strip down admin endpoints to just json

Gemfile

@@ -38,7 +38,7 @@ gem 'uglifier'
 
 group :test do
   gem 'brakeman', require: false
-  gem 'factory_bot_rails'
+  gem 'factory_girl_rails'
   gem 'json-schema'
   gem 'rspec-rails'
   gem 'shoulda-matchers'

Gemfile.lock

@@ -105,10 +105,10 @@ GEM
       actionmailer (>= 4.0, < 6)
       activesupport (>= 4.0, < 6)
     execjs (2.7.0)
-    factory_bot (4.8.2)
+    factory_girl (4.8.0)
       activesupport (>= 3.0.0)
-    factory_bot_rails (4.8.2)
-      factory_bot (~> 4.8.2)
+    factory_girl_rails (4.8.0)
+      factory_girl (~> 4.8.0)
       railties (>= 3.0.0)
     faker (1.8.4)
       i18n (~> 0.5)
@@ -311,7 +311,7 @@ DEPENDENCIES
   doorkeeper
   dotenv-rails
   exception_notification
-  factory_bot_rails
+  factory_girl_rails
   faker
   httparty
   jquery-rails

app/controllers/access_controller.rb

@@ -62,7 +62,6 @@ class AccessController < ApplicationController
     request = AccessRequest.find(params[:request_id])
     request.approve
     respond_to do |format|
-      format.js
       format.json do
         head :ok
       end
@@ -74,7 +73,6 @@ class AccessController < ApplicationController
     request = AccessRequest.find(params[:request_id])
     request.deny
     respond_to do |format|
-      format.js
       format.json do
         head :ok
       end

app/controllers/application_controller.rb

@@ -5,7 +5,6 @@ class ApplicationController < ActionController::Base
   include Pundit
   include PunditExtra
   rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
-  protect_from_forgery(with: :exception)
 
   before_action :invite_link
   before_action :prepare_exception_notifier
@@ -23,14 +22,7 @@ class ApplicationController < ActionController::Base
   helper_method :admin?
 
   def handle_unauthorized
-    if authenticated? && (params[:controller] == 'maps') && (params[:action] == 'show')
-      redirect_to request_access_map_path(params[:id])
-    elsif authenticated?
-      redirect_to root_path, notice: "You don't have permission to see that page."
-    else
-      store_location_for(resource, request.fullpath)
-      redirect_to sign_in_path, notice: 'Try signing in to do that.'
-    end
+    head :forbidden
   end
 
   private
@@ -41,19 +33,19 @@ class ApplicationController < ActionController::Base
 
   def require_no_user
     return true unless authenticated?
-    redirect_to edit_user_path(user), notice: 'You must be logged out.'
+    head :forbidden
     false
   end
 
   def require_user
     return true if authenticated?
-    redirect_to sign_in_path, notice: 'You must be logged in.'
+    head :forbidden
     false
   end
 
   def require_admin
     return true if authenticated? && admin?
-    redirect_to root_url, notice: 'You need to be an admin for that.'
+    head :forbidden
     false
   end
 

app/controllers/metacode_sets_controller.rb

@@ -1,124 +1,68 @@
 # frozen_string_literal: true
 
 class MetacodeSetsController < ApplicationController
-  before_action :require_admin
+  include MetacodesHelper
+  before_action :require_admin, except: :index
 
   # GET /metacode_sets
-  # GET /metacode_sets.json
   def index
     @metacode_sets = MetacodeSet.order('name').all
-
-    respond_to do |format|
-      format.html # index.html.erb
-      format.json { render json: @metacode_sets }
-    end
-  end
-
-  ### SHOW IS NOT CURRENTLY IN USE
-  # GET /metacode_sets/1
-  # GET /metacode_sets/1.json
-  #  def show
-  #    @metacode_set = MetacodeSet.find(params[:id])
-  #
-  #    respond_to do |format|
-  #      format.html # show.html.erb
-  #      format.json { render json: @metacode_set }
-  #    end
-  #  end
-
-  # GET /metacode_sets/new
-  # GET /metacode_sets/new.json
-  def new
-    @metacode_set = MetacodeSet.new
-
-    respond_to do |format|
-      format.html # new.html.erb
-      format.json { render json: @metacode_set }
-    end
-  end
-
-  # GET /metacode_sets/1/edit
-  def edit
-    @metacode_set = MetacodeSet.find(params[:id])
+    render json: metacode_sets_json
   end
 
