]> git.openstreetmap.org Git - rails.git/blob - app/controllers/oauth2_applications_controller.rb
Prevent API tokens without write_notes creating attributed comments
[rails.git] / app / controllers / oauth2_applications_controller.rb
1 class Oauth2ApplicationsController < Doorkeeper::ApplicationsController
2   layout "site"
3
4   prepend_before_action :authorize_web
5   before_action :set_locale
6   before_action :set_application, :only => [:show, :edit, :update, :destroy]
7
8   authorize_resource :class => false
9
10   def index
11     @applications = current_resource_owner.oauth2_applications.ordered_by(:created_at)
12   end
13
14   private
15
16   def set_application
17     @application = current_resource_owner&.oauth2_applications&.find(params[:id])
18   rescue ActiveRecord::RecordNotFound
19     render :action => "not_found", :status => :not_found
20   end
21
22   def application_params
23     params[:oauth2_application][:scopes]&.delete("")
24     params.require(:oauth2_application)
25           .permit(:name, :redirect_uri, :confidential, :scopes => [])
26           .merge(:owner => current_resource_owner)
27   end
28 end