first pass at important API endpoints, token auth

2016-03-11 17:16:04 +11:00 · 2016-03-11 17:16:04 +11:00 · 059591b78b
commit 059591b78b
parent ef60aefe88
31 changed files with 392 additions and 62 deletions
--- a/2
+++ b/2
@ -15,6 +15,8 @@ gem 'best_in_place' #in-place editing
 gem 'kaminari' # pagination
 gem 'uservoice-ruby'
 gem 'dotenv'
 gem 'snorlax', '~> 0.1.3'
 gem 'active_model_serializers', '~> 0.8.1'
 gem 'paperclip'
 gem 'aws-sdk', '< 2.0'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -20,6 +20,8 @@ GEM
      erubis (~> 2.7.0)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
    active_model_serializers (0.8.3)
      activemodel (>= 3.0)
    activejob (4.2.4)
      activesupport (= 4.2.4)
      globalid (>= 0.3.0)
@ -43,8 +45,8 @@ GEM
    aws-sdk-v1 (1.66.0)
      json (~> 1.4)
      nokogiri (>= 1.4.4)
-    bcrypt (3.1.10)
+    bcrypt (3.1.11)
-    best_in_place (3.0.3)
+    best_in_place (3.1.0)
      actionpack (>= 3.2)
      railties (>= 3.2)
    better_errors (2.1.1)
@ -54,24 +56,23 @@ GEM
    binding_of_caller (0.7.2)
      debug_inspector (>= 0.0.1)
    builder (3.2.2)
-    byebug (5.0.0)
+    byebug (8.2.2)
-      columnize (= 0.9.0)
+    cancancan (1.10.1)
    cancancan (1.13.1)
    climate_control (0.0.3)
      activesupport (>= 3.0)
-    cocaine (0.5.7)
+    cocaine (0.5.8)
      climate_control (>= 0.0.3, < 1.0)
-    coderay (1.1.0)
+    coderay (1.1.1)
-    coffee-rails (4.1.0)
+    coffee-rails (4.1.1)
      coffee-script (>= 2.2.0)
-      railties (>= 4.0.0, < 5.0)
+      railties (>= 4.0.0, < 5.1.x)
    coffee-script (2.4.1)
      coffee-script-source
      execjs
-    coffee-script-source (1.9.1.1)
+    coffee-script-source (1.10.0)
-    columnize (0.9.0)
+    concurrent-ruby (1.0.1)
    debug_inspector (0.0.2)
-    devise (3.5.2)
+    devise (3.5.6)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 3.2.6, < 5)
@ -80,13 +81,13 @@ GEM
      warden (~> 1.2.3)
    diff-lcs (1.2.5)
    docile (1.1.5)
-    dotenv (2.0.2)
+    dotenv (2.1.0)
    erubis (2.7.0)
    execjs (2.6.0)
    ezcrypto (0.7.2)
    factory_girl (4.5.0)
      activesupport (>= 3.0.0)
-    factory_girl_rails (4.5.0)
+    factory_girl_rails (4.6.0)
      factory_girl (~> 4.5.0)
      railties (>= 3.0.0)
    formtastic (3.1.3)
@ -96,17 +97,17 @@ GEM
    globalid (0.3.6)
      activesupport (>= 4.1.0)
    i18n (0.7.0)
-    jbuilder (2.3.2)
+    jbuilder (2.4.1)
-      activesupport (>= 3.0.0, < 5)
+      activesupport (>= 3.0.0, < 5.1)
      multi_json (~> 1.2)
-    jquery-rails (4.0.5)
+    jquery-rails (4.1.1)
-      rails-dom-testing (~> 1.0)
+      rails-dom-testing (>= 1, < 3)
      railties (>= 4.2.0)
      thor (>= 0.14, < 2.0)
    jquery-ui-rails (5.0.5)
      railties (>= 3.2.16)
    json (1.8.3)
-    json-schema (2.6.0)
+    json-schema (2.6.1)
      addressable (~> 2.3.8)
    kaminari (0.16.3)
      actionpack (>= 3.0.0)
@ -116,28 +117,28 @@ GEM
    mail (2.6.3)
      mime-types (>= 1.16, < 3)
    method_source (0.8.2)
-    mime-types (2.6.2)
+    mime-types (2.99.1)
    mimemagic (0.3.0)
-    mini_portile (0.6.2)
+    mini_portile2 (2.0.0)
-    minitest (5.8.2)
+    minitest (5.8.4)
    multi_json (1.11.2)
-    nokogiri (1.6.6.2)
