Controllers

From Ocean Framework Documentation Wiki
Jump to: navigation, search

Controller variables

The following instance variables are always available in an Ocean controller:

@auth_api_user_id

The internal ID (a UUID) of the ApiUser to which the X-API-Token belongs, for which the authorisation was made, and for which the present action was authorised. This can be used to BAN expired resources in controller code. NB: it should never be used for any other purpose.

@auth_api_user_uri

The full URI of the ApiUser to which the X-API-Token belongs, and for which the authorisation was made. This can be used to restrict and/or validate access in controller code.

@group_names

An array of strings naming the Groups to which this ApiUser belongs. Can be used to conditionalise access in controller code. Cf the helper methods member_of_group? and superuser?.

@right_restrictions

For the internal use of the app and context system.

@x_api_token

This is the X-API-Token header value used to authorise the present controller action. It can be used, for instance, to invalidate all authentications for a particular ApiUser in cases where your backend code has changed the user's privileges extensively.

@x_metadata

Cf. this section for more information.