changes for api

This commit is contained in:
Connor Turland 2016-03-12 09:37:18 +11:00
parent e6017c4129
commit 669b337d04
5 changed files with 28 additions and 19 deletions

View file

@ -7,6 +7,8 @@ gem 'devise'
gem 'redis'
gem 'pg'
gem 'pundit'
gem 'cancan'
gem 'pundit_extra'
gem 'formula'
gem 'formtastic'
gem 'json'

View file

@ -56,8 +56,9 @@ GEM
binding_of_caller (0.7.2)
debug_inspector (>= 0.0.1)
builder (3.2.2)
byebug (5.0.0)
columnize (= 0.9.0)
byebug (8.2.2)
cancan (1.6.10)
cancancan (1.10.1)
climate_control (0.0.3)
activesupport (>= 3.0)
cocaine (0.5.8)
@ -144,6 +145,7 @@ GEM
pry (>= 0.9.10)
pundit (1.1.0)
activesupport (>= 3.0.0)
pundit_extra (0.1.1)
quiet_assets (1.1.0)
railties (>= 3.1, < 5.0)
rack (1.6.4)
@ -180,7 +182,7 @@ GEM
activesupport (= 4.2.4)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
rake (11.0.1)
rake (11.1.0)
redis (3.2.2)
responders (2.1.1)
railties (>= 4.2.0, < 5.1)
@ -251,6 +253,7 @@ DEPENDENCIES
best_in_place
better_errors
binding_of_caller
cancan
coffee-rails
devise
dotenv
@ -268,6 +271,7 @@ DEPENDENCIES
pry-byebug
pry-rails
pundit
pundit_extra
quiet_assets
rails (= 4.2.4)
rails3-jquery-autocomplete

View file

@ -1,24 +1,32 @@
class API::RestfulController < ActionController::Base
include Pundit
include PunditExtra
snorlax_used_rest!
rescue_from(Pundit::NotAuthorizedError) { |e| respond_with_standard_error e, 403 }
load_and_authorize_resource except: [:index, :create]
def create
raise CanCan::AccessDenied.new unless current_user.is_logged_in?
authorize resource_class
instantiate_resouce
resource.user = current_user
create_action
respond_with_resource
end
def show
load_resource
raise AccessDenied.new unless resource.authorize_to_show(current_user)
respond_with_resource
end
private
def accessible_records
if current_user
visible_records
else
public_records
end
end
def current_user
super || token_user || LoggedOutUser.new
super || token_user || nil
end
def token_user

View file

@ -1,7 +1,9 @@
class Api::TokensController < API::RestfulController
skip_authorization
def my_tokens
raise CanCan::AccessDenied.new unless current_user.is_logged_in?
raise Pundit::NotAuthorizedError.new unless current_user.is_logged_in?
instantiate_collection page_collection: false, timeframe_collection: false
respond_with_collection
end

View file

@ -1,7 +0,0 @@
class LoggedOutUser
FALSE_METHODS = [:is_logged_in?]
FALSE_METHODS.each { |method| define_method(method, -> { false }) }
end