+    nokogiri (1.6.7.2)
-      mini_portile (~> 0.6.0)
+      mini_portile2 (~> 2.0.0.rc2)
-    oauth (0.4.7)
+    oauth (0.5.1)
    orm_adapter (0.5.0)
-    paperclip (4.3.1)
+    paperclip (4.3.5)
      activemodel (>= 3.2.0)
      activesupport (>= 3.2.0)
      cocaine (~> 0.5.5)
      mime-types
      mimemagic (= 0.3.0)
-    pg (0.18.3)
+    pg (0.18.4)
    pry (0.10.3)
      coderay (~> 1.1.0)
      method_source (~> 0.8.1)
      slop (~> 3.4)
-    pry-byebug (3.2.0)
+    pry-byebug (3.3.0)
-      byebug (~> 5.0)
+      byebug (~> 8.0)
      pry (~> 0.10)
    pry-rails (0.3.4)
      pry (>= 0.9.10)
@ -163,66 +164,70 @@ GEM
      activesupport (>= 4.2.0.beta, < 5.0)
      nokogiri (~> 1.6.0)
      rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.2)
+    rails-html-sanitizer (1.0.3)
      loofah (~> 2.0)
    rails3-jquery-autocomplete (1.0.15)
      rails (>= 3.2)
    rails_12factor (0.0.3)
      rails_serve_static_assets
      rails_stdout_logging
-    rails_serve_static_assets (0.0.4)
+    rails_serve_static_assets (0.0.5)
    rails_stdout_logging (0.0.4)
    railties (4.2.4)
      actionpack (= 4.2.4)
      activesupport (= 4.2.4)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
-    rake (10.4.2)
+    rake (11.0.1)
-    redis (3.2.1)
+    redis (3.2.2)
-    responders (2.1.0)
+    responders (2.1.1)
-      railties (>= 4.2.0, < 5)
+      railties (>= 4.2.0, < 5.1)
-    rspec-core (3.3.2)
+    rspec-core (3.4.4)
-      rspec-support (~> 3.3.0)
+      rspec-support (~> 3.4.0)
-    rspec-expectations (3.3.1)
+    rspec-expectations (3.4.0)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.3.0)
+      rspec-support (~> 3.4.0)
-    rspec-mocks (3.3.2)
+    rspec-mocks (3.4.1)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.3.0)
+      rspec-support (~> 3.4.0)
-    rspec-rails (3.3.3)
+    rspec-rails (3.4.2)
      actionpack (>= 3.0, < 4.3)
      activesupport (>= 3.0, < 4.3)
      railties (>= 3.0, < 4.3)
-      rspec-core (~> 3.3.0)
+      rspec-core (~> 3.4.0)
-      rspec-expectations (~> 3.3.0)
+      rspec-expectations (~> 3.4.0)
-      rspec-mocks (~> 3.3.0)
+      rspec-mocks (~> 3.4.0)
-      rspec-support (~> 3.3.0)
+      rspec-support (~> 3.4.0)
-    rspec-support (3.3.0)
+    rspec-support (3.4.1)
-    sass (3.4.19)
+    sass (3.4.21)
    sass-rails (5.0.4)
      railties (>= 4.0.0, < 5.0)
      sass (~> 3.1)
      sprockets (>= 2.8, < 4.0)
      sprockets-rails (>= 2.0, < 4.0)
      tilt (>= 1.1, < 3)
-    shoulda-matchers (3.0.1)
+    shoulda-matchers (3.1.1)
      activesupport (>= 4.0.0)
-    simplecov (0.11.1)
+    simplecov (0.11.2)
      docile (~> 1.1.0)
      json (~> 1.8)
      simplecov-html (~> 0.10.0)
    simplecov-html (0.10.0)
    slop (3.6.0)
-    sprockets (3.4.0)
+    snorlax (0.1.4)
      cancancan (~> 1.10.1)
      rails (> 4.1)
    sprockets (3.5.2)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
-    sprockets-rails (2.3.3)
+    sprockets-rails (3.0.4)
-      actionpack (>= 3.0)
+      actionpack (>= 4.0)
-      activesupport (>= 3.0)
+      activesupport (>= 4.0)
-      sprockets (>= 2.8, < 4.0)
+      sprockets (>= 3.0.0)
    thor (0.19.1)
    thread_safe (0.3.5)
-    tilt (2.0.1)
