constrains to allow user authenticated or access with token

Signed-off-by: Hiroshi Miura <miurahr@linux.com>
kandanapp · Apr 29, 2015 · e42d51a · e42d51a
1 parent 849c54f
commit e42d51a
Showing 1 changed file with 23 additions and 8 deletions.
diff --git a/config/routes.rb b/config/routes.rb
@@ -1,28 +1,43 @@
+def authenticated_or_have_token (scope=nil, block=nil)
+  constraint = lambda do |request|
+    (request.env["warden"].authenticate?(:scope => scope) ||
+     request.query_parameters['auth_token'].present?) &&
+         (block.nil? || block.call(request.env["warden"].user(scope)))
+  end
+
+  constraints(constraint) do
+    yield
+  end
+end
+
 Kandan::Application.routes.draw do
 
   devise_for :users, :controllers => {
     :sessions => "sessions"
   }
   devise_scope :user do
 
-    # these are allow to access with auth_token
-    get "/active_users" => "apis#active_users"
-    get "/me" => "apis#me"
-
     resources :channels do
       resources :activities
-      resources :attachments
+    end
+
+    authenticated_or_have_token :user do
+      get "/active_users" => "apis#active_users"
+      get "/me" => "apis#me"
+
+      resources :users, :only => [:index, :show]
     end
 
     authenticated :user do
       root :to => "main#index"
 
       get '/search' => "main#search"
-
-      resources :users, :only => [:index, :show]
-
       get "/users/edit" =>"main#users_edit"
 
+      resource :channels do
+        resource :attachments
+      end
+
       namespace :admin do
         root :to => "admin#index"
         post "/update", :to => "admin#update", :as => "update"