strip down admin endpoints to just json

app/controllers/access_controller.rb

@@ -62,7 +62,6 @@ class AccessController < ApplicationController
     request = AccessRequest.find(params[:request_id])
     request.approve
     respond_to do |format|
-      format.js
       format.json do
         head :ok
       end
@@ -74,7 +73,6 @@ class AccessController < ApplicationController
     request = AccessRequest.find(params[:request_id])
     request.deny
     respond_to do |format|
-      format.js
       format.json do
         head :ok
       end

app/controllers/application_controller.rb

@@ -5,7 +5,6 @@ class ApplicationController < ActionController::Base
   include Pundit
   include PunditExtra
   rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
-  protect_from_forgery(with: :exception)
 
   before_action :invite_link
   before_action :prepare_exception_notifier
@@ -23,14 +22,7 @@ class ApplicationController < ActionController::Base
   helper_method :admin?
 
   def handle_unauthorized
-    if authenticated? && (params[:controller] == 'maps') && (params[:action] == 'show')
+    head :forbidden
-      redirect_to request_access_map_path(params[:id])
-    elsif authenticated?
-      redirect_to root_path, notice: "You don't have permission to see that page."
-    else
-      store_location_for(resource, request.fullpath)
-      redirect_to sign_in_path, notice: 'Try signing in to do that.'
-    end
   end
 
   private
@@ -41,19 +33,19 @@ class ApplicationController < ActionController::Base
 
   def require_no_user
     return true unless authenticated?
-    redirect_to edit_user_path(user), notice: 'You must be logged out.'
+    head :forbidden
     false
   end
 
   def require_user
     return true if authenticated?
-    redirect_to sign_in_path, notice: 'You must be logged in.'
+    head :forbidden
     false
   end
 
   def require_admin
     return true if authenticated? && admin?
-    redirect_to root_url, notice: 'You need to be an admin for that.'
+    head :forbidden
     false
   end
 

app/controllers/metacode_sets_controller.rb

@@ -1,124 +1,68 @@
 # frozen_string_literal: true
 
 class MetacodeSetsController < ApplicationController
-  before_action :require_admin
+  include MetacodesHelper
+  before_action :require_admin, except: :index
 
   # GET /metacode_sets
-  # GET /metacode_sets.json
   def index
     @metacode_sets = MetacodeSet.order('name').all
-
+    render json: metacode_sets_json
-    respond_to do |format|
-      format.html # index.html.erb
-      format.json { render json: @metacode_sets }
-    end
-  end
-
-  ### SHOW IS NOT CURRENTLY IN USE
-  # GET /metacode_sets/1
-  # GET /metacode_sets/1.json
-  #  def show
-  #    @metacode_set = MetacodeSet.find(params[:id])
-  #
-  #    respond_to do |format|
-  #      format.html # show.html.erb
-  #      format.json { render json: @metacode_set }
-  #    end
-  #  end
-
-  # GET /metacode_sets/new
-  # GET /metacode_sets/new.json
-  def new
-    @metacode_set = MetacodeSet.new
-
-    respond_to do |format|
-      format.html # new.html.erb
-      format.json { render json: @metacode_set }
-    end
-  end
-
-  # GET /metacode_sets/1/edit
-  def edit
-    @metacode_set = MetacodeSet.find(params[:id])
   end
 
   # POST /metacode_sets
-  # POST /metacode_sets.json
   def create
     @user = current_user
     @metacode_set = MetacodeSet.new(metacode_set_params)
     @metacode_set.user_id = @user.id
-
+    if @metacode_set.save
-    respond_to do |format|
+      # create the InMetacodeSet for all the metacodes that were selected for the set
-      if @metacode_set.save
+      @metacodes = params[:metacodes][:value].split(',')
-        # create the InMetacodeSet for all the metacodes that were selected for the set
+      @metacodes.each do |m|
-        @metacodes = params[:metacodes][:value].split(',')
+        InMetacodeSet.create(metacode_id: m, metacode_set_id: @metacode_set.id)
-        @metacodes.each do |m|
-          InMetacodeSet.create(metacode_id: m, metacode_set_id: @metacode_set.id)
-        end
-        format.html do
-          redirect_to metacode_sets_url,
-                      notice: 'Metacode set was successfully created.'
-        end
-        format.json do
-          render json: @metacode_set, status: :created, location: metacode_sets_url
-        end
-      else
-        format.html { render action: 'new' }
-        format.json { render json: @metacode_set.errors, status: :unprocessable_entity }
       end
+      render json: @metacode_set, status: :created
+    else
+      render json: @metacode_set.errors, status: :unprocessable_entity
     end
   end
 
