- # Utility methods to make the controller filter methods easier to read and write.
- def require_allow_read_prefs
- require_capability(:allow_read_prefs)
- end
- def require_allow_write_prefs
- require_capability(:allow_write_prefs)
- end
- def require_allow_write_diary
- require_capability(:allow_write_diary)
- end
- def require_allow_write_api
- require_capability(:allow_write_api)
-
- if REQUIRE_TERMS_AGREED and @user.terms_agreed.nil?
- report_error "You must accept the contributor terms before you can edit.", :forbidden
- return false
- end
- end
- def require_allow_read_gpx
- require_capability(:allow_read_gpx)
- end
- def require_allow_write_gpx
- require_capability(:allow_write_gpx)
- end
-
- ##
- # sets up the @user object for use by other methods. this is mostly called
- # from the authorize method, but can be called elsewhere if authorisation
- # is optional.
- def setup_user_auth
- # try and setup using OAuth
- if Authenticator.new(self, [:token]).allow?
- @user = current_token.user
- else
- username, passwd = get_auth_data # parse from headers
- # authenticate per-scheme
- if username.nil?
- @user = nil # no authentication provided - perhaps first connect (client should retry after 401)
- elsif username == 'token'
- @user = User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth