From f66ee8ea429fc63ff0e09decd7df7e65d326db43 Mon Sep 17 00:00:00 2001 From: Honza Novak Date: Thu, 8 Dec 2016 14:57:51 +0100 Subject: [PATCH] Modify save action, so that updates can be triggered with API call (csrf validation is being skipped when redmine api key is present) Add option to lookup folder by title with API call, if folder is found then information about that is appended into output. --- app/controllers/dmsf_controller.rb | 13 +++++++++++++ app/views/dmsf/show.api.rsb | 8 ++++++++ 2 files changed, 21 insertions(+) diff --git a/app/controllers/dmsf_controller.rb b/app/controllers/dmsf_controller.rb index ce6ed50e..6833877a 100644 --- a/app/controllers/dmsf_controller.rb +++ b/app/controllers/dmsf_controller.rb @@ -31,6 +31,8 @@ class DmsfController < ApplicationController accept_api_auth :show, :create, :save + skip_before_action :verify_authenticity_token, if: -> { request.headers["HTTP_X_REDMINE_API_KEY"].present? } + helper :all def expand_folder @@ -44,6 +46,8 @@ class DmsfController < ApplicationController end def show + # also try to lookup folder by title if this is API call + find_folder_by_title if [:xml, :json].include? request.format.to_sym get_display_params if @folder && @folder.deleted? render_404 @@ -550,6 +554,15 @@ class DmsfController < ApplicationController render_404 end + def find_folder_by_title + # find by title has to be scoped to project + @folder = DmsfFolder.find_by(title: params[:folder_title], project_id: params[:id]) if params[:folder_title].present? + rescue DmsfAccessError + render_403 + rescue ActiveRecord::RecordNotFound + render_404 + end + def find_parent @parent = DmsfFolder.visible.find params[:parent_id] if params[:parent_id].present? rescue DmsfAccessError diff --git a/app/views/dmsf/show.api.rsb b/app/views/dmsf/show.api.rsb index 542a39f4..8d0ef0e0 100644 --- a/app/views/dmsf/show.api.rsb +++ b/app/views/dmsf/show.api.rsb @@ -29,4 +29,12 @@ api.dmsf do end end end + + if @folder + api.found_folder do + api.id @folder.id + api.title @folder.title + end + end + end \ No newline at end of file