reorder API authentication precedence to be: token, oauth, cookie (#860)

* reorder authentication to be: token, then oauth, then cookie

* all APIs but tokens are accessible anonymously (so add mappings to the list)

* fix mapping order

app/controllers/api/v2/restful_controller.rb

@@ -45,7 +45,7 @@ module Api
       end
 
       def current_user
-        token_user || super || doorkeeper_user || nil
+        token_user || doorkeeper_user || super
       end
 
       def load_resource

doc/api/api.raml

@@ -13,7 +13,7 @@ securitySchemes:
   cookie: !include securitySchemes/cookie.raml
   token: !include securitySchemes/token.raml
   oauth_2_0: !include securitySchemes/oauth_2_0.raml
-securedBy: [ cookie, token, oauth_2_0 ]
+securedBy: [ token, oauth_2_0, cookie ]
 
 traits:
   pageable: !include traits/pageable.raml

doc/api/apis/mappings.raml

@@ -1,6 +1,7 @@
 #type: collection
 get:
   is: [ embeddable: { embedFields: "user,map" }, orderable, pageable ]
+  securedBy: [ null, token, oauth_2_0, cookie ]
   responses:
     200:
       body:
@@ -31,6 +32,7 @@ post:
   #type: item
   get:
     is: [ embeddable: { embedFields: "user,map" } ]
+    securedBy: [ null, token, oauth_2_0, cookie ]
     responses:
       200:
         body:

doc/api/apis/maps.raml

@@ -1,7 +1,7 @@
 #type: collection
 get:
   is: [ searchable: { searchFields: "name, desc" }, embeddable: { embedFields: "user,topics,synapses,mappings,contributors,collaborators" }, orderable, pageable ]
-  securedBy: [ null, cookie, token, oauth_2_0 ]
+  securedBy: [ null, token, oauth_2_0, cookie ]
   responses:
     200:
       body:
@@ -32,7 +32,7 @@ post:
   #type: item
   get:
     is: [ embeddable: { embedFields: "user,topics,synapses,mappings,contributors,collaborators" } ]
-    securedBy: [ null, cookie, token, oauth_2_0 ]
+    securedBy: [ null, token, oauth_2_0, cookie ]
     responses:
       200:
         body:

doc/api/apis/metacodes.raml

@@ -1,15 +1,15 @@
 #type: collection
-securedBy: [ null, cookie, token, oauth_2_0 ]
 get:
   is: [ searchable: { searchFields: "name" }, orderable, pageable ]
+  securedBy: [ null, token, oauth_2_0, cookie ]
   responses:
     200:
       body:
         application/json:
           example: !include ../examples/metacodes.json
 /{id}:
-  securedBy: [ null, cookie, token, oauth_2_0 ]
   #type: item
+  securedBy: [ null, token, oauth_2_0, cookie ]
   get:
     responses:
       200:

doc/api/apis/synapses.raml

@@ -1,7 +1,7 @@
 #type: collection
 get:
   is: [ searchable: { searchFields: "desc" }, embeddable: { embedFields: "topic1,topic2,user" }, orderable, pageable ]
-  securedBy: [ null, cookie, token, oauth_2_0 ]
+  securedBy: [ null, token, oauth_2_0, cookie ]
   responses:
     200:
       body:
@@ -34,7 +34,7 @@ post:
   #type: item
   get:
     is: [ embeddable: { embedFields: "topic1,topic2,user" } ]
-    securedBy: [ null, cookie, token, oauth_2_0 ]
+    securedBy: [ null, token, oauth_2_0, cookie ]
     responses:
       200:
         body:

doc/api/apis/topics.raml

@@ -1,7 +1,7 @@
 #type: collection
 get:
   is: [ searchable: { searchFields: "name, desc, link" }, embeddable: { embedFields: "user,metacode" }, orderable, pageable ]
-  securedBy: [ null, cookie, token, oauth_2_0 ]
+  securedBy: [ null, token, oauth_2_0, cookie ]
   responses:
     200:
       body:
@@ -31,7 +31,7 @@ post:
   #type: item
   get:
     is: [ embeddable: { embedFields: "user,metacode" } ]
-    securedBy: [ null, cookie, token, oauth_2_0 ]
+    securedBy: [ null, token, oauth_2_0, cookie ]
     responses:
       200:
         body:

doc/api/apis/users.raml

@@ -1,7 +1,7 @@
 #type: collection
-securedBy: [ null, cookie, token, oauth_2_0 ]
 get:
   is: [ searchable: { searchFields: "name" }, orderable, pageable ]
+  securedBy: [ null, token, oauth_2_0, cookie ]
   responses:
     200:
       body:
@@ -9,7 +9,7 @@ get:
           example: !include ../examples/users.json
 /{id}:
   #type: item
-  securedBy: [ null, cookie, token, oauth_2_0 ]
+  securedBy: [ null, token, oauth_2_0, cookie ]
   get:
     responses:
       200: