_controller.rb', line 9

def index
  offset = (params[:offset] || 0).to_i
  limit = fetch_limit_from_params(default: INDEX_LIMIT, max: INDEX_LIMIT)

  keys =
    ApiKey
      .where(hidden: false)
      .includes(:user)
      .order("revoked_at DESC NULLS FIRST, created_at DESC")
      .offset(offset)
      .limit(limit)

  render_json_dump(
    keys: serialize_data(keys, BasicApiKeySerializer),
    offset: offset,
    limit: limit,
  )
end

#revoke_keyObject



98
99
100
101
102
103
104
105
106
107
# File 'app/controllers/admin/api_controller.rb', line 98

def revoke_key
  api_key = ApiKey.find_by(id: params[:id])
  raise Discourse::NotFound if api_key.blank?

  ApiKey.transaction do
    api_key.update(revoked_at: Time.zone.now)
    log_api_key_revoke(api_key)
  end
  render_serialized(api_key, ApiKeySerializer)
end

#scopesObject



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# File 'app/controllers/admin/api_controller.rb', line 33

def scopes
  scopes =
    ApiKeyScope
      .scope_mappings
      .reduce({}) do |memo, (resource, actions)|
        memo.tap do |m|
          m[resource] = actions.map do |k, v|
            {
              scope_id: "#{resource}:#{k}",
              key: k,
              name: k.to_s.gsub("_", " "),
              params: v[:params],
              urls: v[:urls],
            }
          end
        end
      end

  render json: { scopes: scopes }
end

#showObject



28
29
30
31
# File 'app/controllers/admin/api_controller.rb', line 28

def show
  api_key = ApiKey.includes(:api_key_scopes).find_by!(id: params[:id])
  render_serialized(api_key, ApiKeySerializer, root: "key")
end

#undo_revoke_keyObject



87
88
89
90
91
92
93
94
95
96
# File 'app/controllers/admin/api_controller.rb', line 87

def undo_revoke_key
  api_key = ApiKey.find_by(id: params[:id])
  raise Discourse::NotFound if api_key.blank?

  ApiKey.transaction do
    api_key.update(revoked_at: nil)
    log_api_key_restore(api_key)
  end
  render_serialized(api_key, ApiKeySerializer)
end

#updateObject



54
55
56
57
58
59
60
61
# File 'app/controllers/admin/api_controller.rb', line 54

def update
  api_key = ApiKey.find_by!(id: params[:id])
  ApiKey.transaction do
    api_key.update!(update_params)
    log_api_key(api_key, UserHistory.actions[:api_key_update], changes: api_key.saved_changes)
  end
  render_serialized(api_key, ApiKeySerializer, root: "key")
end