Use cancancan to authorize user_preference_controller
[rails.git] / app / controllers / oauth_controller.rb
1 require "oauth/controllers/provider_controller"
2
3 class OauthController < ApplicationController
4   include OAuth::Controllers::ProviderController
5
6   layout "site"
7
8   def login_required
9     authorize_web
10     set_locale
11     require_user
12   end
13
14   def user_authorizes_token?
15     any_auth = false
16
17     @token.client_application.permissions.each do |pref|
18       if params[pref]
19         @token.write_attribute(pref, true)
20         any_auth ||= true
21       else
22         @token.write_attribute(pref, false)
23       end
24     end
25
26     any_auth
27   end
28
29   def revoke
30     @token = current_user.oauth_tokens.find_by :token => params[:token]
31     if @token
32       @token.invalidate!
33       flash[:notice] = t(".flash", :application => @token.client_application.name)
34     end
35     redirect_to oauth_clients_url(:display_name => @token.user.display_name)
36   end
37
38   protected
39
40   def oauth1_authorize
41     override_content_security_policy_directives(:form_action => []) if CSP_ENFORCE || defined?(CSP_REPORT_URL)
42
43     if @token.invalidated?
44       @message = t "oauth.authorize_failure.invalid"
45       render :action => "authorize_failure"
46     elsif request.post?
47       if user_authorizes_token?
48         @token.authorize!(current_user)
49         callback_url = if @token.oauth10?
50                          params[:oauth_callback] || @token.client_application.callback_url
51                        else
52                          @token.oob? ? @token.client_application.callback_url : @token.callback_url
53                        end
54         @redirect_url = URI.parse(callback_url) if callback_url.present?
55
56         if @redirect_url.to_s.blank?
57           render :action => "authorize_success"
58         else
59           @redirect_url.query = if @redirect_url.query.blank?
60                                   "oauth_token=#{@token.token}"
61                                 else
62                                   @redirect_url.query +
63                                     "&oauth_token=#{@token.token}"
64                                 end
65
66           @redirect_url.query += "&oauth_verifier=#{@token.verifier}" unless @token.oauth10?
67
68           redirect_to @redirect_url.to_s
69         end
70       else
71         @token.invalidate!
72         @message = t("oauth.authorize_failure.denied", :app_name => @token.client_application.name)
73         render :action => "authorize_failure"
74       end
75     end
76   end
77 end