apicasso 0.1.5 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: cd79fffcb4c7c86e39a0873b71139d6bf8f2e7c4ebf181d68083b2963c3e9a66
-  data.tar.gz: 90b1009449d217a580518ad0957d99215cedf838042948cfcc1b7b08cbbfc692
+SHA1:
+  metadata.gz: 8053255daaad3ecbc6f8b4d14ae1aeb38671b5b9
+  data.tar.gz: d904f5dbc5d8114b26a26620b9b85410fd6d37d6
 SHA512:
-  metadata.gz: 845781b36267c16168ddeca5fe9e053eb2e4e35be1abaacc544ae3d4e98f3aafe9f92af0caa31d8c8ed41cbdd7fbba19fb07e90412b2f71d39deef5ae0a8ca0a
-  data.tar.gz: 168c5576cb188b4aee794187acc3c1af622130f011aad842d2aedbe4bc6da0a72d288c8108db659dec381d3ef6a3420f8955ab3ff3a6e3871a83613c1aba4df6
+  metadata.gz: 02fcc26644d279ba49a58651e7135e644f2477dcb0d6b01988d27a67bd7a3867e1ff8f298273121b3ccff005225a1b44e0186aa8780bbacb8418369b89ee2a21
+  data.tar.gz: c6c194ff5532e62e6e36d797b143b89520c71fa1b1a470ad1e44343dffede7d740a0cd0a12d190a6bc3125b6030830aea16602513d740f39ebdcd57291344536

