Created
June 16, 2011 19:42
-
-
Save mattrw89/1030067 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def oauth_required(options = {}) | |
| if scope = options.delete(:scope) | |
| before_filter options do |controller| | |
| if controller.oauth.authenticated? | |
| if !controller.oauth.scope.strip.split.include?(scope) | |
| controller.send :head, controller.oauth.no_scope!(scope) | |
| end | |
| else | |
| controller.send :head, controller.oauth.no_access! | |
| end | |
| end | |
| else | |
| before_filter :oauth_required, options | |
| end | |
| end | |
| end | |
| # Rejects the request and returns 401 (Unauthorized). You can just | |
| # return 401, but this also sets the WWW-Authenticate header the right | |
| # value. | |
| # | |
| # @return 401 | |
| def no_access! | |
| @response["oauth.no_access"] = "true" | |
| @response.status = 401 | |
| end | |
| # Rejects the request and returns 403 (Forbidden). You can just | |
| # return 403, but this also sets the WWW-Authenticate header the right | |
| # value. Indicates which scope the client needs to make this request. | |
| # | |
| # @param [String] scope The missing scope, e.g. "read" | |
| # @return 403 | |
| def no_scope!(scope) | |
| @response["oauth.no_scope"] = scope.to_s | |
| #render :json => "[hello!]" doesn't work | |
| @response.status = 403 | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment