Modify save action, so that updates can be triggered with API call (csrf validation is being skipped when redmine api key is present)

Add option to lookup folder by title with API call, if folder is found then information about that is appended into output.

app/controllers/dmsf_controller.rb

@@ -31,6 +31,8 @@ class DmsfController < ApplicationController
 
   accept_api_auth :show, :create, :save
 
+  skip_before_action :verify_authenticity_token,  if: -> { request.headers["HTTP_X_REDMINE_API_KEY"].present? }
+
   helper :all
 
   def expand_folder
@@ -44,6 +46,8 @@ class DmsfController < ApplicationController
   end
 
   def show
+    # also try to lookup folder by title if this is API call
+    find_folder_by_title if [:xml, :json].include? request.format.to_sym
     get_display_params
     if @folder && @folder.deleted?
       render_404
@@ -550,6 +554,15 @@ class DmsfController < ApplicationController
     render_404
   end
 
+  def find_folder_by_title
+    # find by title has to be scoped to project
+    @folder = DmsfFolder.find_by(title: params[:folder_title], project_id: params[:id]) if params[:folder_title].present?
+  rescue DmsfAccessError
+    render_403
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
   def find_parent
     @parent = DmsfFolder.visible.find params[:parent_id] if params[:parent_id].present?
   rescue DmsfAccessError

app/views/dmsf/show.api.rsb

@@ -29,4 +29,12 @@ api.dmsf do
       end
     end
   end
+
+  if @folder
+    api.found_folder do
+      api.id @folder.id
+      api.title @folder.title
+    end
+  end
+
 end