data/README.md

@@ -1,85 +1,85 @@
-<img src="https://raw.githubusercontent.com/ErvalhouS/APIcasso/master/APIcasso.png" width="300" /> [![Gem Version](https://badge.fury.io/rb/apicasso.svg)](https://badge.fury.io/rb/apicasso) [![Docs Coverage](https://inch-ci.org/github/autoforce/APIcasso.svg?branch=master)](https://inch-ci.org/github/autoforce/APIcasso.svg?branch=master) [![Maintainability](https://api.codeclimate.com/v1/badges/b58bbd6b9a0376f7cfc8/maintainability)](https://codeclimate.com/github/autoforce/APIcasso/maintainability) [![codecov](https://codecov.io/gh/autoforce/APIcasso/branch/master/graph/badge.svg)](https://codecov.io/gh/autoforce/APIcasso) [![Build Status](https://travis-ci.org/autoforce/APIcasso.svg?branch=master)](https://travis-ci.org/autoforce/APIcasso)
-
-JSON API development can get boring and time consuming. If you think it through, every time you make one you use almost the same route structure, pointing to the same controller actions, with the same ordering, filtering and pagination features.
-
-**APIcasso** is intended to be used as a full-fledged CRUD JSON API or as a base controller to speed-up development.
-It is a route-based resource abstraction using API key scoping. This makes it possible to make CRUD-only applications just by creating functional Rails' models. It is a perfect candidate for legacy Rails projects that do not have an API. Access to your application's resources is managed by a `.scope` JSON object per API key. It uses that permission scope to restrict and extend access.
-
-## Installation
-Add this line to your application's `Gemfile`:
-
-```ruby
-gem 'apicasso'
-```
-
-And then execute this to generate the required migrations:
-```bash
-$ rails g apicasso:install
-```
-You will need to use a database with JSON fields support to use this gem.
-
-## Usage
-After installing APIcasso into your application you can mount a full-fledged CRUD JSON API just by attaching into some route. Usually you will have it under a scoped route like `/api/v1` or a subdomain. You can do that by adding this into your `config/routes.rb`:
-```ruby
-  # To mount your APIcasso routes under the path scope `/api/v1`
-  mount Apicasso::Engine, at: "/api/v1"
-  # or, if you prefer subdomain scope isolation
-  constraints subdomain: 'apiv1' do
-    mount Apicasso::Engine, at: "/"
-  end
-```
-Your API will reflect very similarly a `resources :resource` statement with the following routes:
-```ruby
-  get '/:resource/' # Index action, listing a `:resource` collection from your application
-  post '/:resource/' # Create action for one `:resource` from your application
-  get '/:resource/:id' # Show action for one `:resource` from your application
-  patch '/:resource/:id' # Update action for one `:resource` from your application
-  delete '/:resource/:id' # Destroy action for one `:resource` from your application
-  get '/:resource/:id/:nested/' # Index action, listing a collection of a `:nested` relation from one of your application's `:resource`
-  options '/:resource/' # A schema dump for the required `:resource`
-  options '/:resource/:id/:nested/' # A schema dump for the required `:nested` relation from one of your application's `:resource`
-```
-This means all your application's models will be exposed as `:resource` and it's relations will be exposed as `:nested`. It will enable you to CRUD and get schema metadata from your records.
-
- > But this is permissive as hell! I do not want to expose my entire application like this, haven't you thought about security?
-
-*Sure!* The API is being exposed using authentication through `Authorization: Token` [HTTP header authentication](http://tools.ietf.org/html/draft-hammer-http-token-auth-01). The API key objects are manageable through the `Apicasso::Key` model, which gets setup at install. When a new key is created a `.token` is generated using an [Universally Unique Identifier(RFC 4122)](https://tools.ietf.org/html/rfc4122).
-
-Your API is then exposed based on each `Apicasso::Key.scope` definition
-```ruby
-  Apicasso::Key.create(scope:
-                        { manage:
-                            [{ order: true }, { user: { account_id: 1 } }],
-                          read:
-                            [{ account: { id: 1 } }]
-                        })
-```
-This translates directly into which parts of your application is exposed to each APIcasso keys.
-
-The key from this example will have full access to all orders and to users with `account_id == 1`. It will have also read-only access to accounts with `id == 1`.
-
-This saves you the trouble of having to setup each and every controller for each model. And even if your application really need it, just make your controllers inherit from `Apicasso::CrudController` and extend it's functionalities. This authorization feature is why one of the dependencies for this gem is [CanCanCan](https://github.com/CanCanCommunity/cancancan), that abstracts the scope field into authorization for your application's resources.
-
-The `crud#index` and `crud#nested_index` actions are already equipped with pagination, ordering and filtering.
-
- - You can pass `params[:sort]` with field names preffixed with `+` or `-` to configure custom ordering per request. I.E.: `?sort=+updated_at,-name`
- - You can pass `params[:q]` using [ransack's search matchers](https://github.com/activerecord-hackery/ransack#search-matchers) to build a search query. I.E.: `?q[full_name_start]=Picasso`
- - You can pass `params[:page]` and `params[:per_page]` to build pagination options. I.E.: `?page=2&per_page=12`
-
-## Contributing
-Bug reports and pull requests are welcome on GitHub at https://github.com/ErvalhouS/APIcasso. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant code of conduct](http://contributor-covenant.org/).
-
-## License
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
-
-## Code of conduct
-Everyone interacting in the APIcasso project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/ErvalhouS/APIcasso/blob/master/CODE_OF_CONDUCT.md).
-
-## TODO
-
- - Abstract a configurable CORS approach.
- - Add gem options like: Token rotation, Alternative authentication methods
- - Response fields selecting
- - Rate limiting
- - Testing suite
- - Travis CI
+<img src="https://raw.githubusercontent.com/ErvalhouS/APIcasso/master/APIcasso.png" width="300" /> [![Gem Version](https://badge.fury.io/rb/apicasso.svg)](https://badge.fury.io/rb/apicasso) [![Docs Coverage](https://inch-ci.org/github/autoforce/APIcasso.svg?branch=master)](https://inch-ci.org/github/autoforce/APIcasso.svg?branch=master) [![Maintainability](https://api.codeclimate.com/v1/badges/b58bbd6b9a0376f7cfc8/maintainability)](https://codeclimate.com/github/autoforce/APIcasso/maintainability) [![codecov](https://codecov.io/gh/autoforce/APIcasso/branch/master/graph/badge.svg)](https://codecov.io/gh/autoforce/APIcasso) [![Build Status](https://travis-ci.org/autoforce/APIcasso.svg?branch=master)](https://travis-ci.org/autoforce/APIcasso)
+
+JSON API development can get boring and time consuming. If you think it through, every time you make one you use almost the same route structure, pointing to the same controller actions, with the same ordering, filtering and pagination features.
+
+**APIcasso** is intended to be used as a full-fledged CRUD JSON API or as a base controller to speed-up development.
+It is a route-based resource abstraction using API key scoping. This makes it possible to make CRUD-only applications just by creating functional Rails' models. It is a perfect candidate for legacy Rails projects that do not have an API. Access to your application's resources is managed by a `.scope` JSON object per API key. It uses that permission scope to restrict and extend access.
+
+## Installation
+Add this line to your application's `Gemfile`:
+
+```ruby
+gem 'apicasso'
+```
+
+And then execute this to generate the required migrations:
+```bash
+$ rails g apicasso:install
+```
+You will need to use a database with JSON fields support to use this gem.
+
+## Usage
+After installing APIcasso into your application you can mount a full-fledged CRUD JSON API just by attaching into some route. Usually you will have it under a scoped route like `/api/v1` or a subdomain. You can do that by adding this into your `config/routes.rb`:
+```ruby
+  # To mount your APIcasso routes under the path scope `/api/v1`
+  mount Apicasso::Engine, at: "/api/v1"
+  # or, if you prefer subdomain scope isolation
+  constraints subdomain: 'apiv1' do
+    mount Apicasso::Engine, at: "/"
+  end
+```
+Your API will reflect very similarly a `resources :resource` statement with the following routes:
+```ruby
+  get '/:resource/' # Index action, listing a `:resource` collection from your application
+  post '/:resource/' # Create action for one `:resource` from your application
+  get '/:resource/:id' # Show action for one `:resource` from your application
+  patch '/:resource/:id' # Update action for one `:resource` from your application
+  delete '/:resource/:id' # Destroy action for one `:resource` from your application
+  get '/:resource/:id/:nested/' # Index action, listing a collection of a `:nested` relation from one of your application's `:resource`
+  options '/:resource/' # A schema dump for the required `:resource`
+  options '/:resource/:id/:nested/' # A schema dump for the required `:nested` relation from one of your application's `:resource`
+```
+This means all your application's models will be exposed as `:resource` and it's relations will be exposed as `:nested`. It will enable you to CRUD and get schema metadata from your records.
+
+ > But this is permissive as hell! I do not want to expose my entire application like this, haven't you thought about security?
+
+*Sure!* The API is being exposed using authentication through `Authorization: Token` [HTTP header authentication](http://tools.ietf.org/html/draft-hammer-http-token-auth-01). The API key objects are manageable through the `Apicasso::Key` model, which gets setup at install. When a new key is created a `.token` is generated using an [Universally Unique Identifier(RFC 4122)](https://tools.ietf.org/html/rfc4122).
+
+Your API is then exposed based on each `Apicasso::Key.scope` definition
+```ruby
+  Apicasso::Key.create(scope:
+                        { manage:
+                            [{ order: true }, { user: { account_id: 1 } }],
+                          read:
+                            [{ account: { id: 1 } }]
+                        })
+```
+This translates directly into which parts of your application is exposed to each APIcasso keys.
+
+The key from this example will have full access to all orders and to users with `account_id == 1`. It will have also read-only access to accounts with `id == 1`.
+
+This saves you the trouble of having to setup each and every controller for each model. And even if your application really need it, just make your controllers inherit from `Apicasso::CrudController` and extend it's functionalities. This authorization feature is why one of the dependencies for this gem is [CanCanCan](https://github.com/CanCanCommunity/cancancan), that abstracts the scope field into authorization for your application's resources.
+
+The `crud#index` and `crud#nested_index` actions are already equipped with pagination, ordering and filtering.
+
+ - You can pass `params[:sort]` with field names preffixed with `+` or `-` to configure custom ordering per request. I.E.: `?sort=+updated_at,-name`
+ - You can pass `params[:q]` using [ransack's search matchers](https://github.com/activerecord-hackery/ransack#search-matchers) to build a search query. I.E.: `?q[full_name_start]=Picasso`
+ - You can pass `params[:page]` and `params[:per_page]` to build pagination options. I.E.: `?page=2&per_page=12`
+
+## Contributing
+Bug reports and pull requests are welcome on GitHub at https://github.com/ErvalhouS/APIcasso. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant code of conduct](http://contributor-covenant.org/).
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of conduct
+Everyone interacting in the APIcasso project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/ErvalhouS/APIcasso/blob/master/CODE_OF_CONDUCT.md).
+
+## TODO
+
+ - Abstract a configurable CORS approach.
+ - Add gem options like: Token rotation, Alternative authentication methods
+ - Response fields selecting
+ - Rate limiting
+ - Testing suite
+ - Travis CI

