Modify save action, so that updates can be triggered with API call (csrf validation is being skipped when redmine api key is present)

Add option to lookup folder by title with API call, if folder is found then information about that is appended into output.
2016-12-08 14:57:51 +01:00 · 2016-12-08 14:57:51 +01:00 · f66ee8ea42
commit f66ee8ea42
parent d841e5e1ff
2 changed files with 21 additions and 0 deletions
--- a/app/controllers/dmsf_controller.rb
+++ b/app/controllers/dmsf_controller.rb
@ -31,6 +31,8 @@ class DmsfController < ApplicationController

  accept_api_auth :show, :create, :save

+  skip_before_action :verify_authenticity_token,  if: -> { request.headers["HTTP_X_REDMINE_API_KEY"].present? }
+
  helper :all

  def expand_folder
@ -44,6 +46,8 @@ class DmsfController < ApplicationController
  end

  def show
+    # also try to lookup folder by title if this is API call
+    find_folder_by_title if [:xml, :json].include? request.format.to_sym
    get_display_params
    if @folder && @folder.deleted?
      render_404
@ -550,6 +554,15 @@ class DmsfController < ApplicationController
    render_404
  end

+  def find_folder_by_title
+    # find by title has to be scoped to project
+    @folder = DmsfFolder.find_by(title: params[:folder_title], project_id: params[:id]) if params[:folder_title].present?
+  rescue DmsfAccessError
+    render_403
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
  def find_parent
    @parent = DmsfFolder.visible.find params[:parent_id] if params[:parent_id].present?
  rescue DmsfAccessError
--- a/app/views/dmsf/show.api.rsb
+++ b/app/views/dmsf/show.api.rsb
@ -29,4 +29,12 @@ api.dmsf do
      end
    end
  end
+
+  if @folder
+    api.found_folder do
+      api.id @folder.id
+      api.title @folder.title
+    end
+  end
+
 end