changes for api
This commit is contained in:
Connor Turland
parent
e6017c4129
commit
669b337d04
2
Gemfile
2
Gemfile
|
|
@ -7,6 +7,8 @@ gem 'devise'
|
|||
gem 'redis'
|
||||
gem 'pg'
|
||||
gem 'pundit'
|
||||
gem 'cancan'
|
||||
gem 'pundit_extra'
|
||||
gem 'formula'
|
||||
gem 'formtastic'
|
||||
gem 'json'
|
||||
|
|
|
|||
10
Gemfile.lock
10
Gemfile.lock
|
|
@ -56,8 +56,9 @@ GEM
|
|||
binding_of_caller (0.7.2)
|
||||
debug_inspector (>= 0.0.1)
|
||||
builder (3.2.2)
|
||||
byebug (5.0.0)
|
||||
columnize (= 0.9.0)
|
||||
byebug (8.2.2)
|
||||
cancan (1.6.10)
|
||||
cancancan (1.10.1)
|
||||
climate_control (0.0.3)
|
||||
activesupport (>= 3.0)
|
||||
cocaine (0.5.8)
|
||||
|
|
@ -144,6 +145,7 @@ GEM
|
|||
pry (>= 0.9.10)
|
||||
pundit (1.1.0)
|
||||
activesupport (>= 3.0.0)
|
||||
pundit_extra (0.1.1)
|
||||
quiet_assets (1.1.0)
|
||||
railties (>= 3.1, < 5.0)
|
||||
rack (1.6.4)
|
||||
|
|
@ -180,7 +182,7 @@ GEM
|
|||
activesupport (= 4.2.4)
|
||||
rake (>= 0.8.7)
|
||||
thor (>= 0.18.1, < 2.0)
|
||||
rake (11.0.1)
|
||||
rake (11.1.0)
|
||||
redis (3.2.2)
|
||||
responders (2.1.1)
|
||||
railties (>= 4.2.0, < 5.1)
|
||||
|
|
@ -251,6 +253,7 @@ DEPENDENCIES
|
|||
best_in_place
|
||||
better_errors
|
||||
binding_of_caller
|
||||
cancan
|
||||
coffee-rails
|
||||
devise
|
||||
dotenv
|
||||
|
|
@ -268,6 +271,7 @@ DEPENDENCIES
|
|||
pry-byebug
|
||||
pry-rails
|
||||
pundit
|
||||
pundit_extra
|
||||
quiet_assets
|
||||
rails (= 4.2.4)
|
||||
rails3-jquery-autocomplete
|
||||
|
|
|
|||
|
|
@ -1,24 +1,32 @@
|
|||
class API::RestfulController < ActionController::Base
|
||||
include Pundit
|
||||
include PunditExtra
|
||||
|
||||
snorlax_used_rest!
|
||||
|
||||
rescue_from(Pundit::NotAuthorizedError) { |e| respond_with_standard_error e, 403 }
|
||||
load_and_authorize_resource except: [:index, :create]
|
||||
|
||||
def create
|
||||
raise CanCan::AccessDenied.new unless current_user.is_logged_in?
|
||||
authorize resource_class
|
||||
instantiate_resouce
|
||||
resource.user = current_user
|
||||
create_action
|
||||
respond_with_resource
|
||||
end
|
||||
|
||||
def show
|
||||
load_resource
|
||||
raise AccessDenied.new unless resource.authorize_to_show(current_user)
|
||||
respond_with_resource
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def accessible_records
|
||||
if current_user
|
||||
visible_records
|
||||
else
|
||||
public_records
|
||||
end
|
||||
end
|
||||
|
||||
def current_user
|
||||
super || token_user || LoggedOutUser.new
|
||||
super || token_user || nil
|
||||
end
|
||||
|
||||
def token_user
|
||||
|
|
|
|||
|
|
@ -1,7 +1,9 @@
|
|||
class Api::TokensController < API::RestfulController
|
||||
|
||||
skip_authorization
|
||||
|
||||
def my_tokens
|
||||
raise CanCan::AccessDenied.new unless current_user.is_logged_in?
|
||||
raise Pundit::NotAuthorizedError.new unless current_user.is_logged_in?
|
||||
instantiate_collection page_collection: false, timeframe_collection: false
|
||||
respond_with_collection
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
class LoggedOutUser
|
||||
|
||||
FALSE_METHODS = [:is_logged_in?]
|
||||
|
||||
FALSE_METHODS.each { |method| define_method(method, -> { false }) }
|
||||
|
||||
end
|
||||
Loading…
Reference in a new issue