2 files changed, 25 insertions, 3 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index bf05db034..f031ac292 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -314,6 +314,19 @@ class ApplicationController < ActionController::Base
       format.json { head @status }
     end
   end
+  
+  # Filter for actions that provide an API response
+  # but have no HTML representation for non admin users
+  def require_admin_or_api_request
+    return true if api_request?
+    if User.current.admin?
+      true
+    elsif User.current.logged?
+      render_error(:status => 406)
+    else
+      deny_access
+    end
+  end
 
   # Picks which layout to use based on the request
   #
diff --git a/app/controllers/trackers_controller.rb b/app/controllers/trackers_controller.rb
index 5275b32eb..2f827af2e 100644
--- a/app/controllers/trackers_controller.rb
+++ b/app/controllers/trackers_controller.rb
@@ -18,13 +18,22 @@
 class TrackersController < ApplicationController
   layout 'admin'
 
-  before_filter :require_admin
+  before_filter :require_admin, :except => :index
+  before_filter :require_admin_or_api_request, :only => :index
+  accept_api_auth :index
 
   verify :method => :post, :only => :destroy, :redirect_to => { :action => :index }
 
   def index
-    @tracker_pages, @trackers = paginate :trackers, :per_page => 10, :order => 'position'
-    render :action => "index", :layout => false if request.xhr?
+    respond_to do |format|
+      format.html {
+        @tracker_pages, @trackers = paginate :trackers, :per_page => 10, :order => 'position'
+        render :action => "index", :layout => false if request.xhr?
+      }
+      format.api {
+        @trackers = Tracker.all
+      }
+    end
   end
 
   def new