+    tilt (2.0.2)
-    tunemygc (1.0.61)
+    tunemygc (1.0.65)
    tzinfo (1.2.2)
      thread_safe (~> 0.1)
    uglifier (2.7.2)
@ -232,13 +237,14 @@ GEM
      ezcrypto (>= 0.7.2)
      json (>= 1.7.5)
      oauth (>= 0.4.7)
-    warden (1.2.3)
+    warden (1.2.6)
      rack (>= 1.0)
 PLATFORMS
  ruby
 DEPENDENCIES
  active_model_serializers (~> 0.8.1)
  aws-sdk (< 2.0)
  best_in_place
  better_errors
@ -269,6 +275,10 @@ DEPENDENCIES
  sass-rails
  shoulda-matchers
  simplecov
  snorlax (~> 0.1.3)
  tunemygc
  uglifier
  uservoice-ruby
 BUNDLED WITH
   1.11.2
--- a/app/assets/javascripts/src/Metamaps.js.erb
+++ b/app/assets/javascripts/src/Metamaps.js.erb
@ -4083,7 +4083,7 @@ Metamaps.Topic = {
        };  
        var topicSuccessCallback = function (topicModel, response) {
            if (Metamaps.Active.Map) {
-                mapping.save({ mappable_id: topicModel.id }, {
+                mapping.save({ mappable_id: topicModel.get('topic').id }, {
                    success: mappingSuccessCallback,
                    error: function (model, response) {
                        console.log('error saving mapping to database');
@ -4254,7 +4254,7 @@ Metamaps.Synapse = {
        };
        var synapseSuccessCallback = function (synapseModel, response) {
            if (Metamaps.Active.Map) {
-                mapping.save({ mappable_id: synapseModel.id }, {
+                mapping.save({ mappable_id: synapseModel.get('synapse').id }, {
                    success: mappingSuccessCallback
                });
            }
--- a/app/controllers/api/mappings_controller.rb
+++ b/app/controllers/api/mappings_controller.rb
@ -0,0 +1,11 @@
 class Api::MappingsController < API::RestfulController
  def create
    raise CanCan::AccessDenied.new unless current_user.is_logged_in?
    instantiate_resouce
    resource.user = current_user
    create_action
    respond_with_resource
  end
 end
--- a/app/controllers/api/maps_controller.rb
+++ b/app/controllers/api/maps_controller.rb
@ -0,0 +1,11 @@
 class Api::MapsController < API::RestfulController
  def create
    raise CanCan::AccessDenied.new unless current_user.is_logged_in?
    instantiate_resouce
    resource.user = current_user
    create_action
    respond_with_resource
  end
 end
--- a/app/controllers/api/restful_controller.rb
+++ b/app/controllers/api/restful_controller.rb
@ -0,0 +1,29 @@
 class API::RestfulController < ActionController::Base
  snorlax_used_rest!
  def show
    load_resource
    raise AccessDenied.new unless resource.authorize_to_show(current_user)
    respond_with_resource
  end
  private
  def current_user
    super || token_user || LoggedOutUser.new
  end
  def token_user
    authenticate_with_http_token do |token, options|
      access_token = Token.find_by_token(token)
      if access_token
        @token_user ||= access_token.user
      end
    end
  end
  def permitted_params
    @permitted_params ||= PermittedParams.new(params)
  end
 end
--- a/app/controllers/api/synapses_controller.rb
+++ b/app/controllers/api/synapses_controller.rb
@ -0,0 +1,11 @@
 class Api::SynapsesController < API::RestfulController
  def create
    raise CanCan::AccessDenied.new unless current_user.is_logged_in?
