From 8a95262f2cd20c78a02c596e090205e56520c341 Mon Sep 17 00:00:00 2001 From: Devin Howard Date: Wed, 26 Oct 2016 08:37:23 +0800 Subject: [PATCH] allow anonymous users to GET api routes (#842) * make map methods use ActiveRecord relations so they don't error on pundit * test for logged out maps GET api * open up GET routes on maps/topics/synapses and update api docs --- app/models/map.rb | 12 +++++------- app/policies/topic_policy.rb | 2 +- doc/api/apis/maps.raml | 2 ++ doc/api/apis/synapses.raml | 2 ++ doc/api/apis/topics.raml | 2 ++ spec/api/v2/maps_api_spec.rb | 6 +++--- spec/api/v2/synapses_api_spec.rb | 2 +- spec/api/v2/topics_api_spec.rb | 4 ++-- 8 files changed, 18 insertions(+), 14 deletions(-) diff --git a/app/models/map.rb b/app/models/map.rb index 3f5a0a16..86a89a24 100644 --- a/app/models/map.rb +++ b/app/models/map.rb @@ -41,11 +41,11 @@ class Map < ApplicationRecord end def contributors - mappings.map(&:user).uniq + User.where(id: mappings.map(&:user_id).uniq) end def editors - collaborators + [user] + User.where(id: user_id).or(User.where(id: collaborators)) end def topic_count @@ -87,7 +87,7 @@ class Map < ApplicationRecord end def starred_by_user?(user) - user.stars.where(map: self).exists? + user&.stars&.where(map: self)&.exists? || false # return false, not nil end def as_json(_options = {}) @@ -114,9 +114,8 @@ class Map < ApplicationRecord def add_new_collaborators(user_ids) users = User.where(id: user_ids) - current_collaborators = collaborators + [user] added = users.map do |new_user| - next nil if current_collaborators.include?(new_user) + next nil if editors.include?(new_user) UserMap.create(user_id: new_user.id, map_id: id) new_user.id end @@ -124,8 +123,7 @@ class Map < ApplicationRecord end def remove_old_collaborators(user_ids) - current_collaborators = collaborators + [user] - removed = current_collaborators.map(&:id).map do |old_user_id| + removed = editors.map(&:id).map do |old_user_id| next nil if user_ids.include?(old_user_id) user_maps.where(user_id: old_user_id).find_each(&:destroy) access_requests.where(user_id: old_user_id).find_each(&:destroy) diff --git a/app/policies/topic_policy.rb b/app/policies/topic_policy.rb index cf091662..b29d9b44 100644 --- a/app/policies/topic_policy.rb +++ b/app/policies/topic_policy.rb @@ -12,7 +12,7 @@ class TopicPolicy < ApplicationPolicy end def index? - user.present? + true end def create? diff --git a/doc/api/apis/maps.raml b/doc/api/apis/maps.raml index 3ae05d2e..6e9738fe 100644 --- a/doc/api/apis/maps.raml +++ b/doc/api/apis/maps.raml @@ -1,6 +1,7 @@ #type: collection get: is: [ searchable: { searchFields: "name, desc" }, embeddable: { embedFields: "user,topics,synapses,mappings,contributors,collaborators" }, orderable, pageable ] + securedBy: [ null, cookie, token, oauth_2_0 ] responses: 200: body: @@ -31,6 +32,7 @@ post: #type: item get: is: [ embeddable: { embedFields: "user,topics,synapses,mappings,contributors,collaborators" } ] + securedBy: [ null, cookie, token, oauth_2_0 ] responses: 200: body: diff --git a/doc/api/apis/synapses.raml b/doc/api/apis/synapses.raml index dabcdad7..79641e56 100644 --- a/doc/api/apis/synapses.raml +++ b/doc/api/apis/synapses.raml @@ -1,6 +1,7 @@ #type: collection get: is: [ searchable: { searchFields: "desc" }, embeddable: { embedFields: "topic1,topic2,user" }, orderable, pageable ] + securedBy: [ null, cookie, token, oauth_2_0 ] responses: 200: body: @@ -33,6 +34,7 @@ post: #type: item get: is: [ embeddable: { embedFields: "topic1,topic2,user" } ] + securedBy: [ null, cookie, token, oauth_2_0 ] responses: 200: body: diff --git a/doc/api/apis/topics.raml b/doc/api/apis/topics.raml index 15b94da4..5b5664fe 100644 --- a/doc/api/apis/topics.raml +++ b/doc/api/apis/topics.raml @@ -1,6 +1,7 @@ #type: collection get: is: [ searchable: { searchFields: "name, desc, link" }, embeddable: { embedFields: "user,metacode" }, orderable, pageable ] + securedBy: [ null, cookie, token, oauth_2_0 ] responses: 200: body: @@ -30,6 +31,7 @@ post: #type: item get: is: [ embeddable: { embedFields: "user,metacode" } ] + securedBy: [ null, cookie, token, oauth_2_0 ] responses: 200: body: diff --git a/spec/api/v2/maps_api_spec.rb b/spec/api/v2/maps_api_spec.rb index abed255d..ef72dec7 100644 --- a/spec/api/v2/maps_api_spec.rb +++ b/spec/api/v2/maps_api_spec.rb @@ -8,7 +8,7 @@ RSpec.describe 'maps API', type: :request do it 'GET /api/v2/maps' do create_list(:map, 5) - get '/api/v2/maps', params: { access_token: token } + get '/api/v2/maps' expect(response).to have_http_status(:success) expect(response).to match_json_schema(:maps) @@ -16,13 +16,13 @@ RSpec.describe 'maps API', type: :request do end it 'GET /api/v2/maps/:id' do - get "/api/v2/maps/#{map.id}", params: { access_token: token } + get "/api/v2/maps/#{map.id}" expect(response).to have_http_status(:success) expect(response).to match_json_schema(:map) expect(JSON.parse(response.body)['data']['id']).to eq map.id end - + it 'POST /api/v2/maps' do post '/api/v2/maps', params: { map: map.attributes, access_token: token } diff --git a/spec/api/v2/synapses_api_spec.rb b/spec/api/v2/synapses_api_spec.rb index 093bc41e..032750f6 100644 --- a/spec/api/v2/synapses_api_spec.rb +++ b/spec/api/v2/synapses_api_spec.rb @@ -8,7 +8,7 @@ RSpec.describe 'synapses API', type: :request do it 'GET /api/v2/synapses' do create_list(:synapse, 5) - get '/api/v2/synapses', params: { access_token: token } + get '/api/v2/synapses' expect(response).to have_http_status(:success) expect(response).to match_json_schema(:synapses) diff --git a/spec/api/v2/topics_api_spec.rb b/spec/api/v2/topics_api_spec.rb index 3f781df9..31d93b87 100644 --- a/spec/api/v2/topics_api_spec.rb +++ b/spec/api/v2/topics_api_spec.rb @@ -8,7 +8,7 @@ RSpec.describe 'topics API', type: :request do it 'GET /api/v2/topics' do create_list(:topic, 5) - get '/api/v2/topics', params: { access_token: token } + get '/api/v2/topics' expect(response).to have_http_status(:success) expect(response).to match_json_schema(:topics) @@ -16,7 +16,7 @@ RSpec.describe 'topics API', type: :request do end it 'GET /api/v2/topics/:id' do - get "/api/v2/topics/#{topic.id}", params: { access_token: token } + get "/api/v2/topics/#{topic.id}" expect(response).to have_http_status(:success)