strip down admin endpoints to just json

remove html format from controller and allow anyone access to index
change metacode set json
2018-03-09 15:54:30 -05:00 · 2018-03-08 18:32:56 -05:00 · 2018-03-08 17:12:24 -05:00 · 2018-03-08 12:08:21 -05:00 · 2018-03-08 09:47:15 -05:00 · 2018-03-06 06:24:51 -05:00
30 changed files with 9556 additions and 197 deletions
--- a/2
+++ b/2
@ -38,7 +38,7 @@ gem 'uglifier'
 group :test do
  gem 'brakeman', require: false
-  gem 'factory_bot_rails'
+  gem 'factory_girl_rails'
  gem 'json-schema'
  gem 'rspec-rails'
  gem 'shoulda-matchers'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -105,10 +105,10 @@ GEM
      actionmailer (>= 4.0, < 6)
      activesupport (>= 4.0, < 6)
    execjs (2.7.0)
-    factory_bot (4.8.2)
+    factory_girl (4.8.0)
      activesupport (>= 3.0.0)
-    factory_bot_rails (4.8.2)
+    factory_girl_rails (4.8.0)
-      factory_bot (~> 4.8.2)
+      factory_girl (~> 4.8.0)
      railties (>= 3.0.0)
    faker (1.8.4)
      i18n (~> 0.5)
@ -311,7 +311,7 @@ DEPENDENCIES
  doorkeeper
  dotenv-rails
  exception_notification
-  factory_bot_rails
+  factory_girl_rails
  faker
  httparty
  jquery-rails
--- a/app/controllers/access_controller.rb
+++ b/app/controllers/access_controller.rb
@ -62,7 +62,6 @@ class AccessController < ApplicationController
    request = AccessRequest.find(params[:request_id])
    request.approve
    respond_to do |format|
      format.js
      format.json do
        head :ok
      end
@ -74,7 +73,6 @@ class AccessController < ApplicationController
    request = AccessRequest.find(params[:request_id])
    request.deny
    respond_to do |format|
      format.js
      format.json do
        head :ok
      end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -5,7 +5,6 @@ class ApplicationController < ActionController::Base
  include Pundit
  include PunditExtra
  rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
  protect_from_forgery(with: :exception)
  before_action :invite_link
  before_action :prepare_exception_notifier
@ -23,14 +22,7 @@ class ApplicationController < ActionController::Base
  helper_method :admin?
  def handle_unauthorized
-    if authenticated? && (params[:controller] == 'maps') && (params[:action] == 'show')
+    head :forbidden
      redirect_to request_access_map_path(params[:id])
    elsif authenticated?
      redirect_to root_path, notice: "You don't have permission to see that page."
    else
      store_location_for(resource, request.fullpath)
      redirect_to sign_in_path, notice: 'Try signing in to do that.'
    end
  end
  private
@ -41,19 +33,19 @@ class ApplicationController < ActionController::Base
  def require_no_user
    return true unless authenticated?
-    redirect_to edit_user_path(user), notice: 'You must be logged out.'
+    head :forbidden
    false
  end
  def require_user
    return true if authenticated?
-    redirect_to sign_in_path, notice: 'You must be logged in.'
+    head :forbidden
    false
  end
  def require_admin
    return true if authenticated? && admin?
-    redirect_to root_url, notice: 'You need to be an admin for that.'
+    head :forbidden
    false
  end
--- a/app/controllers/metacode_sets_controller.rb
+++ b/app/controllers/metacode_sets_controller.rb
@ -1,81 +1,35 @@
 # frozen_string_literal: true
 class MetacodeSetsController < ApplicationController
-  before_action :require_admin
+  include MetacodesHelper
  before_action :require_admin, except: :index
  # GET /metacode_sets
  # GET /metacode_sets.json
  def index
    @metacode_sets = MetacodeSet.order('name').all
-
+    render json: metacode_sets_json
    respond_to do |format|
      format.html # index.html.erb
      format.json { render json: @metacode_sets }
    end
  end
  ### SHOW IS NOT CURRENTLY IN USE
  # GET /metacode_sets/1
  # GET /metacode_sets/1.json
  #  def show
  #    @metacode_set = MetacodeSet.find(params[:id])
  #
  #    respond_to do |format|
  #      format.html # show.html.erb
  #      format.json { render json: @metacode_set }
  #    end
  #  end
  # GET /metacode_sets/new
  # GET /metacode_sets/new.json
  def new
    @metacode_set = MetacodeSet.new
    respond_to do |format|
      format.html # new.html.erb
      format.json { render json: @metacode_set }
    end
  end
  # GET /metacode_sets/1/edit
  def edit
    @metacode_set = MetacodeSet.find(params[:id])
  end
  # POST /metacode_sets
  # POST /metacode_sets.json
  def create
    @user = current_user
    @metacode_set = MetacodeSet.new(metacode_set_params)
    @metacode_set.user_id = @user.id
    respond_to do |format|
    if @metacode_set.save
      # create the InMetacodeSet for all the metacodes that were selected for the set
      @metacodes = params[:metacodes][:value].split(',')
      @metacodes.each do |m|
        InMetacodeSet.create(metacode_id: m, metacode_set_id: @metacode_set.id)
      end
-        format.html do
+      render json: @metacode_set, status: :created
          redirect_to metacode_sets_url,
                      notice: 'Metacode set was successfully created.'
        end
        format.json do
          render json: @metacode_set, status: :created, location: metacode_sets_url
        end
    else
-        format.html { render action: 'new' }
+      render json: @metacode_set.errors, status: :unprocessable_entity
        format.json { render json: @metacode_set.errors, status: :unprocessable_entity }
      end
    end
  end
  # PUT /metacode_sets/1
  # PUT /metacode_sets/1.json
  def update
    @metacode_set = MetacodeSet.find(params[:id])
    respond_to do |format|
    if @metacode_set.update_attributes(metacode_set_params)
      # build an array of the IDs of the metacodes currently in the set
@ -96,29 +50,19 @@ class MetacodeSetsController < ApplicationController
        InMetacodeSet.create(metacode_id: m, metacode_set_id: @metacode_set.id)
      end
-        format.html { redirect_to metacode_sets_url, notice: 'Metacode set was successfully updated.' }
+      head :no_content
        format.json { head :no_content }
    else
-        format.html { render action: 'edit' }
+      render json: @metacode_set.errors, status: :unprocessable_entity
        format.json { render json: @metacode_set.errors, status: :unprocessable_entity }
      end
    end
  end
  # DELETE /metacode_sets/1
  # DELETE /metacode_sets/1.json
  def destroy
    @metacode_set = MetacodeSet.find(params[:id])
    # delete everything that tracks what's in the set
    @metacode_set.in_metacode_sets.each(&:destroy)
    @metacode_set.destroy
-
+    head :no_content
    respond_to do |format|
      format.html { redirect_to metacode_sets_url }
      format.json { head :no_content }
    end
  end
  private
--- a/app/controllers/metacodes_controller.rb
+++ b/app/controllers/metacodes_controller.rb
@ -2,76 +2,39 @@
 class MetacodesController < ApplicationController
  before_action :require_admin, except: %i[index show]
-  before_action :set_metacode, only: %i[edit update]
+  before_action :set_metacode, only: %i[update]
  # GET /metacodes
  # GET /metacodes.json
  def index
    @metacodes = Metacode.order('name').all
-
+    render json: @metacodes
    respond_to do |format|
      format.html do
        return unless require_admin
        render :index
      end
      format.json { render json: @metacodes }
    end
  end
-  # GET /metacodes/1.json
+  # GET /metacodes/1
-  # GET /metacodes/Action.json
+  # GET /metacodes/Action
-  # GET /metacodes/action.json
+  # GET /metacodes/action
  def show
    @metacode = Metacode.where('DOWNCASE(name) = ?', downcase(params[:name])).first if params[:name]
    set_metacode unless @metacode
-
+    render json: @metacode
    respond_to do |format|
      format.json { render json: @metacode }
    end
  end
  # GET /metacodes/new
  # GET /metacodes/new.json
  def new
    @metacode = Metacode.new
    respond_to do |format|
      format.html
      format.json { render json: @metacode }
    end
  end