   # PUT /metacode_sets/1
-  # PUT /metacode_sets/1.json
   def update
     @metacode_set = MetacodeSet.find(params[:id])
+    if @metacode_set.update_attributes(metacode_set_params)
 
-    respond_to do |format|
+      # build an array of the IDs of the metacodes currently in the set
-      if @metacode_set.update_attributes(metacode_set_params)
+      current_metacodes = @metacode_set.metacodes.map { |m| m.id.to_s }
+      # get the list of desired metacodes for the set from the user input and build an array out of it
+      new_metacodes = params[:metacodes][:value].split(',')
 
-        # build an array of the IDs of the metacodes currently in the set
+      # remove the metacodes that were in it, but now aren't
-        current_metacodes = @metacode_set.metacodes.map { |m| m.id.to_s }
+      removed_metacodes = current_metacodes - new_metacodes
-        # get the list of desired metacodes for the set from the user input and build an array out of it
+      removed_metacodes.each do |m|
-        new_metacodes = params[:metacodes][:value].split(',')
+        inmetacodeset = InMetacodeSet.find_by(metacode_id: m, metacode_set_id: @metacode_set.id)
-
+        inmetacodeset.destroy
-        # remove the metacodes that were in it, but now aren't
-        removed_metacodes = current_metacodes - new_metacodes
-        removed_metacodes.each do |m|
-          inmetacodeset = InMetacodeSet.find_by(metacode_id: m, metacode_set_id: @metacode_set.id)
-          inmetacodeset.destroy
-        end
-
-        # add the new metacodes
-        added_metacodes = new_metacodes - current_metacodes
-        added_metacodes.each do |m|
-          InMetacodeSet.create(metacode_id: m, metacode_set_id: @metacode_set.id)
-        end
-
-        format.html { redirect_to metacode_sets_url, notice: 'Metacode set was successfully updated.' }
-        format.json { head :no_content }
-      else
-        format.html { render action: 'edit' }
-        format.json { render json: @metacode_set.errors, status: :unprocessable_entity }
       end
+
+      # add the new metacodes
+      added_metacodes = new_metacodes - current_metacodes
+      added_metacodes.each do |m|
+        InMetacodeSet.create(metacode_id: m, metacode_set_id: @metacode_set.id)
+      end
+
+      head :no_content
+    else
+      render json: @metacode_set.errors, status: :unprocessable_entity
     end
   end
 
   # DELETE /metacode_sets/1
-  # DELETE /metacode_sets/1.json
   def destroy
     @metacode_set = MetacodeSet.find(params[:id])
-
     # delete everything that tracks what's in the set
     @metacode_set.in_metacode_sets.each(&:destroy)
-
     @metacode_set.destroy
-
+    head :no_content
-    respond_to do |format|
-      format.html { redirect_to metacode_sets_url }
-      format.json { head :no_content }
-    end
   end
 
   private

app/controllers/metacodes_controller.rb

@@ -2,76 +2,39 @@
 
 class MetacodesController < ApplicationController
   before_action :require_admin, except: %i[index show]
-  before_action :set_metacode, only: %i[edit update]
+  before_action :set_metacode, only: %i[update]
 
   # GET /metacodes
-  # GET /metacodes.json
   def index
     @metacodes = Metacode.order('name').all
-
+    render json: @metacodes
-    respond_to do |format|
-      format.html do
-        return unless require_admin
-        render :index
-      end
-      format.json { render json: @metacodes }
-    end
   end
 
-  # GET /metacodes/1.json
+  # GET /metacodes/1
-  # GET /metacodes/Action.json
+  # GET /metacodes/Action
-  # GET /metacodes/action.json
+  # GET /metacodes/action
   def show
     @metacode = Metacode.where('DOWNCASE(name) = ?', downcase(params[:name])).first if params[:name]
     set_metacode unless @metacode
-
+    render json: @metacode
-    respond_to do |format|
-      format.json { render json: @metacode }
-    end
-  end
-
-  # GET /metacodes/new
-  # GET /metacodes/new.json
-  def new
-    @metacode = Metacode.new
-
-    respond_to do |format|
-      format.html
-      format.json { render json: @metacode }
-    end
-  end
-
-  # GET /metacodes/1/edit
-  def edit
   end
 
   # POST /metacodes
-  # POST /metacodes.json
   def create
     @metacode = Metacode.new(metacode_params)
-
+    if @metacode.save
-    respond_to do |format|
+      render json: @metacode, status: :created
-      if @metacode.save
+    else
-        format.html { redirect_to metacodes_url, notice: 'Metacode was successfully created.' }
+      render json: @metacode.errors, status: :unprocessable_entity
-        format.json { render json: @metacode, status: :created, location: metacodes_url }
-      else
-        format.html { render :new }
-        format.json { render json: @metacode.errors, status: :unprocessable_entity }
-      end
     end
   end
 
   # PUT /metacodes/1
-  # PUT /metacodes/1.json
   def update
-    respond_to do |format|
+    if @metacode.update(metacode_params)
-      if @metacode.update(metacode_params)
+      head :no_content
-        format.html { redirect_to metacodes_url, notice: 'Metacode was successfully updated.' }
+    else
-        format.json { head :no_content }
+      render json: @metacode.errors, status: :unprocessable_entity
-      else
-        format.html { render :edit }
-        format.json { render json: @metacode.errors, status: :unprocessable_entity }
-      end
     end
   end
 

app/controllers/users_controller.rb

@@ -5,6 +5,23 @@ class UsersController < ApplicationController
 
   respond_to :html, :json
 
+  # GET /users/current
+  def current
+    if current_user
+      # these are just options, saying include these values, they aren't the values themselves
+      render json: current_user.to_json({
+        follows: true,
+        email: true,
+        follow_settings: true,
+        emails_allowed: true,
+        inviteCode: true,
+        unread_notifications_count: user_unread_notifications_count
+      })
+    else
+      render json: nil
+    end
+  end
+
   # GET /users/1.json
   def show
     @user = User.find(params[:id])

app/helpers/application_helper.rb

@@ -5,7 +5,7 @@ module ApplicationHelper
     "#{request.base_url}/join" + (current_user ? "?code=#{current_user.code}" : '')
   end
 
-  def user_unread_notification_count
+  def user_unread_notifications_count
     return 0 if current_user.nil?
     @uunc ||= current_user.mailboxer_notification_receipts.reduce(0) do |total, receipt|
       receipt.is_read ? total : total + 1

app/helpers/metacodes_helper.rb

@@ -52,27 +52,30 @@ module MetacodesHelper
 
   def metacode_sets_json
     metacode_sets = []
-    metacode_sets << {
+    if current_user
-      name: 'Recently Used',
+      metacode_sets << {
-      metacodes: user_recent_metacodes
+        name: 'Recently Used',
-                     .map { |m| { id: m.id, icon_path: asset_path(m.icon), name: m.name } }
+        description: 'Your recently used metacodes',
-    }
+        metacodes: user_recent_metacodes.map { |m| m.id }
-    metacode_sets << {
+      }
-      name: 'Most Used',
+      metacode_sets << {
-      metacodes: user_most_used_metacodes
+        name: 'Most Used',
-                     .map { |m| { id: m.id, icon_path: asset_path(m.icon), name: m.name } }
+        description: 'Your most used metacodes',
-    }
+        metacodes: user_most_used_metacodes.map { |m| m.id }
+      }
+    end
     metacode_sets += MetacodeSet.order('name').all.map do |set|
       {
+        id: set.id,
         name: set.name,
-        metacodes: set.metacodes.order('name')
+        desc: set.desc,
-                      .map { |m| { id: m.id, icon_path: asset_path(m.icon), name: m.name } }
+        metacodes: set.metacodes.order('name').map { |m| m.id }
       }
     end
     metacode_sets << {
       name: 'All',
-      metacodes: Metacode.order('name').all
+      desc: 'A list of all the metacodes',
-                         .map { |m| { id: m.id, icon_path: asset_path(m.icon), name: m.name } }
+      metacodes: Metacode.order('name').all.map { |m| m.id }
     }
     metacode_sets.to_json
   end

app/models/user.rb

@@ -70,6 +70,8 @@ class User < ApplicationRecord
       json['follow_map_on_contributed'] = settings.follow_map_on_contributed == '1'
     end
     json['email'] = email if options[:email]
+    json['invite_code'] = code if options[:inviteCode]
+    json['unread_notifications_count'] = options[:unread_notifications_count] if not options[:unread_notifications_count].nil?
     json
   end
 

app/views/access/approve_access_post.js.erb

@@ -1 +0,0 @@
-$('.main-text').text($('.requesterName').text() + ' has been shared on the map and notified.')

app/views/access/deny_access_post.js.erb

@@ -1 +0,0 @@
-$('.main-text').text('Fair enough.')

app/views/layouts/_foot.html.erb

@@ -1,6 +1,6 @@
 <div id="loading"></div>
 <script type="text/javascript">
-  Metamaps.ServerData.unreadNotificationsCount = <%= current_user ? user_unread_notification_count : 0 %>
+  Metamaps.ServerData.unreadNotificationsCount = <%= current_user ? user_unread_notifications_count : 0 %>
   Metamaps.ServerData.mapIsStarred = <%= current_user && @map && current_user.starred_map?(@map) ? true : false %>
   Metamaps.ServerData.mobileTitle = "<%= yield(:mobile_title) %>"
   Metamaps.ServerData.ActiveMapper = <%= current_user ? current_user.to_json({follows: true, email: true, follow_settings: true}).html_safe : nil %>

config/environments/development.rb

@@ -6,6 +6,10 @@ Rails.application.configure do
   config.log_level = :info
   config.eager_load = false
 
+  config.action_cable.allowed_request_origins = [
+    'http://localhost:3000'
+  ]
+
   # In the development environment your application's code is reloaded on
   # every request. This slows down response time but is perfect for development
   # since you don't have to restart the web server when you make code changes.

config/environments/production.rb

@@ -5,7 +5,7 @@ Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb
 
   config.action_cable.allowed_request_origins = [
-    'https://metamaps.herokuapp.com', 'http://metamaps.herokuapp.com', 'https://metamaps.cc'
+    'https://metamaps.herokuapp.com', 'https://metamaps.cc'
   ]
 
   # log to stdout

config/routes.rb

@@ -15,7 +15,6 @@ Metamaps::Application.routes.draw do
     get 'starred'
     get 'mapper/:id', action: 'mapper'
   end
-  get :explore, to: redirect('/')
 
   resources :maps, except: %i[index edit] do
     member do
@@ -70,7 +69,7 @@ Metamaps::Application.routes.draw do
 
   resources :metacode_sets, except: [:show]
 
-  resources :metacodes, except: [:destroy]
+  resources :metacodes, except: [:new, :edit, :destroy]
   get 'metacodes/:name', to: 'metacodes#show'
 
   namespace :search do
@@ -112,6 +111,9 @@ Metamaps::Application.routes.draw do
   end
 
   resources :users, except: %i[index destroy] do
+    collection do
+      get :current
+    end
     member do
       get :details
     end