   # POST /metacode_sets
-  # POST /metacode_sets.json
   def create
     @user = current_user
     @metacode_set = MetacodeSet.new(metacode_set_params)
     @metacode_set.user_id = @user.id
-
-    respond_to do |format|
-      if @metacode_set.save
-        # create the InMetacodeSet for all the metacodes that were selected for the set
-        @metacodes = params[:metacodes][:value].split(',')
-        @metacodes.each do |m|
-          InMetacodeSet.create(metacode_id: m, metacode_set_id: @metacode_set.id)
-        end
-        format.html do
-          redirect_to metacode_sets_url,
-                      notice: 'Metacode set was successfully created.'
-        end
-        format.json do
-          render json: @metacode_set, status: :created, location: metacode_sets_url
-        end
-      else
-        format.html { render action: 'new' }
-        format.json { render json: @metacode_set.errors, status: :unprocessable_entity }
+    if @metacode_set.save
+      # create the InMetacodeSet for all the metacodes that were selected for the set
+      @metacodes = params[:metacodes][:value].split(',')
+      @metacodes.each do |m|
+        InMetacodeSet.create(metacode_id: m, metacode_set_id: @metacode_set.id)
       end
+      render json: @metacode_set, status: :created
+    else
+      render json: @metacode_set.errors, status: :unprocessable_entity
     end
   end
 
   # PUT /metacode_sets/1
-  # PUT /metacode_sets/1.json
   def update
     @metacode_set = MetacodeSet.find(params[:id])
+    if @metacode_set.update_attributes(metacode_set_params)
 
-    respond_to do |format|
-      if @metacode_set.update_attributes(metacode_set_params)
+      # build an array of the IDs of the metacodes currently in the set
+      current_metacodes = @metacode_set.metacodes.map { |m| m.id.to_s }
+      # get the list of desired metacodes for the set from the user input and build an array out of it
+      new_metacodes = params[:metacodes][:value].split(',')
 
-        # build an array of the IDs of the metacodes currently in the set
-        current_metacodes = @metacode_set.metacodes.map { |m| m.id.to_s }
-        # get the list of desired metacodes for the set from the user input and build an array out of it
-        new_metacodes = params[:metacodes][:value].split(',')
-
-        # remove the metacodes that were in it, but now aren't
-        removed_metacodes = current_metacodes - new_metacodes
-        removed_metacodes.each do |m|
-          inmetacodeset = InMetacodeSet.find_by(metacode_id: m, metacode_set_id: @metacode_set.id)
-          inmetacodeset.destroy
-        end
-
-        # add the new metacodes
-        added_metacodes = new_metacodes - current_metacodes
-        added_metacodes.each do |m|
-          InMetacodeSet.create(metacode_id: m, metacode_set_id: @metacode_set.id)
-        end
-
-        format.html { redirect_to metacode_sets_url, notice: 'Metacode set was successfully updated.' }
-        format.json { head :no_content }
-      else
-        format.html { render action: 'edit' }
-        format.json { render json: @metacode_set.errors, status: :unprocessable_entity }
+      # remove the metacodes that were in it, but now aren't
+      removed_metacodes = current_metacodes - new_metacodes
+      removed_metacodes.each do |m|
+        inmetacodeset = InMetacodeSet.find_by(metacode_id: m, metacode_set_id: @metacode_set.id)
+        inmetacodeset.destroy
       end
+
+      # add the new metacodes
+      added_metacodes = new_metacodes - current_metacodes
+      added_metacodes.each do |m|
+        InMetacodeSet.create(metacode_id: m, metacode_set_id: @metacode_set.id)
+      end
+
+      head :no_content
+    else
+      render json: @metacode_set.errors, status: :unprocessable_entity
     end
   end
 
   # DELETE /metacode_sets/1
-  # DELETE /metacode_sets/1.json
   def destroy
     @metacode_set = MetacodeSet.find(params[:id])
-
     # delete everything that tracks what's in the set
     @metacode_set.in_metacode_sets.each(&:destroy)
-
     @metacode_set.destroy
-
-    respond_to do |format|
-      format.html { redirect_to metacode_sets_url }
-      format.json { head :no_content }
-    end
+    head :no_content
   end
 
   private

app/controllers/metacodes_controller.rb

@@ -2,76 +2,39 @@
 
 class MetacodesController < ApplicationController
   before_action :require_admin, except: %i[index show]
-  before_action :set_metacode, only: %i[edit update]
+  before_action :set_metacode, only: %i[update]
 
   # GET /metacodes
-  # GET /metacodes.json
   def index
     @metacodes = Metacode.order('name').all
-
-    respond_to do |format|
-      format.html do
-        return unless require_admin
-        render :index
-      end
-      format.json { render json: @metacodes }
-    end
+    render json: @metacodes
   end
 
-  # GET /metacodes/1.json
-  # GET /metacodes/Action.json
-  # GET /metacodes/action.json
+  # GET /metacodes/1
+  # GET /metacodes/Action
+  # GET /metacodes/action
   def show
     @metacode = Metacode.where('DOWNCASE(name) = ?', downcase(params[:name])).first if params[:name]
     set_metacode unless @metacode
-
-    respond_to do |format|
-      format.json { render json: @metacode }
-    end
-  end
-
-  # GET /metacodes/new
-  # GET /metacodes/new.json
-  def new
-    @metacode = Metacode.new
-
-    respond_to do |format|
-      format.html
-      format.json { render json: @metacode }
-    end
-  end
-
-  # GET /metacodes/1/edit
-  def edit
+    render json: @metacode
   end
 
   # POST /metacodes
-  # POST /metacodes.json
   def create
     @metacode = Metacode.new(metacode_params)
-
-    respond_to do |format|
-      if @metacode.save
-        format.html { redirect_to metacodes_url, notice: 'Metacode was successfully created.' }
-        format.json { render json: @metacode, status: :created, location: metacodes_url }
-      else
-        format.html { render :new }
-        format.json { render json: @metacode.errors, status: :unprocessable_entity }
-      end
+    if @metacode.save
+      render json: @metacode, status: :created
+    else
+      render json: @metacode.errors, status: :unprocessable_entity
     end
   end
 
   # PUT /metacodes/1
-  # PUT /metacodes/1.json
   def update
-    respond_to do |format|
-      if @metacode.update(metacode_params)
-        format.html { redirect_to metacodes_url, notice: 'Metacode was successfully updated.' }
-        format.json { head :no_content }
-      else
-        format.html { render :edit }
-        format.json { render json: @metacode.errors, status: :unprocessable_entity }
-      end
+    if @metacode.update(metacode_params)
+      head :no_content
+    else
+      render json: @metacode.errors, status: :unprocessable_entity
     end
   end
 

app/controllers/users_controller.rb

@@ -5,6 +5,23 @@ class UsersController < ApplicationController
 
   respond_to :html, :json
 
+  # GET /users/current
+  def current
+    if current_user
+      # these are just options, saying include these values, they aren't the values themselves
+      render json: current_user.to_json({
+        follows: true,
+        email: true,
+        follow_settings: true,
+        emails_allowed: true,
+        inviteCode: true,
+        unread_notifications_count: user_unread_notifications_count
+      })
+    else
+      render json: nil
+    end
+  end
+
   # GET /users/1.json
   def show
     @user = User.find(params[:id])
@@ -42,7 +59,7 @@ class UsersController < ApplicationController
       correct_pass = @user.valid_password?(params[:current_password])
 
       if correct_pass && @user.update_attributes(user_params)
-        update_follow_settings(@user, params[:settings])
+        update_follow_settings(@user, params[:settings]) if is_tester(@user)
         @user.image = nil if params[:remove_image] == '1'
         @user.save
         sign_in(@user, bypass: true)

app/helpers/application_helper.rb

@@ -5,7 +5,7 @@ module ApplicationHelper
     "#{request.base_url}/join" + (current_user ? "?code=#{current_user.code}" : '')
   end
 
-  def user_unread_notification_count
+  def user_unread_notifications_count
     return 0 if current_user.nil?
     @uunc ||= current_user.mailboxer_notification_receipts.reduce(0) do |total, receipt|
       receipt.is_read ? total : total + 1

app/helpers/metacodes_helper.rb

@@ -52,27 +52,30 @@ module MetacodesHelper
 
   def metacode_sets_json
     metacode_sets = []
-    metacode_sets << {
-      name: 'Recently Used',
-      metacodes: user_recent_metacodes
-                     .map { |m| { id: m.id, icon_path: asset_path(m.icon), name: m.name } }
-    }
-    metacode_sets << {
-      name: 'Most Used',
-      metacodes: user_most_used_metacodes
-                     .map { |m| { id: m.id, icon_path: asset_path(m.icon), name: m.name } }
-    }
+    if current_user
+      metacode_sets << {
+        name: 'Recently Used',
+        description: 'Your recently used metacodes',
+        metacodes: user_recent_metacodes.map { |m| m.id }
+      }
+      metacode_sets << {
+        name: 'Most Used',
+        description: 'Your most used metacodes',
+        metacodes: user_most_used_metacodes.map { |m| m.id }
+      }
+    end
     metacode_sets += MetacodeSet.order('name').all.map do |set|
       {
+        id: set.id,
         name: set.name,
-        metacodes: set.metacodes.order('name')
-                      .map { |m| { id: m.id, icon_path: asset_path(m.icon), name: m.name } }
+        desc: set.desc,
+        metacodes: set.metacodes.order('name').map { |m| m.id }
       }
     end
     metacode_sets << {
       name: 'All',
-      metacodes: Metacode.order('name').all
-                         .map { |m| { id: m.id, icon_path: asset_path(m.icon), name: m.name } }
+      desc: 'A list of all the metacodes',
+      metacodes: Metacode.order('name').all.map { |m| m.id }
     }
     metacode_sets.to_json
   end

app/models/user.rb

@@ -70,6 +70,8 @@ class User < ApplicationRecord
       json['follow_map_on_contributed'] = settings.follow_map_on_contributed == '1'
     end
     json['email'] = email if options[:email]
+    json['invite_code'] = code if options[:inviteCode]
+    json['unread_notifications_count'] = options[:unread_notifications_count] if not options[:unread_notifications_count].nil?
     json
   end
 

app/views/access/approve_access_post.js.erb

@@ -1 +0,0 @@
-$('.main-text').text($('.requesterName').text() + ' has been shared on the map and notified.')

app/views/access/deny_access_post.js.erb

@@ -1 +0,0 @@
-$('.main-text').text('Fair enough.')

app/views/layouts/_foot.html.erb

@@ -1,6 +1,6 @@
 <div id="loading"></div>
 <script type="text/javascript">
-  Metamaps.ServerData.unreadNotificationsCount = <%= current_user ? user_unread_notification_count : 0 %>
+  Metamaps.ServerData.unreadNotificationsCount = <%= current_user ? user_unread_notifications_count : 0 %>
   Metamaps.ServerData.mapIsStarred = <%= current_user && @map && current_user.starred_map?(@map) ? true : false %>
   Metamaps.ServerData.mobileTitle = "<%= yield(:mobile_title) %>"
   Metamaps.ServerData.ActiveMapper = <%= current_user ? current_user.to_json({follows: true, email: true, follow_settings: true}).html_safe : nil %>

config/environments/development.rb

@@ -6,6 +6,10 @@ Rails.application.configure do
   config.log_level = :info
   config.eager_load = false
 
+  config.action_cable.allowed_request_origins = [
+    'http://localhost:3000'
+  ]
+
   # In the development environment your application's code is reloaded on
   # every request. This slows down response time but is perfect for development
   # since you don't have to restart the web server when you make code changes.

config/environments/production.rb

@@ -5,7 +5,7 @@ Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb
 
   config.action_cable.allowed_request_origins = [
-    'https://metamaps.herokuapp.com', 'http://metamaps.herokuapp.com', 'https://metamaps.cc'
+    'https://metamaps.herokuapp.com', 'https://metamaps.cc'
   ]
 