    instantiate_resouce
    resource.user = current_user
    create_action
    respond_with_resource
  end
 end
--- a/app/controllers/api/tokens_controller.rb
+++ b/app/controllers/api/tokens_controller.rb
@ -0,0 +1,21 @@
 class Api::TokensController < API::RestfulController
  def create
    raise CanCan::AccessDenied.new unless current_user.is_logged_in?
    instantiate_resouce
    resource.user = current_user
    create_action
    respond_with_resource
  end
  def my_tokens
    raise CanCan::AccessDenied.new unless current_user.is_logged_in?
    instantiate_collection page_collection: false, timeframe_collection: false
    respond_with_collection
  end
  def visible_records
    current_user.tokens
  end
 end
--- a/app/controllers/api/topics_controller.rb
+++ b/app/controllers/api/topics_controller.rb
@ -0,0 +1,11 @@
 class Api::TopicsController < API::RestfulController
  def create
    raise CanCan::AccessDenied.new unless current_user.is_logged_in?
    instantiate_resouce
    resource.user = current_user
    create_action
    respond_with_resource
  end
 end
--- a/app/models/logged_out_user.rb
+++ b/app/models/logged_out_user.rb
@ -0,0 +1,7 @@
 class LoggedOutUser
  FALSE_METHODS = [:is_logged_in?]
  FALSE_METHODS.each { |method| define_method(method, -> { false }) }
 end
--- a/app/models/mapping.rb
+++ b/app/models/mapping.rb
@ -26,4 +26,12 @@ class Mapping < ActiveRecord::Base
    super(:methods =>[:user_name, :user_image])
  end
  def authorize_to_show(user)
    if ((self.map.permission == "private" && self.map.user != user) ||
         (self.mappable.permission == "private" && self.mappable.user != user))
      return false
    end
    return self
  end
 end
--- a/app/models/permitted_params.rb
+++ b/app/models/permitted_params.rb
@ -0,0 +1,33 @@
 class PermittedParams < Struct.new(:params)
  %w[map synapse topic mapping token].each do |kind|
    define_method(kind) do
      permitted_attributes = self.send("#{kind}_attributes")
      params.require(kind).permit(*permitted_attributes)
    end
    alias_method :"api_#{kind}", kind.to_sym
  end
  alias :read_attribute_for_serialization :send
  def token_attributes
    [:description]
  end
  def map_attributes
    [:name, :desc, :permission, :arranged]
  end
  def synapse_attributes
    [:desc, :category, :weight, :permission, :node1_id, :node2_id]
  end
  def topic_attributes
    [:name, :desc, :link, :permission, :metacode_id]
  end
  def mapping_attributes
    [:xloc, :yloc, :map_id, :mappable_type, :mappable_id]
  end
 end
--- a/app/models/synapse.rb
+++ b/app/models/synapse.rb
@ -10,6 +10,8 @@ class Synapse < ActiveRecord::Base
  validates :desc, length: { minimum: 0, allow_nil: false }
  validates :permission, presence: true
  validates :node1_id, presence: true
  validates :node2_id, presence: true
  validates :permission, inclusion: { in: Perm::ISSIONS.map(&:to_s) }
  validates :category, inclusion: { in: ['from-to', 'both'], allow_nil: true }
--- a/app/models/token.rb
+++ b/app/models/token.rb
@ -0,0 +1,11 @@
 class Token < ActiveRecord::Base
  belongs_to :user
  before_create :generate_token
  private
  def generate_token
    self.token = SecureRandom.uuid.gsub(/\-/,'')
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -6,6 +6,7 @@ class User < ActiveRecord::Base
  has_many :synapses
  has_many :maps
  has_many :mappings
  has_many :tokens
  after_create :generate_code
@ -40,6 +41,10 @@ class User < ActiveRecord::Base
  # Validate the attached image is image/jpg, image/png, etc
  validates_attachment_content_type :image, :content_type => /\Aimage\/.*\Z/
  def is_logged_in?
