Add some changes according to PR review

author: cedricnjanga 2017-12-05 23:37:17 +0100
committer: cedricnjanga 2017-12-05 23:37:17 +0100
commit: 00fa87ab96185bbcdc1ce2f1d19230e5a1dcc77f (patch)
tree: 1be8a7bb6de44baa6e19bdaaf8d51c05e170e73d /app/controllers/api/v1
parent: 9f1aa4d40d7d968963dae5799e15ad5da4cbcbc5 (diff)
download: chouette-core-00fa87ab96185bbcdc1ce2f1d19230e5a1dcc77f.tar.bz2
2 files changed, 26 insertions, 4 deletions
diff --git a/app/controllers/api/v1/internals/application_controller.rb b/app/controllers/api/v1/internals/application_controller.rb
index 77b74f5f6..ab9daf4f7 100644
--- a/app/controllers/api/v1/internals/application_controller.rb
+++ b/app/controllers/api/v1/internals/application_controller.rb
@@ -4,11 +4,24 @@ module Api
       class ApplicationController < ActionController::Base
         respond_to :json
         layout false
-        before_action :authenticate
+        before_action :require_token
+
+        def require_token
+          authenticate_token || render_unauthorized("Access denied")
+        end
+
+        protected
+
+        def render_unauthorized(message)
+          errors = { errors: [ { detail: message } ] }
+          render json: errors, status: :unauthorized
+        end
 
         private
-        def authenticate
-          authenticate_with_http_token { |token| Rails.application.secrets.api_token == token }
+        def authenticate_token
+          authenticate_with_http_token do |token|
+            return true if Rails.application.secrets.api_token == token
+          end
         end
       end
     end
diff --git a/app/controllers/api/v1/internals/compliance_check_sets_controller.rb b/app/controllers/api/v1/internals/compliance_check_sets_controller.rb
index db92c3fad..08965989a 100644
--- a/app/controllers/api/v1/internals/compliance_check_sets_controller.rb
+++ b/app/controllers/api/v1/internals/compliance_check_sets_controller.rb
@@ -19,7 +19,9 @@ module Api
 
         def notify_parent
           find_compliance_check_set
-          if  @compliance_check_set.notify_parent && @compliance_check_set.parent
+          check_parent
+          
+          if  @compliance_check_set.notify_parent
             render json: {
               status: "ok",
               message:"#{@compliance_check_set.parent_type} (id: #{@compliance_check_set.parent_id}) successfully notified at #{l(@compliance_check_set.notified_parent_at)}"
@@ -31,6 +33,13 @@ module Api
 
         private
 
+        def check_parent
+          unless @compliance_check_set.parent
+            render json: {status: "error", message: I18n.t('compliance_check_sets.errors.no_parent') }
+            finish_action!
+          end
+        end
+
         def find_compliance_check_set
           @compliance_check_set = ComplianceCheckSet.find(params[:id])
         rescue ActiveRecord::RecordNotFound
author	cedricnjanga	2017-12-05 23:37:17 +0100
committer	cedricnjanga	2017-12-05 23:37:17 +0100
commit	00fa87ab96185bbcdc1ce2f1d19230e5a1dcc77f (patch)
tree	1be8a7bb6de44baa6e19bdaaf8d51c05e170e73d /app/controllers/api/v1
parent	9f1aa4d40d7d968963dae5799e15ad5da4cbcbc5 (diff)
download	chouette-core-00fa87ab96185bbcdc1ce2f1d19230e5a1dcc77f.tar.bz2