data/Rakefile

@@ -1,32 +1,32 @@
-begin
-  require 'bundler/setup'
-rescue LoadError
-  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
-end
-
-require 'rdoc/task'
-
-RDoc::Task.new(:rdoc) do |rdoc|
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'Apicasso'
-  rdoc.options << '--line-numbers'
-  rdoc.rdoc_files.include('README.md')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
-
-APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
-load 'rails/tasks/engine.rake'
-
-load 'rails/tasks/statistics.rake'
-
-require 'bundler/gem_tasks'
-
-require 'rake/testtask'
-
-Rake::TestTask.new(:test) do |t|
-  t.libs << 'test'
-  t.pattern = 'test/**/*_test.rb'
-  t.verbose = false
-end
-
-task default: :test
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Apicasso'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/controllers/apicasso/application_controller.rb

@@ -1,104 +1,104 @@
-# frozen_string_literal: true
-
-module Apicasso
-  # Controller to extract common API features,
-  # such as authentication and authorization
-  class ApplicationController < ActionController::API
-    include ActionController::HttpAuthentication::Token::ControllerMethods
-    prepend_before_action :restrict_access
-    after_action :register_api_request
-
-    # Sets the authorization scope for the current API key
-    def current_ability
-      @current_ability ||= Apicasso::Ability.new(@api_key)
-    end
-
-    private
-
-    # Identifies API key used in the request, avoiding unauthenticated access
-    def restrict_access
-      authenticate_or_request_with_http_token do |token, _options|
-        @api_key = Apicasso::Key.find_by!(token: token)
-      end
-    end
-
-    # Creates a request object in databse, registering the API key and
-    # a hash of the request and the response
-    def register_api_request
-      Apicasso::Request.delay.create(api_key_id: @api_key.id,
-                                     object: { request: request_hash,
-                                               response: response_hash })
-    end
-
-    # Request data built as a hash.
-    # Returns UUID, URL, HTTP Headers and origin IP
-    def request_hash
-      {
-        uuid: request.uuid,
-        url: request.original_url,
-        headers: request.env.select { |key, _v| key =~ /^HTTP_/ },
-        ip: request.remote_ip
-      }
-    end
-
-    # Resonse data built as a hash.
-    # Returns HTTP Status and request body
-    def response_hash
-      {
-        status: response.status,
-        body: JSON.parse(response.body)
-      }
-    end
-
-    # Used to avoid errors parsing the search query,
-    # which can be passed as a JSON or as a key-value param
-    def parsed_query
-      JSON.parse(params[:q])
-    rescue JSON::ParserError, TypeError
-      params[:q]
-    end
-
-    # Used to avoid errors in included associations parsing
-    def parsed_include
-      params[:include].split(',')
-    rescue NoMethodError
-      []
-    end
-
-    # Receives a `.paginate`d collection and returns the pagination
-    # metadata to be merged into response
-    def pagination_metadata_for(records)
-      { total: records.total_entries,
-        total_pages: records.total_pages,
-        last_page: records.next_page.blank?,
-        previous_page: previous_link_for(records),
-        next_page: next_link_for(records),
-        out_of_bounds: records.out_of_bounds?,
-        offset: records.offset }
-    end
-
-    # Generates a contextualized URL of the next page for this request
-    def next_link_for(records)
-      uri = URI.parse(request.original_url)
-      query = Rack::Utils.parse_query(uri.query)
-      query['page'] = records.next_page
-      uri.query = Rack::Utils.build_query(query)
-      uri.to_s
-    end
-
-    # Generates a contextualized URL of the previous page for this request
-    def previous_link_for(records)
-      uri = URI.parse(request.original_url)
-      query = Rack::Utils.parse_query(uri.query)
-      query['page'] = records.previous_page
-      uri.query = Rack::Utils.build_query(query)
-      uri.to_s
-    end
-
-    # Receives a `:action, :resource, :object` hash to validate authorization
-    def authorize_for(opts = {})
-      authorize! opts[:action], opts[:resource] if opts[:resource].present?
-      authorize! opts[:action], opts[:object] if opts[:object].present?
-    end
-  end
-end
+# frozen_string_literal: true
+
+module Apicasso
+  # Controller to extract common API features,
+  # such as authentication and authorization
+  class ApplicationController < ActionController::API
+    include ActionController::HttpAuthentication::Token::ControllerMethods
+    prepend_before_action :restrict_access
+    after_action :register_api_request
+
+    # Sets the authorization scope for the current API key
+    def current_ability
+      @current_ability ||= Apicasso::Ability.new(@api_key)
+    end
+
+    private
+
+    # Identifies API key used in the request, avoiding unauthenticated access
+    def restrict_access
+      authenticate_or_request_with_http_token do |token, _options|
+        @api_key = Apicasso::Key.find_by!(token: token)
+      end
+    end
+
+    # Creates a request object in databse, registering the API key and
+    # a hash of the request and the response
+    def register_api_request
+      Apicasso::Request.delay.create(api_key_id: @api_key.id,
+                                     object: { request: request_hash,
+                                               response: response_hash })
+    end
+
+    # Request data built as a hash.
+    # Returns UUID, URL, HTTP Headers and origin IP
+    def request_hash
+      {
+        uuid: request.uuid,
+        url: request.original_url,
+        headers: request.env.select { |key, _v| key =~ /^HTTP_/ },
+        ip: request.remote_ip
+      }
+    end
+
+    # Resonse data built as a hash.
+    # Returns HTTP Status and request body
+    def response_hash
+      {
+        status: response.status,
+        body: JSON.parse(response.body)
+      }
+    end
+
+    # Used to avoid errors parsing the search query,
+    # which can be passed as a JSON or as a key-value param
+    def parsed_query
+      JSON.parse(params[:q])
+    rescue JSON::ParserError, TypeError
+      params[:q]
+    end
+
+    # Used to avoid errors in included associations parsing
+    def parsed_include
+      params[:include].split(',')
+    rescue NoMethodError
+      []
+    end
+
+    # Receives a `.paginate`d collection and returns the pagination
+    # metadata to be merged into response
+    def pagination_metadata_for(records)
+      { total: records.total_entries,
+        total_pages: records.total_pages,
+        last_page: records.next_page.blank?,
+        previous_page: previous_link_for(records),
+        next_page: next_link_for(records),
+        out_of_bounds: records.out_of_bounds?,
+        offset: records.offset }
+    end
+
+    # Generates a contextualized URL of the next page for this request
+    def next_link_for(records)
+      uri = URI.parse(request.original_url)
+      query = Rack::Utils.parse_query(uri.query)
+      query['page'] = records.next_page
+      uri.query = Rack::Utils.build_query(query)
+      uri.to_s
+    end
+
+    # Generates a contextualized URL of the previous page for this request
+    def previous_link_for(records)
+      uri = URI.parse(request.original_url)
+      query = Rack::Utils.parse_query(uri.query)
+      query['page'] = records.previous_page
+      uri.query = Rack::Utils.build_query(query)
+      uri.to_s
+    end
+
+    # Receives a `:action, :resource, :object` hash to validate authorization
+    def authorize_for(opts = {})
+      authorize! opts[:action], opts[:resource] if opts[:resource].present?
+      authorize! opts[:action], opts[:object] if opts[:object].present?
+    end
+  end
+end

data/app/controllers/apicasso/crud_controller.rb

@@ -1,156 +1,155 @@
-# frozen_string_literal: true
-
-module Apicasso
-  # Controller to consume read-only data to be used on client's frontend
-  class CrudController < Apicasso::ApplicationController
-    before_action :set_root_resource
-    before_action :set_object, except: %i[index schema create]
-    before_action :set_nested_resource, only: %i[nested_index]
-    before_action :set_records, only: %i[index nested_index]
-    before_action :set_schema, only: %i[schema]
-
-    include Orderable
-
-    # GET /:resource
-    # Returns a paginated, ordered and filtered query based response.
-    # Consider this
-    # To get all `Channel` sorted by ascending `name` and descending
-    # `updated_at`, filtered by the ones that have a `domain` that matches
-    # exactly `"domain.com"`, paginating records 42 per page and retrieving
-    # the page 42 of that collection. Usage:
-    # GET /sites?sort=+name,-updated_at&q[domain_eq]=domain.com&page=42&per_page=42
-    def index
-      render json: response_json
-    end
-
-    # GET /:resource/1
-    def show
-      render json: @object.to_json(include: parsed_include)
-    end
-
-    # PATCH/PUT /:resource/1
-    def update
-      authorize_for(action: :update,
-                    resource: resource.name.underscore.to_sym,
-                    object: @object)
-      if @object.update(object_params)
-        render json: @object
-      else
-        render json: @object.errors, status: :unprocessable_entity
-      end
-    end
-
-    # DELETE /:resource/1
-    def destroy
-      authorize_for(action: :destroy,
-                    resource: resource.name.underscore.to_sym,
-                    object: @object)
-      if @object.destroy
-        head :no_content
-      else
-        render json: @object.errors, status: :unprocessable_entity
-      end
-    end
-
-    # GET /:resource/1/:nested_resource
-    alias nested_index index
-
-    # POST /:resource
-    def create
-      @object = resource.new(resource_params)
-      authorize_for(action: :create,
-                    resource: resource.name.underscore.to_sym,
-                    object: @object)
-      if @object.save
-        render json: @object, status: :created, location: @object
-      else
-        render json: @object.errors, status: :unprocessable_entity
-      end
-    end
-
-    # OPTIONS /:resource
-    # OPTIONS /:resource/1/:nested_resource
-    # Will return a JSON with the schema of the current resource, using
-    # attribute names as keys and attirbute types as values.
-    def schema
-      set_access_control_headers
-      render json: resource_schema.to_json
-    end
-
-    private
-
-    def set_access_control_headers
-      response.headers['Access-Control-Allow-Origin'] = '*'
-      response.headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, PATCH, DELETE, OPTIONS'
-      response.headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, Authorization, Token, Auth-Token, Email, X-User-Token, X-User-Email'
-      response.headers['Access-Control-Max-Age'] = '1728000'
-    end
-
-    # Common setup to stablish which model is the resource of this request
-    def set_root_resource
-      @root_resource = params[:resource].classify.constantize
-    end
-
-    # Common setup to stablish which object this request is querying
-    def set_object
-      id = params[:id]
-      @object = resource.friendly.find(id)
-    rescue NoMethodError
-      @object = resource.find(id)
-    ensure
-      authorize! :read, @object
-    end
-
-    # Setup to stablish the nested model to be queried
-    def set_nested_resource
-      @nested_resource = @object.send(params[:nested].underscore.pluralize)
-    end
-
-    # Reutrns root_resource if nested_resource is not set scoped by permissions
-    def resource
-      (@nested_resource || @root_resource)
-    end
-
-    # Used to setup the resource's schema, mapping attributes and it's types
-    def resource_schema
-      schemated = {}
-      resource.columns_hash.each { |key, value| schemated[key] = value.type }
-      schemated
-    end
-
-    # Used to setup the records from the selected resource that are
-    # going to be rendered, if authorized
-    def set_records
-      authorize! :read, resource.name.underscore.to_sym
-      @records = resource.ransack(parsed_query).result
-      reorder_records if params[:sort].present?
-    end
-
-    # Reordering of records which happens when receiving `params[:sort]`
-    def reorder_records
-      @records = @records.unscope(:order).order(ordering_params(params))
-    end
-
-    # Raw paginated records object
-    def paginated_records
-      @records.accessible_by(current_ability)
-              .paginate(page: params[:page], per_page: params[:per_page])
-    end
-
-    # Parsing of `paginated_records` with pagination variables metadata
-    def response_json
-      { entries: entries_json }.merge(pagination_metadata_for(paginated_records))
-    end
-
-    # Parsed JSON to be used as response payload
-    def entries_json
-      JSON.parse(paginated_records.to_json(include: parsed_include))
-    end
-
-    # Only allow a trusted parameter "white list" through,
-    # based on resource's schema.
-    def object_params
-      params.fetch(resource.name.underscore.to_sym, resource_schema.keys)
-    end
-  end
-end
+# frozen_string_literal: true
+
+module Apicasso
+  # Controller to consume read-only data to be used on client's frontend
+  class CrudController < Apicasso::ApplicationController
+    before_action :set_root_resource
+    before_action :set_object, except: %i[index schema create]
+    before_action :set_nested_resource, only: %i[nested_index]
+    before_action :set_records, only: %i[index nested_index]
+
+    include Orderable
+
+    # GET /:resource
+    # Returns a paginated, ordered and filtered query based response.
+    # Consider this
+    # To get all `Channel` sorted by ascending `name` and descending
+    # `updated_at`, filtered by the ones that have a `domain` that matches
+    # exactly `"domain.com"`, paginating records 42 per page and retrieving
+    # the page 42 of that collection. Usage:
+    # GET /sites?sort=+name,-updated_at&q[domain_eq]=domain.com&page=42&per_page=42
+    def index
+      render json: response_json
+    end
+
+    # GET /:resource/1
+    def show
+      render json: @object.to_json(include: parsed_include)
+    end
+
+    # PATCH/PUT /:resource/1
+    def update
+      authorize_for(action: :update,
+                    resource: resource.name.underscore.to_sym,
+                    object: @object)
+      if @object.update(object_params)
+        render json: @object
+      else
+        render json: @object.errors, status: :unprocessable_entity
+      end
+    end
+
+    # DELETE /:resource/1
+    def destroy
+      authorize_for(action: :destroy,
+                    resource: resource.name.underscore.to_sym,
+                    object: @object)
+      if @object.destroy
+        head :no_content
+      else
+        render json: @object.errors, status: :unprocessable_entity
+      end
+    end
+
+    # GET /:resource/1/:nested_resource
+    alias nested_index index
+
+    # POST /:resource
+    def create
+      @object = resource.new(resource_params)
+      authorize_for(action: :create,
+                    resource: resource.name.underscore.to_sym,
+                    object: @object)
+      if @object.save
+        render json: @object, status: :created, location: @object
+      else
+        render json: @object.errors, status: :unprocessable_entity
+      end
+    end
+
+    # OPTIONS /:resource
+    # OPTIONS /:resource/1/:nested_resource
+    # Will return a JSON with the schema of the current resource, using
+    # attribute names as keys and attirbute types as values.
+    def schema
+      set_access_control_headers
+      render json: resource_schema.to_json
+    end
+
+    private
+
+    def set_access_control_headers
+      response.headers['Access-Control-Allow-Origin'] = '*'
+      response.headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, PATCH, DELETE, OPTIONS'
+      response.headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, Authorization, Token, Auth-Token, Email, X-User-Token, X-User-Email'
+      response.headers['Access-Control-Max-Age'] = '1728000'
+    end
+
+    # Common setup to stablish which model is the resource of this request
+    def set_root_resource
+      @root_resource = params[:resource].classify.constantize
+    end
+
+    # Common setup to stablish which object this request is querying
+    def set_object
+      id = params[:id]
+      @object = resource.friendly.find(id)
+    rescue NoMethodError
+      @object = resource.find(id)
+    ensure
+      authorize! :read, @object
+    end
+
+    # Setup to stablish the nested model to be queried
+    def set_nested_resource
+      @nested_resource = @object.send(params[:nested].underscore.pluralize)
+    end
+
+    # Reutrns root_resource if nested_resource is not set scoped by permissions
+    def resource
+      (@nested_resource || @root_resource)
+    end
+
+    # Used to setup the resource's schema, mapping attributes and it's types
+    def resource_schema
+      schemated = {}
+      resource.columns_hash.each { |key, value| schemated[key] = value.type }
+      schemated
+    end
+
+    # Used to setup the records from the selected resource that are
+    # going to be rendered, if authorized
+    def set_records
+      authorize! :read, resource.name.underscore.to_sym
+      @records = resource.ransack(parsed_query).result
+      reorder_records if params[:sort].present?
+    end
+
+    # Reordering of records which happens when receiving `params[:sort]`
+    def reorder_records
+      @records = @records.unscope(:order).order(ordering_params(params))
+    end
+
+    # Raw paginated records object
+    def paginated_records
+      @records.accessible_by(current_ability)
+              .paginate(page: params[:page], per_page: params[:per_page])
+    end
+
+    # Parsing of `paginated_records` with pagination variables metadata
+    def response_json
+      { entries: entries_json }.merge(pagination_metadata_for(paginated_records))
+    end
+
+    # Parsed JSON to be used as response payload
+    def entries_json
+      JSON.parse(paginated_records.to_json(include: parsed_include))
+    end
+
+    # Only allow a trusted parameter "white list" through,
+    # based on resource's schema.
+    def object_params
+      params.fetch(resource.name.underscore.to_sym, resource_schema.keys)
+    end
+  end
+end

data/app/controllers/concerns/orderable.rb

@@ -1,44 +1,44 @@
-# frozen_string_literal: true
-
-# This concern is used to provide abstract ordering based on `params[:sort]`
-module Orderable
-  extend ActiveSupport::Concern
-  SORT_ORDER = { '+' => :asc, '-' => :desc }.freeze
-
-  # A list of the param names that can be used for ordering the model list
-  def ordering_params(params)
-    # For example it retrieves a list of orders in descending order of total_value.
-    # Within a specific total_value, older orders are ordered first
-    #
-    # GET /orders?sort=-total_value,created_at
-    # ordering_params(params) # => { total_value: :desc, created_at: :asc }
-    #
-    # Usage:
-    # Order.order(ordering_params(params))
-    ordering = {}
-    params[:sort].try(:split, ',').try(:each) do |attr|
-      parsed_attr = parse_attr attr
-      if model.attribute_names.include?(parsed_attr)
-        ordering[parsed_attr] = SORT_ORDER[parse_sign attr]
-      end
-    end
-    ordering
-  end
-
-  private
-
-  # Parsing of attributes to avoid empty starts in case browser passes "+" as " "
-  def parse_attr(attr)
-    return attr.gsub(/^\ (.*)/, '\1') if attr.starts_with?(' ')
-    attr[1..-1]
-  end
-
-  # Ordering sign parse, which separates
-  def parse_sign(attr)
-    attr =~ /\A[+-]/ ? attr.slice!(0) : '+'
-  end
-
-  def model
-    (params[:resource] || params[:nested] || controller_name).classify.constantize
-  end
-end
+# frozen_string_literal: true
+
+# This concern is used to provide abstract ordering based on `params[:sort]`
+module Orderable
+  extend ActiveSupport::Concern
+  SORT_ORDER = { '+' => :asc, '-' => :desc }.freeze
+
+  # A list of the param names that can be used for ordering the model list
+  def ordering_params(params)
+    # For example it retrieves a list of orders in descending order of total_value.
+    # Within a specific total_value, older orders are ordered first
+    #
+    # GET /orders?sort=-total_value,created_at
+    # ordering_params(params) # => { total_value: :desc, created_at: :asc }
+    #
+    # Usage:
+    # Order.order(ordering_params(params))
+    ordering = {}
+    params[:sort].try(:split, ',').try(:each) do |attr|
+      parsed_attr = parse_attr attr
+      if model.attribute_names.include?(parsed_attr)
+        ordering[parsed_attr] = SORT_ORDER[parse_sign attr]
+      end
+    end
+    ordering
+  end
+
+  private
+
+  # Parsing of attributes to avoid empty starts in case browser passes "+" as " "
+  def parse_attr(attr)
+    return attr.gsub(/^\ (.*)/, '\1') if attr.starts_with?(' ')
+    attr[1..-1]
+  end
+
+  # Ordering sign parse, which separates
+  def parse_sign(attr)
+    attr =~ /\A[+-]/ ? attr.slice!(0) : '+'
+  end
+
+  def model
+    (params[:resource] || params[:nested] || controller_name).classify.constantize
+  end
+end

data/app/models/apicasso/ability.rb

@@ -1,40 +1,40 @@
-# frozen_string_literal: true
-
-module Apicasso
-  # Ability to parse a scope object from Apicasso::Key
-  class Ability
-    include CanCan::Ability
-
-    def initialize(key)
-      key ||= Apicasso::Key.new
-      cannot :manage, :all
-      cannot :read, :all
-      key.scope.each do |permission, klasses_clearances|
-        klasses_clearances.each do |klasses|
-          klasses.each do |klass, clearance|
-            if clearance == true
-              # Usage:
-              # To have a key reading all channels and all accouts
-              # you would have a scope:
-              # => `{read: [{channel: true}, {accout: true}]}`
-              can permission.to_sym, klass.underscore.to_sym
-              can permission.to_sym, klass.classify.constantize
-            elsif clearance.class == Hash
-              # Usage:
-              # To have a key reading all banners from a channel with id 999
-              # you would have a scope:
-              # => `{read: [{banner: {owner_id: [999]}}]}`
-              can permission.to_sym,
-                  klass.underscore.to_sym
-              clearance.each do |by_field, values|
-                can permission.to_sym,
-                    klass.classify.constantize,
-                    by_field => values
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end
+# frozen_string_literal: true
+
+module Apicasso
+  # Ability to parse a scope object from Apicasso::Key
+  class Ability
+    include CanCan::Ability
+
+    def initialize(key)
+      key ||= Apicasso::Key.new
+      cannot :manage, :all
+      cannot :read, :all
+      key.scope.each do |permission, klasses_clearances|
+        klasses_clearances.each do |klasses|
+          klasses.each do |klass, clearance|
+            if clearance == true
+              # Usage:
+              # To have a key reading all channels and all accouts
+              # you would have a scope:
+              # => `{read: [{channel: true}, {accout: true}]}`
+              can permission.to_sym, klass.underscore.to_sym
+              can permission.to_sym, klass.classify.constantize
+            elsif clearance.class == Hash
+              # Usage:
+              # To have a key reading all banners from a channel with id 999
+              # you would have a scope:
+              # => `{read: [{banner: {owner_id: [999]}}]}`
+              can permission.to_sym,
+                  klass.underscore.to_sym
+              clearance.each do |by_field, values|
+                can permission.to_sym,
+                    klass.classify.constantize,
+                    by_field => values
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/models/apicasso/application_record.rb

@@ -1,6 +1,6 @@
-module Apicasso
-  class ApplicationRecord < ActiveRecord::Base
-    self.abstract_class = true
-    self.table_name_prefix = 'apicasso_'
-  end
-end
+module Apicasso
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+    self.table_name_prefix = 'apicasso_'
+  end
+end

data/app/models/apicasso/key.rb

@@ -1,25 +1,25 @@
-# frozen_string_literal: true
-
-require 'securerandom'
-module Apicasso
-  # A model to abstract API access, with scope options, token generation, request limiting
-  class Key < ApplicationRecord
-    before_create :set_auth_token
-
-    private
-
-    # Method that generates `SecureRandom.uuid` as token until
-    # an unique one has been acquired
-    def set_auth_token
-      loop do
-        self.token = generate_auth_token
-        break unless self.class.exists?(token: token)
-      end
-    end
-
-    # RFC4122 style token
-    def generate_auth_token
-      SecureRandom.uuid.delete('-')
-    end
-  end
-end
+# frozen_string_literal: true
+
+require 'securerandom'
+module Apicasso
+  # A model to abstract API access, with scope options, token generation, request limiting
+  class Key < ApplicationRecord
+    before_create :set_auth_token
+
+    private
+
+    # Method that generates `SecureRandom.uuid` as token until
+    # an unique one has been acquired
+    def set_auth_token
+      loop do
+        self.token = generate_auth_token
+        break unless self.class.exists?(token: token)
+      end
+    end
+
+    # RFC4122 style token
+    def generate_auth_token
+      SecureRandom.uuid.delete('-')
+    end
+  end
+end

data/app/models/apicasso/request.rb

@@ -1,8 +1,8 @@
-# frozen_string_literal: true
-
-module Apicasso
-  # A model to abstract API access, with scope options, token generation, request limiting
-  class Request < ApplicationRecord
-    belongs_to :api_key, class_name: 'Apicasso::Key'
-  end
-end
+# frozen_string_literal: true
+
+module Apicasso
+  # A model to abstract API access, with scope options, token generation, request limiting
+  class Request < ApplicationRecord
+    belongs_to :api_key, class_name: 'Apicasso::Key'
+  end
+end

