Revision 63efbbf5
Added by Petr Chalupa almost 12 years ago
- ID 63efbbf53695f64577724f941eb223d96032e5b2
| app/controllers/api/base_controller.rb | ||
|---|---|---|
|
#TODO: inherit from application controller after cleanup
|
||
|
class BaseController < ActionController::Base
|
||
|
|
||
|
before_filter :set_default_response_format, :authorize
|
||
|
before_filter :set_default_response_format, :authorize, :set_resource_params
|
||
|
|
||
|
respond_to :json
|
||
|
|
||
|
def process_error options = { }
|
||
|
|
||
|
def process_error(options = { })
|
||
|
options[:json_code] ||= :unprocessable_entity
|
||
|
|
||
|
errors = if options[:error]
|
||
| ... | ... | |
|
render :json => { "errors" => errors }, :status => options[:json_code]
|
||
|
end
|
||
|
|
||
|
def get_resource
|
||
|
instance_variable_get(:"@#{controller_name.singularize}")
|
||
|
end
|
||
|
|
||
|
def process_response condition, response = nil
|
||
|
def process_response(condition, response = nil)
|
||
|
if condition
|
||
|
response ||= get_resource
|
||
|
respond_with response
|
||
| ... | ... | |
|
if result = authenticate_with_http_basic { |u, p| user_to_login = u; User.try_to_login(u, p) }
|
||
|
User.current = result
|
||
|
else
|
||
|
process_error({ :error => "Unable to authenticate user %s" % user_to_login, :json_code => :unauthorized })
|
||
|
process_error :error => "Unable to authenticate user %s" % user_to_login, :json_code => :unauthorized
|
||
|
return false
|
||
|
end
|
||
|
end
|
||
| ... | ... | |
|
User.current = User.find_by_login("admin")
|
||
|
end
|
||
|
|
||
|
# FIXME the following breaks bookmark controller as it has no Autho restrictions in the model.
|
||
|
# Moreover it probably doesn't make sense to have it in API controller.
|
||
|
#allowed = User.current.allowed_to?({:controller => ctrl.gsub(/::/, "_").underscore, :action => action})
|
||
|
#allowed ? true : deny_access
|
||
|
User.current.allowed_to?(:controller => ctrl.gsub(/::/, "_").underscore, :action => action) or deny_access
|
||
|
end
|
||
|
|
||
|
def deny_access
|
||
|
process_error({ :error => "Access denied", :json_code => :unauthorized })
|
||
|
process_error :error => "Access denied", :json_code => :forbidden
|
||
|
false
|
||
|
end
|
||
|
|
||
|
def get_resource
|
||
|
instance_variable_get :"@#{resource_name}" or raise 'no resource loaded'
|
||
|
end
|
||
|
|
||
|
def resource_name
|
||
|
controller_name.singularize
|
||
|
end
|
||
|
|
||
|
def resource_class
|
||
|
@resource_class ||= resource_name.camelize.constantize
|
||
|
end
|
||
|
|
||
|
protected
|
||
|
# searches for an object based on its name and assign it to an instance variable
|
||
|
# searches for a resource based on its name and assign it to an instance variable
|
||
|
# required for models which implement the to_param method
|
||
|
#
|
||
|
# example:
|
||
|
# @host = Host.find_by_name params[:id]
|
||
|
def find_by_name
|
||
|
not_found and return if (id = params[:id]).blank?
|
||
|
|
||
|
obj = controller_name.singularize
|
||
|
# determine if we are searching for a numerical id or plain name
|
||
|
cond = "find_by_" + ((id =~ /^\d+$/ && (id=id.to_i)) ? "id" : "name")
|
||
|
not_found and return unless eval("@#{obj} = #{obj.camelize}.#{cond}(id)")
|
||
|
# @host = Host.find_resource params[:id]
|
||
|
def find_resource
|
||
|
finder, key = case
|
||
|
when (id = params[:"#{resource_name}_id"]).present?
|
||
|
[:find_by_id, id]
|
||
|
when (name = params[:"#{resource_name}_name"]).present?
|
||
|
[:find_by_name, name]
|
||
|
else
|
||
|
[nil, nil]
|
||
|
end
|
||
|
resource = resource_class.send(finder, key) if finder
|
||
|
|
||
|
if finder && resource
|
||
|
return instance_variable_set(:"@#{resource_name}", resource)
|
||
|
else
|
||
|
not_found and return false
|
||
|
end
|
||
|
end
|
||
|
|
||
|
def not_found(exception = nil)
|
||
| ... | ... | |
|
request.format = :json if params[:format].nil?
|
||
|
end
|
||
|
|
||
|
# store params[:id] under correct predicable key
|
||
|
def set_resource_params
|
||
|
if (id_or_name = params.delete(:id))
|
||
|
suffix = id_or_name =~ /^\d+$/ ? 'id' : 'name'
|
||
|
params[:"#{resource_name}_#{suffix}"] = id_or_name
|
||
|
end
|
||
|
end
|
||
|
|
||
|
end
|
||
|
end
|
||
| app/controllers/api/v1/architectures_controller.rb | ||
|---|---|---|
|
module V1
|
||
|
class ArchitecturesController < BaseController
|
||
|
include Foreman::Controller::AutoCompleteSearch
|
||
|
before_filter :find_by_name, :only => %w{show update destroy}
|
||
|
before_filter :find_resource, :only => %w{show update destroy}
|
||
|
|
||
|
api :GET, "/architectures/", "List all architectures."
|
||
|
def index
|
||
|
@architectures = Architecture.search_for(params[:search], :order => params[:order]).paginate(:page => params[:page], :include => :operatingsystems)
|
||
|
@architectures = Architecture.search_for(params[:search], :order => params[:order]).
|
||
|
paginate(:page => params[:page], :include => :operatingsystems)
|
||
|
end
|
||
|
|
||
|
api :GET, "/architectures/:id/", "Show an architecture."
|
||
| ... | ... | |
|
|
||
|
api :POST, "/architectures/", "Create an architecture."
|
||
|
param :architecture, Hash, :required => true do
|
||
|
param :name, String, :required => true
|
||
|
param :name, String, :required => true
|
||
|
end
|
||
|
def create
|
||
|
@architecture = Architecture.new(params[:architecture])
|
||
| ... | ... | |
|
|
||
|
api :PUT, "/architectures/:id/", "Update an architecture."
|
||
|
param :architecture, Hash, :required => true do
|
||
|
param :name, String
|
||
|
param :name, String
|
||
|
end
|
||
|
def update
|
||
|
process_response @architecture.update_attributes(params[:architecture])
|
||
| app/controllers/api/v1/bookmarks_controller.rb | ||
|---|---|---|
|
module Api
|
||
|
module V1
|
||
|
class BookmarksController < BaseController
|
||
|
before_filter :find_by_name, :only => [:show, :update, :destroy]
|
||
|
before_filter :find_resource, :only => [:show, :update, :destroy]
|
||
|
|
||
|
api :GET, "/bookmarks/", "List all bookmarks."
|
||
|
def index
|
||
| ... | ... | |
|
|
||
|
api :POST, "/bookmarks/", "Create a bookmark."
|
||
|
param :bookmark, Hash, :required => true do
|
||
|
param :name, String, :required => true
|
||
|
param :controller, String, :required => true
|
||
|
param :query, String, :required => true
|
||
|
param :name, String, :required => true
|
||
|
param :controller, String, :required => true
|
||
|
param :query, String, :required => true
|
||
|
end
|
||
|
def create
|
||
|
@bookmark = Bookmark.new(params[:bookmark])
|
||
| ... | ... | |
|
|
||
|
api :PUT, "/bookmarks/:id/", "Update a bookmark."
|
||
|
param :bookmark, Hash, :required => true do
|
||
|
param :name, String
|
||
|
param :controller, String
|
||
|
param :query, String
|
||
|
param :name, String
|
||
|
param :controller, String
|
||
|
param :query, String
|
||
|
end
|
||
|
def update
|
||
|
process_response @bookmark.update_attributes(params[:bookmark])
|
||
| ... | ... | |
|
end
|
||
|
end
|
||
|
|
||
|
|
||
|
|
||
|
|
||
| app/controllers/api/v1/operatingsystems_controller.rb | ||
|---|---|---|
|
name 'Operating systems'
|
||
|
end
|
||
|
|
||
|
before_filter :find_by_name, :only => %w{show edit update destroy bootfiles}
|
||
|
before_filter :find_resource, :only => %w{show edit update destroy bootfiles}
|
||
|
|
||
|
api :GET, "/operatingsystems/", "List all operating systems."
|
||
|
def index
|
||
| ... | ... | |
|
|
||
|
api :POST, "/operatingsystems/", "Create an OS."
|
||
|
param :operatingsystem, Hash, :required => true do
|
||
|
param :name, /\A(\S+)\Z/, :required => true
|
||
|
param :major, String, :required => true
|
||
|
param :minor, String, :required => true
|
||
|
param :name, /\A(\S+)\Z/, :required => true
|
||
|
param :major, String, :required => true
|
||
|
param :minor, String, :required => true
|
||
|
end
|
||
|
def create
|
||
|
@operatingsystem = Operatingsystem.new(params[:operatingsystem])
|
||
|
process_response @operatingsystem.save
|
||
|
end
|
||
|
end
|
||
|
|
||
|
api :PUT, "/operatingsystems/:id/", "Update an OS."
|
||
|
param :operatingsystem, Hash, :required => true do
|
||
|
param :name, /\A(\S+)\Z/
|
||
|
param :major, String
|
||
|
param :minor, String
|
||
|
param :name, /\A(\S+)\Z/
|
||
|
param :major, String
|
||
|
param :minor, String
|
||
|
end
|
||
|
def update
|
||
|
process_response @operatingsystem.update_attributes(params[:operatingsystem])
|
||
| ... | ... | |
|
param :architecture, String
|
||
|
def bootfiles
|
||
|
medium = Medium.find_by_name(params[:medium])
|
||
|
arch = Architecture.find_by_name(params[:architecture])
|
||
|
arch = Architecture.find_by_name(params[:architecture])
|
||
|
render :json => @operatingsystem.pxe_files(medium, arch)
|
||
|
rescue => e
|
||
|
render :json => e.to_s, :status => :unprocessable_entity
|
||
| lib/foreman/access_permissions.rb | ||
|---|---|---|
|
# Permissions
|
||
|
Foreman::AccessControl.map do |map|
|
||
|
map.security_block :architectures do |map|
|
||
|
map.permission :view_architectures, {:architectures => [:index, :show]}
|
||
|
map.permission :create_architectures, {:architectures => [:new, :create]}
|
||
|
map.permission :edit_architectures, {:architectures => [:edit, :update]}
|
||
|
map.permission :destroy_architectures, {:architectures => [:destroy]}
|
||
|
map.permission :view_architectures,
|
||
|
:architectures => [:index, :show], :"api/v1/architectures" => [:index, :show]
|
||
|
map.permission :create_architectures,
|
||
|
:architectures => [:new, :create], :"api/v1/architectures" => [:new, :create]
|
||
|
map.permission :edit_architectures,
|
||
|
:architectures => [:edit, :update], :"api/v1/architectures" => [:edit, :update]
|
||
|
map.permission :destroy_architectures,
|
||
|
:architectures => [:destroy], :"api/v1/architectures" => [:destroy]
|
||
|
end
|
||
|
|
||
|
map.security_block :authentication_providers do |map|
|
||
| ... | ... | |
|
end
|
||
|
|
||
|
map.security_block :bookmarks do |map|
|
||
|
map.permission :view_bookmarks, {:bookmarks => [:index, :show]}
|
||
|
map.permission :create_bookmarks, {:bookmarks => [:new, :create]}
|
||
|
map.permission :edit_bookmarks, {:bookmarks => [:edit, :update]}
|
||
|
map.permission :destroy_bookmarks, {:bookmarks => [:destroy]}
|
||
|
map.permission :view_bookmarks,
|
||
|
:bookmarks => [:index, :show], :"api/v1/bookmarks" => [:index, :show]
|
||
|
map.permission :create_bookmarks,
|
||
|
:bookmarks => [:new, :create], :"api/v1/bookmarks" => [:new, :create]
|
||
|
map.permission :edit_bookmarks,
|
||
|
:bookmarks => [:edit, :update], :"api/v1/bookmarks" => [:edit, :update]
|
||
|
map.permission :destroy_bookmarks,
|
||
|
:bookmarks => [:destroy], :"api/v1/bookmarks" => [:destroy]
|
||
|
end
|
||
|
|
||
|
map.security_block :compute_resources do |map|
|
||
| ... | ... | |
|
end
|
||
|
|
||
|
map.security_block :operatingsystems do |map|
|
||
|
map.permission :view_operatingsystems, {:operatingsystems => [:index, :show]}
|
||
|
map.permission :create_operatingsystems, {:operatingsystems => [:new, :create]}
|
||
|
map.permission :edit_operatingsystems, {:operatingsystems => [:edit, :update]}
|
||
|
map.permission :destroy_operatingsystems, {:operatingsystems => [:destroy]}
|
||
|
map.permission :view_operatingsystems,
|
||
|
:operatingsystems => [:index, :show], :"api/v1/operatingsystems" => [:index, :show]
|
||
|
map.permission :create_operatingsystems,
|
||
|
:operatingsystems => [:new, :create], :"api/v1/operatingsystems" => [:new, :create]
|
||
|
map.permission :edit_operatingsystems,
|
||
|
:operatingsystems => [:edit, :update], :"api/v1/operatingsystems" => [:edit, :update]
|
||
|
map.permission :destroy_operatingsystems,
|
||
|
:operatingsystems => [:destroy], :"api/v1/operatingsystems" => [:destroy]
|
||
|
end
|
||
|
|
||
|
map.security_block :partition_tables do |map|
|
||
| test/functional/api/v1/bookmarks_controller_test.rb | ||
|---|---|---|
|
end
|
||
|
|
||
|
test "should create bookmark" do
|
||
|
as_user :one do
|
||
|
as_user :admin do
|
||
|
assert_difference('Bookmark.count') do
|
||
|
post :create, {:bookmark => simple_bookmark}
|
||
|
end
|
||
| ... | ... | |
|
end
|
||
|
|
||
|
test "should create bookmark with a dot" do
|
||
|
as_user :one do
|
||
|
as_user :admin do
|
||
|
assert_difference('Bookmark.count') do
|
||
|
post :create, {:bookmark => dot_bookmark}
|
||
|
end
|
||
| test/functional/api/v1/operatingsystems_controller_test.rb | ||
|---|---|---|
|
|
||
|
|
||
|
test "should get index" do
|
||
|
as_user :one do
|
||
|
as_user :admin do
|
||
|
get :index, {}
|
||
|
end
|
||
|
assert_response :success
|
||
| ... | ... | |
|
end
|
||
|
|
||
|
test "should show os" do
|
||
|
as_user :one do
|
||
|
as_user :admin do
|
||
|
get :show, {:id => operatingsystems(:redhat).to_param}
|
||
|
end
|
||
|
assert_response :success
|
||
| test/test_helper.rb | ||
|---|---|---|
|
result
|
||
|
end
|
||
|
|
||
|
def as_admin
|
||
|
saved_user = User.current
|
||
|
User.current = users(:admin)
|
||
|
result = yield
|
||
|
User.current = saved_user
|
||
|
result
|
||
|
def as_admin &block
|
||
|
as_user :admin, &block
|
||
|
end
|
||
|
|
||
|
def unattended?
|
||
Also available in: Unified diff
api v1 - fixing permissions
cleanups in base controller