rosa-build/app/controllers/api/v1/base_controller.rb

138 lines
4.2 KiB
Ruby
Raw Permalink Normal View History

class Api::V1::BaseController < ApplicationController
include PaginateHelper
2014-08-28 21:22:11 +01:00
respond_to :json
skip_before_action :verify_authenticity_token
before_action :check_auth
2012-10-16 13:35:30 +01:00
helper_method :member_path
2015-03-12 22:43:13 +00:00
rescue_from Pundit::NotAuthorizedError do |exception|
respond_to do |format|
format.json { render json: {message: t('flash.exception_message')}.to_json, status: 403 }
format.csv { render text: t('flash.exception_message'), status: 403 }
end
end
2012-10-15 10:48:25 +01:00
protected
def check_auth
authenticate_or_request_with_http_basic do |username,pw|
if user = User.auth_by_token_or_login_pass(username, pw)
sign_in user, store: false
end
end
end
def set_csv_file_headers(file_name)
headers['Content-Type'] = 'text/csv'
headers['Content-disposition'] = "attachment; filename=\"#{file_name}.csv\""
end
def set_streaming_headers
2014-01-20 21:26:03 +00:00
# nginx doc: Setting this to "no" will allow unbuffered responses suitable for Comet and HTTP streaming applications
headers['X-Accel-Buffering'] = 'no'
headers['Cache-Control'] ||= 'no-cache'
headers.delete 'Content-Length'
end
2012-10-19 12:47:49 +01:00
def set_locale
I18n.locale = :en
end
def error_message(subject, message)
2012-10-15 19:30:06 +01:00
[message, subject.errors.full_messages].flatten.join('. ')
end
2012-10-16 13:35:30 +01:00
def create_subject(subject)
2015-03-17 00:55:04 +00:00
authorize subject, :create?
2012-10-16 13:35:30 +01:00
class_name = subject.class.name
if subject.save
render_json_response subject, "#{class_name} has been created successfully"
else
render_validation_error subject, "#{class_name} has not been created"
end
end
2012-10-17 14:46:16 +01:00
def update_member_in_subject(subject, relation = :relations)
2015-03-17 00:55:04 +00:00
authorize subject, :update_member?
2012-10-17 14:46:16 +01:00
role = params[:role]
class_name = subject.class.name.downcase
if member.present? && role.present? && subject.respond_to?(:owner) && subject.owner != member &&
2014-01-21 04:51:49 +00:00
subject.send(relation).by_actor(member).update_all(role: role)
2012-10-17 18:08:21 +01:00
render_json_response subject, "Role for #{member.class.name.downcase} '#{member.id} has been updated in #{class_name} successfully"
2012-10-17 14:46:16 +01:00
else
2012-10-17 18:08:21 +01:00
render_validation_error subject, "Role for member has not been updated in #{class_name}"
2012-10-17 14:46:16 +01:00
end
end
def add_member_to_subject(subject, role = 'admin')
2015-03-17 00:55:04 +00:00
authorize subject, :add_member?
2012-10-15 10:48:25 +01:00
class_name = subject.class.name.downcase
if member.present? && subject.add_member(member, role)
2012-10-15 10:48:25 +01:00
render_json_response subject, "#{member.class.to_s} '#{member.id}' has been added to #{class_name} successfully"
else
render_validation_error subject, "Member has not been added to #{class_name}"
end
end
def remove_member_from_subject(subject)
2015-03-17 00:55:04 +00:00
authorize subject, :remove_member?
2012-10-15 10:48:25 +01:00
class_name = subject.class.name.downcase
2012-10-16 14:42:52 +01:00
if member.present? && subject.remove_member(member)
2012-10-15 10:48:25 +01:00
render_json_response subject, "#{member.class.to_s} '#{member.id}' has been removed from #{class_name} successfully"
else
render_validation_error subject, "Member has not been removed from #{class_name}"
end
end
def destroy_subject(subject)
2015-03-17 00:55:04 +00:00
authorize subject, :destroy?
2012-10-15 10:48:25 +01:00
subject.destroy # later with resque
render_json_response subject, "#{subject.class.name} has been destroyed successfully"
end
def update_subject(subject)
2015-03-17 00:55:04 +00:00
authorize subject, :update?
2012-10-15 10:48:25 +01:00
class_name = subject.class.name
if subject.update_attributes(subject_params(subject.class, subject))
2012-10-15 10:48:25 +01:00
render_json_response subject, "#{class_name} has been updated successfully"
else
render_validation_error subject, "#{class_name} has not been updated"
end
end
def render_json_response(subject, message, status = 200)
id = status != 200 ? nil : subject.id
2014-01-21 04:51:49 +00:00
render json: {
2012-10-18 12:22:31 +01:00
subject.class.name.underscore.to_sym => {
2014-01-21 04:51:49 +00:00
id: id,
message: message
2012-10-15 10:48:25 +01:00
}
}, status: status
2012-10-15 10:48:25 +01:00
end
def render_validation_error(subject, message)
render_json_response(subject, error_message(subject, message), 422)
2012-10-15 10:48:25 +01:00
end
2012-10-16 13:35:30 +01:00
def member_path(subject)
if subject.is_a?(User)
2014-01-21 04:51:49 +00:00
api_v1_user_path(subject.id, format: :json)
2012-10-16 13:35:30 +01:00
else
2014-01-21 04:51:49 +00:00
api_v1_group_path(subject.id, format: :json)
2012-10-16 13:35:30 +01:00
end
end
2012-10-15 10:48:25 +01:00
private
def member
if @member.blank? && %w(User Group).include?(params[:type])
2014-01-21 04:51:49 +00:00
@member = params[:type].constantize.where(id: params[:member_id]).first
2012-10-15 10:48:25 +01:00
end
@member
end
2012-10-15 10:48:25 +01:00
end