allow anonymous users to GET api routes (#842)

* make map methods use ActiveRecord relations so they don't error on pundit

* test for logged out maps GET api

* open up GET routes on maps/topics/synapses and update api docs

app/models/map.rb

@@ -41,11 +41,11 @@ class Map < ApplicationRecord
   end
 
   def contributors
-    mappings.map(&:user).uniq
+    User.where(id: mappings.map(&:user_id).uniq)
   end
 
   def editors
-    collaborators + [user]
+    User.where(id: user_id).or(User.where(id: collaborators))
   end
 
   def topic_count
@@ -87,7 +87,7 @@ class Map < ApplicationRecord
   end
 
   def starred_by_user?(user)
-    user.stars.where(map: self).exists?
+    user&.stars&.where(map: self)&.exists? || false # return false, not nil
   end
 
   def as_json(_options = {})
@@ -114,9 +114,8 @@ class Map < ApplicationRecord
 
   def add_new_collaborators(user_ids)
     users = User.where(id: user_ids)
-    current_collaborators = collaborators + [user]
     added = users.map do |new_user|
-      next nil if current_collaborators.include?(new_user)
+      next nil if editors.include?(new_user)
       UserMap.create(user_id: new_user.id, map_id: id)
       new_user.id
     end
@@ -124,8 +123,7 @@ class Map < ApplicationRecord
   end
 
   def remove_old_collaborators(user_ids)
-    current_collaborators = collaborators + [user]
-    removed = current_collaborators.map(&:id).map do |old_user_id|
+    removed = editors.map(&:id).map do |old_user_id|
       next nil if user_ids.include?(old_user_id)
       user_maps.where(user_id: old_user_id).find_each(&:destroy)
       access_requests.where(user_id: old_user_id).find_each(&:destroy)

app/policies/topic_policy.rb

@@ -12,7 +12,7 @@ class TopicPolicy < ApplicationPolicy
   end
 
   def index?
-    user.present?
+    true
   end
 
   def create?

doc/api/apis/maps.raml

@@ -1,6 +1,7 @@
 #type: collection
 get:
   is: [ searchable: { searchFields: "name, desc" }, embeddable: { embedFields: "user,topics,synapses,mappings,contributors,collaborators" }, orderable, pageable ]
+  securedBy: [ null, cookie, token, oauth_2_0 ]
   responses:
     200:
       body:
@@ -31,6 +32,7 @@ post:
   #type: item
   get:
     is: [ embeddable: { embedFields: "user,topics,synapses,mappings,contributors,collaborators" } ]
+    securedBy: [ null, cookie, token, oauth_2_0 ]
     responses:
       200:
         body:

doc/api/apis/synapses.raml

@@ -1,6 +1,7 @@
 #type: collection
 get:
   is: [ searchable: { searchFields: "desc" }, embeddable: { embedFields: "topic1,topic2,user" }, orderable, pageable ]
+  securedBy: [ null, cookie, token, oauth_2_0 ]
   responses:
     200:
       body:
@@ -33,6 +34,7 @@ post:
   #type: item
   get:
     is: [ embeddable: { embedFields: "topic1,topic2,user" } ]
+    securedBy: [ null, cookie, token, oauth_2_0 ]
     responses:
       200:
         body:

doc/api/apis/topics.raml

@@ -1,6 +1,7 @@
 #type: collection
 get:
   is: [ searchable: { searchFields: "name, desc, link" }, embeddable: { embedFields: "user,metacode" }, orderable, pageable ]
+  securedBy: [ null, cookie, token, oauth_2_0 ]
   responses:
     200:
       body:
@@ -30,6 +31,7 @@ post:
   #type: item
   get:
     is: [ embeddable: { embedFields: "user,metacode" } ]
+    securedBy: [ null, cookie, token, oauth_2_0 ]
     responses:
       200:
         body:

spec/api/v2/maps_api_spec.rb

@@ -8,7 +8,7 @@ RSpec.describe 'maps API', type: :request do
 
   it 'GET /api/v2/maps' do
     create_list(:map, 5)
-    get '/api/v2/maps', params: { access_token: token }
+    get '/api/v2/maps'
 
     expect(response).to have_http_status(:success)
     expect(response).to match_json_schema(:maps)
@@ -16,13 +16,13 @@ RSpec.describe 'maps API', type: :request do
   end
 
   it 'GET /api/v2/maps/:id' do
-    get "/api/v2/maps/#{map.id}", params: { access_token: token }
+    get "/api/v2/maps/#{map.id}"
 
     expect(response).to have_http_status(:success)
     expect(response).to match_json_schema(:map)
     expect(JSON.parse(response.body)['data']['id']).to eq map.id
   end
-
+  
   it 'POST /api/v2/maps' do
     post '/api/v2/maps', params: { map: map.attributes, access_token: token }
 

spec/api/v2/synapses_api_spec.rb

@@ -8,7 +8,7 @@ RSpec.describe 'synapses API', type: :request do
 
   it 'GET /api/v2/synapses' do
     create_list(:synapse, 5)
-    get '/api/v2/synapses', params: { access_token: token }
+    get '/api/v2/synapses'
 
     expect(response).to have_http_status(:success)
     expect(response).to match_json_schema(:synapses)

spec/api/v2/topics_api_spec.rb

@@ -8,7 +8,7 @@ RSpec.describe 'topics API', type: :request do
 
   it 'GET /api/v2/topics' do
     create_list(:topic, 5)
-    get '/api/v2/topics', params: { access_token: token }
+    get '/api/v2/topics'
 
     expect(response).to have_http_status(:success)
     expect(response).to match_json_schema(:topics)
@@ -16,7 +16,7 @@ RSpec.describe 'topics API', type: :request do
   end
 
   it 'GET /api/v2/topics/:id' do
-    get "/api/v2/topics/#{topic.id}", params: { access_token: token }
+    get "/api/v2/topics/#{topic.id}"
 
 
     expect(response).to have_http_status(:success)