    true
  end
  # override default as_json
  def as_json(options={})
    { :id => self.id,
--- a/app/serializers/map_serializer.rb
+++ b/app/serializers/map_serializer.rb
@ -0,0 +1,20 @@
 class MapSerializer < ActiveModel::Serializer
  embed :ids, include: true
  attributes :id,
             :name,
             :desc,
             :permission,
             :screenshot,
             :created_at,
             :updated_at
  has_many :topics
  has_many :synapses
  has_many :mappings
  has_many :contributors, root: :users
  #def filter(keys)
  #  keys.delete(:outcome_author) unless object.outcome_author.present?
  #  keys
  #end
 end
--- a/app/serializers/mapping_serializer.rb
+++ b/app/serializers/mapping_serializer.rb
@ -0,0 +1,17 @@
 class MappingSerializer < ActiveModel::Serializer
  embed :ids, include: true
  attributes :id,
             :xloc,
             :yloc,
             :created_at,
             :updated_at
  has_one :user
  has_one :map
  has_one :mappable, polymorphic: true
  def filter(keys)
    keys.delete(:xloc) unless object.mappable_type == "Topic"
    keys.delete(:yloc) unless object.mappable_type == "Topic"
    keys
  end
 end
--- a/app/serializers/metacode_serializer.rb
+++ b/app/serializers/metacode_serializer.rb
@ -0,0 +1,7 @@
 class MetacodeSerializer < ActiveModel::Serializer
  attributes :id,
             :name,
             :manual_icon,
             :color,
             :aws_icon
 end 
--- a/app/serializers/synapse_serializer.rb
+++ b/app/serializers/synapse_serializer.rb
@ -0,0 +1,19 @@
 class SynapseSerializer < ActiveModel::Serializer
  embed :ids, include: true
  attributes :id,
             :desc,
             :category,
             :weight,
             :permission,
             :created_at,
             :updated_at
  has_one :topic1, root: :topics
  has_one :topic2, root: :topics
  has_one :user
  #def filter(keys)
  #  keys.delete(:outcome_author) unless object.outcome_author.present?
  #  keys
  #end
 end
--- a/app/serializers/token_serializer.rb
+++ b/app/serializers/token_serializer.rb
@ -0,0 +1,14 @@
 class TokenSerializer < ActiveModel::Serializer
  embed :ids, include: true
  attributes :id,
             :token,
             :description,
             :user_id,
             :created_at,
             :updated_at
  #def filter(keys)
  #  keys.delete(:outcome_author) unless object.outcome_author.present?
  #  keys
  #end
 end
--- a/app/serializers/topic_serializer.rb
+++ b/app/serializers/topic_serializer.rb
@ -0,0 +1,18 @@
 class TopicSerializer < ActiveModel::Serializer
  embed :ids, include: true
  attributes :id,
             :name,
             :desc,
             :link,
             :permission,
             :created_at,
             :updated_at
  has_one :user
  has_one :metacode
  #def filter(keys)