  # GET /metacodes/1/edit
  def edit
  end
  # POST /metacodes
  # POST /metacodes.json
  def create
    @metacode = Metacode.new(metacode_params)
    respond_to do |format|
    if @metacode.save
-        format.html { redirect_to metacodes_url, notice: 'Metacode was successfully created.' }
+      render json: @metacode, status: :created
        format.json { render json: @metacode, status: :created, location: metacodes_url }
    else
-        format.html { render :new }
+      render json: @metacode.errors, status: :unprocessable_entity
        format.json { render json: @metacode.errors, status: :unprocessable_entity }
      end
    end
  end
  # PUT /metacodes/1
  # PUT /metacodes/1.json
  def update
    respond_to do |format|
    if @metacode.update(metacode_params)
-        format.html { redirect_to metacodes_url, notice: 'Metacode was successfully updated.' }
+      head :no_content
        format.json { head :no_content }
    else
-        format.html { render :edit }
+      render json: @metacode.errors, status: :unprocessable_entity
        format.json { render json: @metacode.errors, status: :unprocessable_entity }
      end
    end
  end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -5,6 +5,23 @@ class UsersController < ApplicationController
  respond_to :html, :json
  # GET /users/current
  def current
    if current_user
      # these are just options, saying include these values, they aren't the values themselves
      render json: current_user.to_json({
        follows: true,
        email: true,
        follow_settings: true,
        emails_allowed: true,
        inviteCode: true,
        unread_notifications_count: user_unread_notifications_count
      })
    else
      render json: nil
    end
  end
  # GET /users/1.json
  def show
    @user = User.find(params[:id])
@ -42,7 +59,7 @@ class UsersController < ApplicationController
      correct_pass = @user.valid_password?(params[:current_password])
      if correct_pass && @user.update_attributes(user_params)
-        update_follow_settings(@user, params[:settings])
+        update_follow_settings(@user, params[:settings]) if is_tester(@user)
        @user.image = nil if params[:remove_image] == '1'
        @user.save
        sign_in(@user, bypass: true)
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -5,7 +5,7 @@ module ApplicationHelper
    "#{request.base_url}/join" + (current_user ? "?code=#{current_user.code}" : '')
  end
-  def user_unread_notification_count
+  def user_unread_notifications_count
    return 0 if current_user.nil?
    @uunc ||= current_user.mailboxer_notification_receipts.reduce(0) do |total, receipt|
      receipt.is_read ? total : total + 1
--- a/app/helpers/metacodes_helper.rb
+++ b/app/helpers/metacodes_helper.rb
@ -52,27 +52,30 @@ module MetacodesHelper
  def metacode_sets_json
    metacode_sets = []
    if current_user
      metacode_sets << {
        name: 'Recently Used',
-      metacodes: user_recent_metacodes
+        description: 'Your recently used metacodes',
-                     .map { |m| { id: m.id, icon_path: asset_path(m.icon), name: m.name } }
+        metacodes: user_recent_metacodes.map { |m| m.id }
      }
      metacode_sets << {
        name: 'Most Used',
-      metacodes: user_most_used_metacodes
+        description: 'Your most used metacodes',
-                     .map { |m| { id: m.id, icon_path: asset_path(m.icon), name: m.name } }
+        metacodes: user_most_used_metacodes.map { |m| m.id }
      }
    end
    metacode_sets += MetacodeSet.order('name').all.map do |set|
      {
        id: set.id,
        name: set.name,
-        metacodes: set.metacodes.order('name')
+        desc: set.desc,
-                      .map { |m| { id: m.id, icon_path: asset_path(m.icon), name: m.name } }
+        metacodes: set.metacodes.order('name').map { |m| m.id }
      }
    end
    metacode_sets << {
      name: 'All',
-      metacodes: Metacode.order('name').all
+      desc: 'A list of all the metacodes',
-                         .map { |m| { id: m.id, icon_path: asset_path(m.icon), name: m.name } }
+      metacodes: Metacode.order('name').all.map { |m| m.id }
    }
    metacode_sets.to_json
  end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -70,6 +70,8 @@ class User < ApplicationRecord
      json['follow_map_on_contributed'] = settings.follow_map_on_contributed == '1'
    end
    json['email'] = email if options[:email]
    json['invite_code'] = code if options[:inviteCode]
    json['unread_notifications_count'] = options[:unread_notifications_count] if not options[:unread_notifications_count].nil?
    json
  end
--- a/app/views/access/approve_access_post.js.erb
+++ b/app/views/access/approve_access_post.js.erb
@ -1 +0,0 @@
 $('.main-text').text($('.requesterName').text() + ' has been shared on the map and notified.')
