From 669b337d04815d136d5b97ee3af638509fcc7a46 Mon Sep 17 00:00:00 2001 From: Connor Turland Date: Sat, 12 Mar 2016 09:37:18 +1100 Subject: [PATCH] changes for api --- Gemfile | 2 ++ Gemfile.lock | 10 +++++++--- app/controllers/api/restful_controller.rb | 24 +++++++++++++++-------- app/controllers/api/tokens_controller.rb | 4 +++- app/models/logged_out_user.rb | 7 ------- 5 files changed, 28 insertions(+), 19 deletions(-) delete mode 100644 app/models/logged_out_user.rb diff --git a/Gemfile b/Gemfile index a0600ced..b7ea08e9 100644 --- a/Gemfile +++ b/Gemfile @@ -7,6 +7,8 @@ gem 'devise' gem 'redis' gem 'pg' gem 'pundit' +gem 'cancan' +gem 'pundit_extra' gem 'formula' gem 'formtastic' gem 'json' diff --git a/Gemfile.lock b/Gemfile.lock index 9e9731a6..a2a3b031 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -56,8 +56,9 @@ GEM binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) builder (3.2.2) - byebug (5.0.0) - columnize (= 0.9.0) + byebug (8.2.2) + cancan (1.6.10) + cancancan (1.10.1) climate_control (0.0.3) activesupport (>= 3.0) cocaine (0.5.8) @@ -144,6 +145,7 @@ GEM pry (>= 0.9.10) pundit (1.1.0) activesupport (>= 3.0.0) + pundit_extra (0.1.1) quiet_assets (1.1.0) railties (>= 3.1, < 5.0) rack (1.6.4) @@ -180,7 +182,7 @@ GEM activesupport (= 4.2.4) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (11.0.1) + rake (11.1.0) redis (3.2.2) responders (2.1.1) railties (>= 4.2.0, < 5.1) @@ -251,6 +253,7 @@ DEPENDENCIES best_in_place better_errors binding_of_caller + cancan coffee-rails devise dotenv @@ -268,6 +271,7 @@ DEPENDENCIES pry-byebug pry-rails pundit + pundit_extra quiet_assets rails (= 4.2.4) rails3-jquery-autocomplete diff --git a/app/controllers/api/restful_controller.rb b/app/controllers/api/restful_controller.rb index d56783a0..ca7ff481 100644 --- a/app/controllers/api/restful_controller.rb +++ b/app/controllers/api/restful_controller.rb @@ -1,24 +1,32 @@ class API::RestfulController < ActionController::Base + include Pundit + include PunditExtra + snorlax_used_rest! + rescue_from(Pundit::NotAuthorizedError) { |e| respond_with_standard_error e, 403 } + load_and_authorize_resource except: [:index, :create] + def create - raise CanCan::AccessDenied.new unless current_user.is_logged_in? + authorize resource_class instantiate_resouce resource.user = current_user create_action respond_with_resource end - def show - load_resource - raise AccessDenied.new unless resource.authorize_to_show(current_user) - respond_with_resource - end - private + def accessible_records + if current_user + visible_records + else + public_records + end + end + def current_user - super || token_user || LoggedOutUser.new + super || token_user || nil end def token_user diff --git a/app/controllers/api/tokens_controller.rb b/app/controllers/api/tokens_controller.rb index cc54e531..6ef01e69 100644 --- a/app/controllers/api/tokens_controller.rb +++ b/app/controllers/api/tokens_controller.rb @@ -1,7 +1,9 @@ class Api::TokensController < API::RestfulController + + skip_authorization def my_tokens - raise CanCan::AccessDenied.new unless current_user.is_logged_in? + raise Pundit::NotAuthorizedError.new unless current_user.is_logged_in? instantiate_collection page_collection: false, timeframe_collection: false respond_with_collection end diff --git a/app/models/logged_out_user.rb b/app/models/logged_out_user.rb deleted file mode 100644 index 14e0cfb9..00000000 --- a/app/models/logged_out_user.rb +++ /dev/null @@ -1,7 +0,0 @@ -class LoggedOutUser - - FALSE_METHODS = [:is_logged_in?] - - FALSE_METHODS.each { |method| define_method(method, -> { false }) } - -end