allow anonymous users to GET api routes (#842)

* make map methods use ActiveRecord relations so they don't error on pundit * test for logged out maps GET api * open up GET routes on maps/topics/synapses and update api docs
2016-10-26 08:37:23 +08:00 · 2016-10-26 08:37:23 +08:00 · 8a95262f2c
commit 8a95262f2c
parent ed89f80f49
8 changed files with 18 additions and 14 deletions
--- a/app/models/map.rb
+++ b/app/models/map.rb
@ -41,11 +41,11 @@ class Map < ApplicationRecord
  end
  def contributors
-    mappings.map(&:user).uniq
+    User.where(id: mappings.map(&:user_id).uniq)
  end
  def editors
-    collaborators + [user]
+    User.where(id: user_id).or(User.where(id: collaborators))
  end
  def topic_count
@ -87,7 +87,7 @@ class Map < ApplicationRecord
  end
  def starred_by_user?(user)
-    user.stars.where(map: self).exists?
+    user&.stars&.where(map: self)&.exists? || false # return false, not nil
  end
  def as_json(_options = {})
@ -114,9 +114,8 @@ class Map < ApplicationRecord
  def add_new_collaborators(user_ids)
    users = User.where(id: user_ids)
    current_collaborators = collaborators + [user]
    added = users.map do |new_user|
-      next nil if current_collaborators.include?(new_user)
+      next nil if editors.include?(new_user)
      UserMap.create(user_id: new_user.id, map_id: id)
      new_user.id
    end
@ -124,8 +123,7 @@ class Map < ApplicationRecord
  end
  def remove_old_collaborators(user_ids)
-    current_collaborators = collaborators + [user]
+    removed = editors.map(&:id).map do |old_user_id|
    removed = current_collaborators.map(&:id).map do |old_user_id|
      next nil if user_ids.include?(old_user_id)
      user_maps.where(user_id: old_user_id).find_each(&:destroy)
      access_requests.where(user_id: old_user_id).find_each(&:destroy)
--- a/app/policies/topic_policy.rb
+++ b/app/policies/topic_policy.rb
@ -12,7 +12,7 @@ class TopicPolicy < ApplicationPolicy
  end
  def index?
-    user.present?
+    true
  end
  def create?
--- a/doc/api/apis/maps.raml
+++ b/doc/api/apis/maps.raml
@ -1,6 +1,7 @@
 #type: collection
 get:
  is: [ searchable: { searchFields: "name, desc" }, embeddable: { embedFields: "user,topics,synapses,mappings,contributors,collaborators" }, orderable, pageable ]
  securedBy: [ null, cookie, token, oauth_2_0 ]
  responses:
    200:
      body:
@ -31,6 +32,7 @@ post:
  #type: item
  get:
    is: [ embeddable: { embedFields: "user,topics,synapses,mappings,contributors,collaborators" } ]
    securedBy: [ null, cookie, token, oauth_2_0 ]
    responses:
      200:
        body:
--- a/doc/api/apis/synapses.raml
+++ b/doc/api/apis/synapses.raml
@ -1,6 +1,7 @@
 #type: collection
 get:
  is: [ searchable: { searchFields: "desc" }, embeddable: { embedFields: "topic1,topic2,user" }, orderable, pageable ]
  securedBy: [ null, cookie, token, oauth_2_0 ]
  responses:
    200:
      body:
@ -33,6 +34,7 @@ post:
  #type: item
  get:
    is: [ embeddable: { embedFields: "topic1,topic2,user" } ]
    securedBy: [ null, cookie, token, oauth_2_0 ]
    responses:
      200:
        body:
--- a/doc/api/apis/topics.raml
+++ b/doc/api/apis/topics.raml
@ -1,6 +1,7 @@
 #type: collection
 get:
  is: [ searchable: { searchFields: "name, desc, link" }, embeddable: { embedFields: "user,metacode" }, orderable, pageable ]
  securedBy: [ null, cookie, token, oauth_2_0 ]
  responses:
    200:
      body:
@ -30,6 +31,7 @@ post:
  #type: item
  get:
    is: [ embeddable: { embedFields: "user,metacode" } ]
    securedBy: [ null, cookie, token, oauth_2_0 ]
    responses:
      200:
        body:
--- a/spec/api/v2/maps_api_spec.rb
+++ b/spec/api/v2/maps_api_spec.rb
@ -8,7 +8,7 @@ RSpec.describe 'maps API', type: :request do
  it 'GET /api/v2/maps' do
    create_list(:map, 5)
-    get '/api/v2/maps', params: { access_token: token }
+    get '/api/v2/maps'
    expect(response).to have_http_status(:success)
    expect(response).to match_json_schema(:maps)
@ -16,7 +16,7 @@ RSpec.describe 'maps API', type: :request do
  end
  it 'GET /api/v2/maps/:id' do
-    get "/api/v2/maps/#{map.id}", params: { access_token: token }
+    get "/api/v2/maps/#{map.id}"
    expect(response).to have_http_status(:success)
    expect(response).to match_json_schema(:map)
--- a/spec/api/v2/synapses_api_spec.rb
+++ b/spec/api/v2/synapses_api_spec.rb
@ -8,7 +8,7 @@ RSpec.describe 'synapses API', type: :request do
  it 'GET /api/v2/synapses' do
    create_list(:synapse, 5)
-    get '/api/v2/synapses', params: { access_token: token }
+    get '/api/v2/synapses'
    expect(response).to have_http_status(:success)
    expect(response).to match_json_schema(:synapses)
--- a/spec/api/v2/topics_api_spec.rb
+++ b/spec/api/v2/topics_api_spec.rb
@ -8,7 +8,7 @@ RSpec.describe 'topics API', type: :request do
  it 'GET /api/v2/topics' do
    create_list(:topic, 5)
-    get '/api/v2/topics', params: { access_token: token }
+    get '/api/v2/topics'
    expect(response).to have_http_status(:success)
    expect(response).to match_json_schema(:topics)
@ -16,7 +16,7 @@ RSpec.describe 'topics API', type: :request do
  end
  it 'GET /api/v2/topics/:id' do
-    get "/api/v2/topics/#{topic.id}", params: { access_token: token }
+    get "/api/v2/topics/#{topic.id}"
    expect(response).to have_http_status(:success)