Sign upLogin

openSUSE/open-build-service

View on GitHub
Star
src/api/app/controllers/person/token_controller.rb

Summary

Maintainability
A
0 mins
Test Coverage
A
96%
require 'xmlhash'
module Person
  class TokenController < ApplicationController
    rescue_from ActiveRecord::RecordNotFound, with: :record_not_found

    before_action :set_user
    before_action :validate_operation, only: [:create]

    # GET /person/<login>/token
    def index
      authorize @user, :show?

      @list = @user.tokens
    end

    # POST /person/<login>/token
    def create
      authorize @user, :update?

      set_package

      @token = Token.token_type(params[:operation]).create(description: params[:description], executor: @user, package: @package, scm_token: params[:scm_token])
      return if @token.valid?

      render_error status: 400,
                   errorcode: 'invalid_token',
                   message: "Failed to create token: #{@token.errors.full_messages.to_sentence}."
    end

    # DELETE /person/<login>/token/<id>
    def delete
      authorize @user, :update?

      @user.tokens.find(params[:id]).destroy
      render_ok
    end

    private

    def record_not_found(exception)
      render_error status: 404, message: "Couldn't find Token with 'id'=#{exception.id}"
    end

    def set_user
      @user = User.find_by(login: params[:login]) || User.find_nobody!
    end

    def set_package
      @package = nil
      return unless params[:project] && params[:package]

      @package = Package.get_by_project_and_name(params[:project], params[:package])
    end

    def validate_operation
      operation_param = params[:operation]
      # TODO: align operation parameter allowed values
      # - webUI: https://github.com/openSUSE/open-build-service/blob/master/src/api/app/models/token.rb#L27
      # - API: https://github.com/openSUSE/open-build-service/blob/master/src/api/public/apidocs/paths/person_login_token.yaml#L89
      return if operation_param.nil? ||
                %w[runservice rebuild release workflow].include?(operation_param) # possible API parameter values

      render_error status: 400,
                   errorcode: 'invalid_token_type',
                   message: "'#{operation_param}' is not a valid operation type for a token."
    end
  end
end