timothyf
current_user override for API requests
There are a number of actions that seems to use the "current_user" session as the user who is executing the action. This is fine for EngineY web interface, but for the API it can cause some issues with some actions.
An example is Group.create. The code in this controller checks the current_user session to find the id to use for the owner. In the case of the API, this will always be the "admin". We would like to have other users own the groups rather htan the admin, so would want to override "current_user" with a given ID.
A possible solution for this would be to have an optional current_user_id. EngineY could check for this on all requests. If it was there it would do the lookup and override the current_user with this one.
An advantage of a solution like this is that it could be global for the whole system. Any alternative would probably require a special case for most of the actions.
Thoughts?
