Revision 03abfb63
Added by Tomáš Strachota almost 12 years ago
- ID 03abfb63f9437ecfa2dcdbb685a8d38ef6dbedeb
app/controllers/api/base_controller.rb | ||
---|---|---|
class BaseController < ActionController::Base
|
||
|
||
before_filter :set_default_response_format
|
||
before_filter :authorize
|
||
|
||
respond_to :json
|
||
|
||
def process_error hash = {}
|
||
hash[:object] ||= get_resource || raise("Param 'object' was not defined")
|
||
|
||
hash[:json_code] ||= :unprocessable_entity
|
||
def process_error options = {}
|
||
|
||
options[:json_code] ||= :unprocessable_entity
|
||
|
||
errors = if hash[:object].respond_to?(:errors)
|
||
logger.info "Failed to save: #{hash[:object].errors.full_messages.join(", ")}"
|
||
hash[:object].errors.full_messages
|
||
errors = if options[:error]
|
||
options[:error]
|
||
else
|
||
raise("Object has to respond to errors")
|
||
options[:object] ||= get_resource || raise("No error to process")
|
||
if options[:object].respond_to?(:errors)
|
||
logger.info "Failed to save: #{options[:object].errors.full_messages.join(", ")}"
|
||
options[:object].errors.full_messages
|
||
else
|
||
raise("No error to process")
|
||
end
|
||
end
|
||
|
||
# set 403 status on permission errors
|
||
if errors.any? { |error| error =~ /You do not have permission/ }
|
||
options[:json_code] = :forbidden
|
||
end
|
||
|
||
render :json => {"errors" => errors} , :status => hash[:json_code]
|
||
render :json => {"errors" => errors} , :status => options[:json_code]
|
||
end
|
||
|
||
def get_resource
|
||
... | ... | |
end
|
||
|
||
|
||
def request_from_katello_cli?
|
||
request.headers['User-Agent'].to_s =~ /^katello-cli/
|
||
|
||
# Authorize the user for the requested action
|
||
def authorize(ctrl = params[:controller], action = params[:action])
|
||
|
||
if SETTINGS[:login]
|
||
unless User.current
|
||
user_to_login = nil
|
||
if result = authenticate_with_http_basic { |u, p| user_to_login = u; User.try_to_login(u, p) }
|
||
User.current = result
|
||
else
|
||
process_error({:error => "Unable to authenticate user %s" % user_to_login, :json_code => :unauthorized})
|
||
return false
|
||
end
|
||
end
|
||
else
|
||
# We assume we always have a user logged in, if authentication is disabled, the user is the build-in admin account.
|
||
User.current = User.find_by_login("admin")
|
||
end
|
||
|
||
# FIXME the following breaks bookmark controller as it has no Autho restrictions in the model.
|
||
# Moreover it probably doesn't make sense to have it in API controller.
|
||
#allowed = User.current.allowed_to?({:controller => ctrl.gsub(/::/, "_").underscore, :action => action})
|
||
#allowed ? true : deny_access
|
||
end
|
||
|
||
def deny_access
|
||
process_error({:error => "Access denied", :json_code => :unauthorized})
|
||
return false
|
||
end
|
||
|
||
|
||
protected
|
||
# searches for an object based on its name and assign it to an instance variable
|
||
# required for models which implement the to_param method
|
test/functional/api/v1/bookmarks_controller_test.rb | ||
---|---|---|
|
||
|
||
test "should get index" do
|
||
get :index, {}, set_session_user
|
||
as_user :admin do
|
||
get :index, {}
|
||
end
|
||
assert_response :success
|
||
assert_not_nil assigns(:bookmarks)
|
||
end
|
||
|
||
test "should show bookmark" do
|
||
get :show, {:id => bookmarks(:one).to_param}, set_session_user
|
||
as_user :admin do
|
||
get :show, {:id => bookmarks(:one).to_param}
|
||
end
|
||
assert_response :success
|
||
end
|
||
|
||
test "should create bookmark" do
|
||
User.current = users(:one)
|
||
assert_difference('Bookmark.count') do
|
||
post :create, {:bookmark => simple_bookmark}, set_session_user
|
||
as_user :one do
|
||
assert_difference('Bookmark.count') do
|
||
post :create, {:bookmark => simple_bookmark}
|
||
end
|
||
end
|
||
assert_response :success
|
||
end
|
||
|
||
test "should create bookmark with a dot" do
|
||
User.current = users(:one)
|
||
assert_difference('Bookmark.count') do
|
||
post :create, {:bookmark => dot_bookmark}, set_session_user
|
||
as_user :one do
|
||
assert_difference('Bookmark.count') do
|
||
post :create, {:bookmark => dot_bookmark}
|
||
end
|
||
end
|
||
assert_response :success
|
||
end
|
||
|
||
test "should update bookmark" do
|
||
put :update, {:id => bookmarks(:one).to_param, :bookmark => {} }, set_session_user
|
||
as_user :admin do
|
||
put :update, {:id => bookmarks(:one).to_param, :bookmark => {} }
|
||
end
|
||
assert_response :success
|
||
end
|
||
|
||
test "should destroy bookmark" do
|
||
assert_difference('Bookmark.count', -1) do
|
||
delete :destroy, {:id => bookmarks(:one).to_param}, set_session_user
|
||
as_user :admin do
|
||
assert_difference('Bookmark.count', -1) do
|
||
delete :destroy, {:id => bookmarks(:one).to_param}
|
||
end
|
||
end
|
||
assert_response :success
|
||
end
|
test/test_helper.rb | ||
---|---|---|
SETTINGS[:login] ? {:user => User.find_by_login("admin").id, :expires_at => 5.minutes.from_now} : {}
|
||
end
|
||
|
||
def as_user user
|
||
saved_user = User.current
|
||
User.current = users(user)
|
||
result = yield
|
||
User.current = saved_user
|
||
result
|
||
end
|
||
|
||
def as_admin
|
||
saved_user = User.current
|
||
User.current = users(:admin)
|
Also available in: Unified diff
api v1 - Authorization