--- a/app/views/access/deny_access_post.js.erb
+++ b/app/views/access/deny_access_post.js.erb
@ -1 +0,0 @@
 $('.main-text').text('Fair enough.')
--- a/app/views/layouts/_foot.html.erb
+++ b/app/views/layouts/_foot.html.erb
@ -1,6 +1,6 @@
 <div id="loading"></div>
 <script type="text/javascript">
-  Metamaps.ServerData.unreadNotificationsCount = <%= current_user ? user_unread_notification_count : 0 %>
+  Metamaps.ServerData.unreadNotificationsCount = <%= current_user ? user_unread_notifications_count : 0 %>
  Metamaps.ServerData.mapIsStarred = <%= current_user && @map && current_user.starred_map?(@map) ? true : false %>
  Metamaps.ServerData.mobileTitle = "<%= yield(:mobile_title) %>"
  Metamaps.ServerData.ActiveMapper = <%= current_user ? current_user.to_json({follows: true, email: true, follow_settings: true}).html_safe : nil %>
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@ -6,6 +6,10 @@ Rails.application.configure do
  config.log_level = :info
  config.eager_load = false
  config.action_cable.allowed_request_origins = [
    'http://localhost:3000'
  ]
  # In the development environment your application's code is reloaded on
  # every request. This slows down response time but is perfect for development
  # since you don't have to restart the web server when you make code changes.
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@ -5,7 +5,7 @@ Rails.application.configure do
  # Settings specified here will take precedence over those in config/application.rb
  config.action_cable.allowed_request_origins = [
-    'https://metamaps.herokuapp.com', 'http://metamaps.herokuapp.com', 'https://metamaps.cc'
+    'https://metamaps.herokuapp.com', 'https://metamaps.cc'
  ]
  # log to stdout
--- a/config/routes.rb
+++ b/config/routes.rb
@ -15,7 +15,6 @@ Metamaps::Application.routes.draw do
    get 'starred'
    get 'mapper/:id', action: 'mapper'
  end
  get :explore, to: redirect('/')
  resources :maps, except: %i[index edit] do
    member do
@ -70,7 +69,7 @@ Metamaps::Application.routes.draw do
  resources :metacode_sets, except: [:show]
-  resources :metacodes, except: [:destroy]
+  resources :metacodes, except: [:new, :edit, :destroy]
  get 'metacodes/:name', to: 'metacodes#show'
  namespace :search do
@ -112,6 +111,9 @@ Metamaps::Application.routes.draw do
  end
  resources :users, except: %i[index destroy] do
    collection do
      get :current
    end
    member do
      get :details
    end
--- a/doc/RspecTesting.md
+++ b/doc/RspecTesting.md
@ -26,13 +26,13 @@ At the time of writing, there are four directories in the spec folder. One,
 `support`, is for helper functions. `rails_helper.rb` and `spec_helper.rb` are
 also for helper functions.
-`factories` is for a gem called [factory-bot][factory_bot]. This gem lets you
+`factories` is for a gem called [factory-girl][factory-girl]. This gem lets you
 use the `create` and `build` functions to quickly create the simplest possible
 valid version of a given model. For instance:
    let(:map1) { create :map }
-    let(:alex) { create :user, name: "Alex" }
+    let(:ronald) { create :user, name: "Ronald" }
-    let(:map2) { create :map, user: alex }
+    let(:map2) { create :map, user: ronald }
 As you can see, you can also customize the factories. You can read the full
 documentation at the link above or check the existing specs to see how it works.
@ -53,5 +53,5 @@ the added code works. This will help in a few ways:
 Happy testing!