  #  keys.delete(:outcome_author) unless object.outcome_author.present?
  #  keys
  #end
 end
--- a/app/serializers/user_serializer.rb
+++ b/app/serializers/user_serializer.rb
@ -0,0 +1,15 @@
 class UserSerializer < ActiveModel::Serializer
  attributes :id,
             :name,
             :avatar,
             :is_admin,
             :generation
  def avatar
    object.image.url(:sixtyfour)
  end
  def is_admin
    object.admin
  end
 end 
--- a/config/routes.rb
+++ b/config/routes.rb
@ -9,6 +9,16 @@ Metamaps::Application.routes.draw do
  get 'search/mappers', to: 'main#searchmappers', as: :searchmappers
  get 'search/synapses', to: 'main#searchsynapses', as: :searchsynapses
  namespace :api, path: '/api/v1', defaults: {format: :json} do
    resources :maps, only: [:create, :show, :update, :destroy]
    resources :synapses, only: [:create, :show, :update, :destroy]
    resources :topics, only: [:create, :show, :update, :destroy]
    resources :mappings, only: [:create, :show, :update, :destroy]
    resources :tokens, only: [ :create, :destroy] do
      get :my_tokens, on: :collection
    end 
  end
  resources :mappings, except: [:index, :new, :edit]
  resources :metacode_sets, :except => [:show]
  resources :metacodes, :except => [:show, :destroy]
--- a/db/migrate/20160310200131_create_tokens.rb
+++ b/db/migrate/20160310200131_create_tokens.rb
@ -0,0 +1,11 @@
 class CreateTokens < ActiveRecord::Migration
  def change
    create_table :tokens do |t|
      t.string :token
      t.string :description
      t.references :user, index: true, foreign_key: true
      t.timestamps null: false
    end
  end
 end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20160223061711) do
+ActiveRecord::Schema.define(version: 20160310200131) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@ -117,6 +117,16 @@ ActiveRecord::Schema.define(version: 20160223061711) do
  add_index "synapses", ["node2_id"], name: "index_synapses_on_node2_id", using: :btree
  add_index "synapses", ["user_id"], name: "index_synapses_on_user_id", using: :btree
  create_table "tokens", force: :cascade do |t|
    t.string   "token"
    t.string   "description"
    t.integer  "user_id"
    t.datetime "created_at",  null: false
    t.datetime "updated_at",  null: false
  end
  add_index "tokens", ["user_id"], name: "index_tokens_on_user_id", using: :btree
  create_table "topics", force: :cascade do |t|
    t.text     "name"
    t.text     "desc"
@ -171,4 +181,5 @@ ActiveRecord::Schema.define(version: 20160223061711) do
  add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree
  add_foreign_key "tokens", "users"
 end
--- a/postatoken.txt
+++ b/postatoken.txt
@ -0,0 +1,7 @@
 $.post('http://localhost:3000/api/v1/tokens', {token: {
  description: 'for stuff',
  token: '1234',
  user_id: 2
 }})
 curl -X POST -d @postdata.txt http://localhost:3000/api/v1/maps --header "Authorization: Token token=fb5b3db125c94e9fb50f1e42054be856" --header "Content-Type:application/json"
--- a/postdata.txt
+++ b/postdata.txt
@ -0,0 +1 @@
 { "map": { "name":"tree", "desc": "green", "permission": "commons", "arranged": true }}
--- a/postmapping.txt
+++ b/postmapping.txt
@ -0,0 +1 @@
 { "mapping": { "xloc": 123, "yloc": 123,  "map_id": 1, "mappable_type": "Topic", "mappable_id": 2 }}
--- a/postsynapse.txt
+++ b/postsynapse.txt
@ -0,0 +1 @@
 { "synapse": { "desc": "link between", "permission": "commons", "node1_id": 1,  "node2_id": 2, "category": "from-to" }}
--- a/posttopic.txt
+++ b/posttopic.txt
@ -0,0 +1 @@
 { "topic": { "name":"tree topic", "desc": "so green", "permission": "commons", "metacode_id": 1 }}
--- a/spec/models/token_spec.rb
+++ b/spec/models/token_spec.rb
@ -0,0 +1,5 @@
 require 'rails_helper'
 RSpec.describe Token, type: :model do
  pending "add some examples to (or delete) #{__FILE__}"
 end
		`@ -0,0 +1 @@`
							`{ "map": { "name":"tree", "desc": "green", "permission": "commons", "arranged": true }}`
		`@ -0,0 +1 @@`
							`{ "mapping": { "xloc": 123, "yloc": 123, "map_id": 1, "mappable_type": "Topic", "mappable_id": 2 }}`
		`@ -0,0 +1 @@`
							`{ "synapse": { "desc": "link between", "permission": "commons", "node1_id": 1, "node2_id": 2, "category": "from-to" }}`
		`@ -0,0 +1 @@`
							`{ "topic": { "name":"tree topic", "desc": "so green", "permission": "commons", "metacode_id": 1 }}`