data/config/routes.rb

@@ -1,13 +1,13 @@
-Apicasso::Engine.routes.draw do
-  scope module: :apicasso do
-    resources :apidocs, only: [:index]
-    get '/:resource/', to: 'crud#index', via: :get
-    match '/:resource/', to: 'crud#create', via: :post
-    get '/:resource/:id', to: 'crud#show', via: :get
-    match '/:resource/:id', to: 'crud#update', via: :patch
-    match '/:resource/:id', to: 'crud#destroy', via: :delete
-    match '/:resource/:id/:nested/', to: 'crud#nested_index', via: :get
-    match '/:resource/', to: 'crud#schema', via: :options
-    match '/:resource/:id/:nested/', to: 'crud#schema', via: :options
-  end
-end
+Apicasso::Engine.routes.draw do
+  scope module: :apicasso do
+    resources :apidocs, only: [:index]
+    get '/:resource/', to: 'crud#index', via: :get
+    match '/:resource/', to: 'crud#create', via: :post
+    get '/:resource/:id', to: 'crud#show', via: :get
+    match '/:resource/:id', to: 'crud#update', via: :patch
+    match '/:resource/:id', to: 'crud#destroy', via: :delete
+    match '/:resource/:id/:nested/', to: 'crud#nested_index', via: :get
+    match '/:resource/', to: 'crud#schema', via: :options
+    match '/:resource/:id/:nested/', to: 'crud#schema', via: :options
+  end
+end

data/lib/apicasso/engine.rb

@@ -1,6 +1,6 @@
-# frozen_string_literal: true
-
-module Apicasso
-  class Engine < ::Rails::Engine
-  end
-end
+# frozen_string_literal: true
+
+module Apicasso
+  class Engine < ::Rails::Engine
+  end
+end

data/lib/apicasso/version.rb

@@ -1,3 +1,3 @@
-module Apicasso
-  VERSION = '0.1.5'
-end
+module Apicasso
+  VERSION = '0.1.6'
+end

data/lib/apicasso.rb

@@ -1,9 +1,9 @@
-# frozen_string_literal: true
-
-require 'apicasso/version'
-require 'apicasso/engine'
-require 'apicasso/active_record_extension'
-
-module Apicasso
-  # Your code goes here...
-end
+# frozen_string_literal: true
+
+require 'apicasso/version'
+require 'apicasso/engine'
+require 'apicasso/active_record_extension'
+
+module Apicasso
+  # Your code goes here...
+end

data/lib/generators/apicasso/install/install_generator.rb

@@ -1,25 +1,25 @@
-require 'rails/generators/migration'
-
-module Apicasso
-  module Generators
-    class InstallGenerator < ::Rails::Generators::Base
-      include Rails::Generators::Migration
-      source_root File.expand_path('../templates', __FILE__)
-      desc 'Add the required migrations to run APIcasso'
-
-      def self.next_migration_number(path)
-        if @prev_migration_nr
-          @prev_migration_nr += 1
-        else
-          @prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
-        end
-        @prev_migration_nr.to_s
-      end
-
-      def copy_migrations
-        migration_template 'create_apicasso_tables.rb',
-                           'db/migrate/create_apicasso_tables.rb'
-      end
-    end
-  end
-end
+require 'rails/generators/migration'
+
+module Apicasso
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+      include Rails::Generators::Migration
+      source_root File.expand_path('../templates', __FILE__)
+      desc 'Add the required migrations to run APIcasso'
+
+      def self.next_migration_number(path)
+        if @prev_migration_nr
+          @prev_migration_nr += 1
+        else
+          @prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
+        end
+        @prev_migration_nr.to_s
+      end
+
+      def copy_migrations
+        migration_template 'create_apicasso_tables.rb',
+                           'db/migrate/create_apicasso_tables.rb'
+      end
+    end
+  end
+end

data/lib/generators/apicasso/install/templates/create_apicasso_tables.rb

@@ -1,17 +1,17 @@
-class CreateApicassoTables < ActiveRecord::Migration[5.0]
-  def change
-    create_table :apicasso_keys, id: :uuid do |t|
-      t.json :scope
-      t.integer :scope_type
-      t.json :request_limiting
-      t.text :token
-      t.datetime :deleted_at
-      t.timestamps null: false
-    end
-    create_table :apicasso_requests, id: :uuid do |t|
-      t.text :api_key_id
-      t.json :object
-      t.timestamps null: false
-    end
-  end
-end
+class CreateApicassoTables < ActiveRecord::Migration[5.0]
+  def change
+    create_table :apicasso_keys, id: :uuid do |t|
+      t.json :scope
+      t.integer :scope_type
+      t.json :request_limiting
+      t.text :token
+      t.datetime :deleted_at
+      t.timestamps null: false
+    end
+    create_table :apicasso_requests, id: :uuid do |t|
+      t.text :api_key_id
+      t.json :object
+      t.timestamps null: false
+    end
+  end
+end

data/lib/tasks/apicasso_tasks.rake

@@ -1,4 +1,4 @@
-# desc "Explaining what the task does"
-# task :apicasso do
-#   # Task goes here
-# end
+# desc "Explaining what the task does"
+# task :apicasso do
+#   # Task goes here
+# end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: apicasso
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
 platform: ruby
 authors:
 - Fernando Bellincanta
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-25 00:00:00.000000000 Z
+date: 2018-08-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cancancan
@@ -133,7 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 2.6.14
 signing_key: 
 specification_version: 4
 summary: An abstract API design as a mountable engine