62c6e12fa5
Fixes #17898 Since #17204, the admin API has only been available through the web application because of the unconditional requirement to provide a valid CSRF token. This commit changes it back to `null_session`, which should make it work both with session-based authentication (provided a CSRF token) and with a bearer token.
22 lines
492 B
Ruby
22 lines
492 B
Ruby
# frozen_string_literal: true
|
|
|
|
class Api::V1::Admin::MeasuresController < Api::BaseController
|
|
before_action -> { authorize_if_got_token! :'admin:read' }
|
|
before_action :require_staff!
|
|
before_action :set_measures
|
|
|
|
def create
|
|
render json: @measures, each_serializer: REST::Admin::MeasureSerializer
|
|
end
|
|
|
|
private
|
|
|
|
def set_measures
|
|
@measures = Admin::Metrics::Measure.retrieve(
|
|
params[:keys],
|
|
params[:start_at],
|
|
params[:end_at],
|
|
params
|
|
)
|
|
end
|
|
end
|