   # log to stdout

config/routes.rb

@@ -15,7 +15,6 @@ Metamaps::Application.routes.draw do
     get 'starred'
     get 'mapper/:id', action: 'mapper'
   end
-  get :explore, to: redirect('/')
 
   resources :maps, except: %i[index edit] do
     member do
@@ -70,7 +69,7 @@ Metamaps::Application.routes.draw do
 
   resources :metacode_sets, except: [:show]
 
-  resources :metacodes, except: [:destroy]
+  resources :metacodes, except: [:new, :edit, :destroy]
   get 'metacodes/:name', to: 'metacodes#show'
 
   namespace :search do
@@ -112,6 +111,9 @@ Metamaps::Application.routes.draw do
   end
 
   resources :users, except: %i[index destroy] do
+    collection do
+      get :current
+    end
     member do
       get :details
     end

doc/RspecTesting.md

@@ -26,13 +26,13 @@ At the time of writing, there are four directories in the spec folder. One,
 `support`, is for helper functions. `rails_helper.rb` and `spec_helper.rb` are
 also for helper functions.
 
-`factories` is for a gem called [factory-bot][factory_bot]. This gem lets you
+`factories` is for a gem called [factory-girl][factory-girl]. This gem lets you
 use the `create` and `build` functions to quickly create the simplest possible
 valid version of a given model. For instance:
 
     let(:map1) { create :map }
-    let(:alex) { create :user, name: "Alex" }
-    let(:map2) { create :map, user: alex }
+    let(:ronald) { create :user, name: "Ronald" }
+    let(:map2) { create :map, user: ronald }
 
 As you can see, you can also customize the factories. You can read the full
 documentation at the link above or check the existing specs to see how it works.
@@ -53,5 +53,5 @@ the added code works. This will help in a few ways:
 
 Happy testing!
 
-[factory-bot]: https://github.com/thoughtbot/factory_bot
+[factory-girl]: https://github.com/thoughtbot/factory_girl
 [rspec-docs]: http://rspec.info

spec/factories/access_requests.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-FactoryBot.define do
+FactoryGirl.define do
   factory :access_request do
     map
     user

spec/factories/mappings.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-FactoryBot.define do
+FactoryGirl.define do
   factory :mapping do
     xloc 0
     yloc 0

spec/factories/maps.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-FactoryBot.define do
+FactoryGirl.define do
   factory :map do
     sequence(:name) { |n| "Cool Map ##{n}" }
     permission :commons

spec/factories/message.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-FactoryBot.define do
+FactoryGirl.define do
   factory :message do
     association :resource, factory: :map
     user

spec/factories/metacodes.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-FactoryBot.define do
+FactoryGirl.define do
   factory :metacode do
     sequence(:name) { |n| "Cool Metacode ##{n}" }
     manual_icon 'https://images.com/image.png'

spec/factories/stars.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-FactoryBot.define do
+FactoryGirl.define do
   factory :star do
   end
 end

spec/factories/synapses.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-FactoryBot.define do
+FactoryGirl.define do
   factory :synapse do
     sequence(:desc) { |n| "Cool synapse ##{n}" }
     category :'from-to'

spec/factories/tokens.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-FactoryBot.define do
+FactoryGirl.define do
   factory :token do
     user
     description ''

spec/factories/topics.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-FactoryBot.define do
+FactoryGirl.define do
   factory :topic do
     user
     association :updated_by, factory: :user

spec/factories/user_maps.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-FactoryBot.define do
+FactoryGirl.define do
   factory :user_map do
     map
     user

spec/factories/users.rb

@@ -10,7 +10,7 @@
 # have actual codes, you'll need to specify one simple_user and then you
 # can specify other :code_user users based on the pre-existing user's code.
 
-FactoryBot.define do
+FactoryGirl.define do
   factory :code_user, class: User do
     sequence(:name) { |n| "Cool User ##{n}" }
     sequence(:email) { |n| "cooluser#{n}@cooldomain.com" }

spec/support/factory_girl.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# lets you type create(:user) instead of FactoryBot.create(:user)
+# lets you type create(:user) instead of FactoryGirl.create(:user)
 RSpec.configure do |config|
-  config.include FactoryBot::Syntax::Methods
+  config.include FactoryGirl::Syntax::Methods
 end