-[factory-bot]: https://github.com/thoughtbot/factory_bot
+[factory-girl]: https://github.com/thoughtbot/factory_girl
 [rspec-docs]: http://rspec.info
--- a/package-lock.json
+++ b/package-lock.json
--- a/spec/factories/access_requests.rb
+++ b/spec/factories/access_requests.rb
@ -1,6 +1,6 @@
 # frozen_string_literal: true
-FactoryBot.define do
+FactoryGirl.define do
  factory :access_request do
    map
    user
--- a/spec/factories/mappings.rb
+++ b/spec/factories/mappings.rb
@ -1,6 +1,6 @@
 # frozen_string_literal: true
-FactoryBot.define do
+FactoryGirl.define do
  factory :mapping do
    xloc 0
    yloc 0
--- a/spec/factories/maps.rb
+++ b/spec/factories/maps.rb
@ -1,6 +1,6 @@
 # frozen_string_literal: true
-FactoryBot.define do
+FactoryGirl.define do
  factory :map do
    sequence(:name) { |n| "Cool Map ##{n}" }
    permission :commons
--- a/spec/factories/message.rb
+++ b/spec/factories/message.rb
@ -1,6 +1,6 @@
 # frozen_string_literal: true
-FactoryBot.define do
+FactoryGirl.define do
  factory :message do
    association :resource, factory: :map
    user
--- a/spec/factories/metacodes.rb
+++ b/spec/factories/metacodes.rb
@ -1,6 +1,6 @@
 # frozen_string_literal: true
-FactoryBot.define do
+FactoryGirl.define do
  factory :metacode do
    sequence(:name) { |n| "Cool Metacode ##{n}" }
    manual_icon 'https://images.com/image.png'
--- a/spec/factories/stars.rb
+++ b/spec/factories/stars.rb
@ -1,6 +1,6 @@
 # frozen_string_literal: true
-FactoryBot.define do
+FactoryGirl.define do
  factory :star do
  end
 end
--- a/spec/factories/synapses.rb
+++ b/spec/factories/synapses.rb
@ -1,6 +1,6 @@
 # frozen_string_literal: true
-FactoryBot.define do
+FactoryGirl.define do
  factory :synapse do
    sequence(:desc) { |n| "Cool synapse ##{n}" }
    category :'from-to'
--- a/spec/factories/tokens.rb
+++ b/spec/factories/tokens.rb
@ -1,6 +1,6 @@
 # frozen_string_literal: true
-FactoryBot.define do
+FactoryGirl.define do
  factory :token do
    user
    description ''
--- a/spec/factories/topics.rb
+++ b/spec/factories/topics.rb
@ -1,6 +1,6 @@
 # frozen_string_literal: true
-FactoryBot.define do
+FactoryGirl.define do
  factory :topic do
    user
    association :updated_by, factory: :user
--- a/spec/factories/user_maps.rb
+++ b/spec/factories/user_maps.rb
@ -1,6 +1,6 @@
 # frozen_string_literal: true
-FactoryBot.define do
+FactoryGirl.define do
  factory :user_map do
    map
    user
--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
@ -10,7 +10,7 @@
 # have actual codes, you'll need to specify one simple_user and then you
 # can specify other :code_user users based on the pre-existing user's code.
-FactoryBot.define do
+FactoryGirl.define do
  factory :code_user, class: User do
    sequence(:name) { |n| "Cool User ##{n}" }
    sequence(:email) { |n| "cooluser#{n}@cooldomain.com" }
--- a/spec/support/factory_girl.rb
+++ b/spec/support/factory_girl.rb
@ -1,6 +1,6 @@
 # frozen_string_literal: true
-# lets you type create(:user) instead of FactoryBot.create(:user)
+# lets you type create(:user) instead of FactoryGirl.create(:user)
 RSpec.configure do |config|
-  config.include FactoryBot::Syntax::Methods
+  config.include FactoryGirl::Syntax::Methods
 end
Author	SHA1	Message	Date
Connor Turland	0bbe838483	strip down admin endpoints to just json	2018-03-09 15:54:30 -05:00
Connor Turland	245bb88112	remove html format from controller and allow anyone access to index	2018-03-08 18:32:56 -05:00
Connor Turland	706e094c90	change metacode set json	2018-03-08 17:12:24 -05:00
Connor Turland	3348ea7b54	stop redirecting and return forbidden status	2018-03-08 12:08:21 -05:00
Connor Turland	a737bd3cfd	changes for notifications	2018-03-08 09:47:15 -05:00
Connor Turland	58d81e239b	add current user route	2018-03-06 06:24:51 -05:00
		`@ -1 +0,0 @@`
			`$('.main-text').text($('.requesterName').text() + ' has been shared on the map and notified.')`