dune-api 1.0.1

data/app/constraints/dune/api/api_constraint.rb

@@ -0,0 +1,17 @@
+module Dune::Api
+  class ApiConstraint
+    attr_reader :revision
+
+    def initialize(options)
+      @revision = options.fetch(:revision)
+      @default = options[:default]
+    end
+
+    def matches?(request)
+      @default || request
+        .headers
+        .fetch(:accept)
+        .include?("revision=#{revision}")
+    end
+  end
+end

data/app/controllers/dune/api/base_controller.rb

@@ -0,0 +1,68 @@
+module Dune::Api
+  class BaseController < ActionController::Metal
+
+  MODULES = [
+      AbstractController::Rendering,
+      ActionController::Redirecting,
+      ActionView::Rendering, # This is needed because of respond_with
+      ActionController::Rendering,
+      ActionController::Renderers::All,
+      ActionController::ConditionalGet,
+      ActionController::MimeResponds,
+      ActionController::ImplicitRender,
+      ActionController::StrongParameters,
+      ActionController::ForceSSL,
+      ActionController::HttpAuthentication::Token::ControllerMethods,
+      ActionController::Serialization,
+      ActionController::Instrumentation,
+      ActionController::ParamsWrapper,
+      ActionController::Rescue,
+      HasScope,
+      Pundit,
+      Dune::Api::Engine.routes.url_helpers,
+      Rails.application.routes.url_helpers,
+      Pundit,
+
+      #ActionController::Helpers,
+      #ActionController::UrlFor,
+      #ActionController::RackDelegation,
+      #AbstractController::Callbacks,
+    ]
+
+    MODULES.each do |mod|
+      include mod
+    end
+
+    respond_to :json
+    before_action :check_authorization!
+
+    rescue_from Pundit::NotAuthorizedError,  with: :handle_forbidden
+
+    def handle_forbidden
+      head :forbidden
+    end
+
+    def access_token
+      @access_token
+    end
+
+    def current_user
+      @current_user ||= access_token.user
+    end
+
+    def require_admin!
+      handle_unauthorized unless current_user.admin?
+    end
+
+    def check_authorization!
+      authenticate_or_request_with_http_token do |token, options|
+        @access_token = AccessToken.find_by(code: token)
+      end
+      @access_token.is_a?(AccessToken) or handle_unauthorized
+    end
+
+    def handle_unauthorized
+      head :unauthorized
+    end
+  end
+end

data/app/controllers/dune/api/v1/channels/members_controller.rb

@@ -0,0 +1,33 @@
+module Dune::Api
+  module V1
+    class Channels::MembersController < BaseController
+      before_action :require_admin!
+
+      def index
+        respond_with parent.members, root: 'users'
+      end
+
+      def create
+        channel_member = parent.channel_members.build(
+          user_id: params[:channel_member].try(:[], :user_id)
+        )
+        if channel_member.save
+          render json: channel_member.user, status: :created
+        else
+          respond_with channel_member
+        end
+      end
+
+      def destroy
+        parent.channel_members.find_by(user_id: params[:id]).delete
+        head :no_content
+      end
+
+      private
+
+      def parent
+        @channel ||= Channel.find(params[:channel_id])
+      end
+    end
+  end
+end

data/app/controllers/dune/api/v1/channels_controller.rb

@@ -0,0 +1,73 @@
+module Dune::Api
+  module V1
+    class ChannelsController < BaseController
+      include PaginatedController
+      before_action :require_admin!, except: %i(index show update)
+
+      has_scope :pg_search, as: :query
+
+      def index
+        respond_with_pagination collection
+      end
+
+      def show
+        respond_with Channel.find(params[:id])
+      end
+
+      def create
+        channel = ::Channel.new(permitted_params)
+        authorize channel
+        channel.save
+        respond_with channel
+      end
+
+      def update
+        @channel = Channel.find(params[:id])
+        authorize @channel
+        respond_with Channel.update(params[:id], permitted_params)
+      end
+
+      def destroy
+        channel = Channel.find(params[:id])
+        authorize channel
+
+        channel.delete
+        head :no_content
+      end
+
+      [:push_to_draft, :push_to_online].each do |name|
+        define_method name do
+          channel = Channel.find(params[:id])
+          authorize channel
+
+          channel.send("#{name.to_s}!")
+          head :no_content
+        end
+      end
+
+      private
+
+      def permitted_params
+        params.permit(policy(@channel || Channel).permitted_attributes(params))[:channel]
+      end
+
+      def collection
+        @collection ||= begin
+          authorized_scope = policy_scope(Channel)
+          apply_scopes(
+            scoped_by_state(authorized_scope)
+          ).order('created_at desc').all
+        end
+      end
+
+      def scoped_by_state(scope)
+        state_scopes = params.slice(*Channel.state_names).keys
+        if state_scopes.any?
+          scope.with_state(state_scopes)
+        else
+          scope
+        end
+      end
+    end
+  end
+end

data/app/controllers/dune/api/v1/investments_controller.rb

@@ -0,0 +1,70 @@
+module Dune::Api
+  module V1
+    class InvestmentsController < BaseController
+      include PaginatedController
+
+      before_action :require_admin!
+
+      has_scope :pg_search, as: :query
+      has_scope :by_project_id, as: :project_id
+      has_scope :between_values,
+        using: %i(initial final),
+        type:  :hash
+
+      def index
+        respond_with_pagination collection
+      end
+
+      def show
+        respond_with Dune::Api::Investment.find(params[:id])
+      end
+
+      def update
+        @investment = ::Investment.find(params[:id])
+        authorize @investment
+        respond_with ::Investment.update(params[:id], permitted_params)
+      end
+
+      def destroy
+        investment = ::Investment.find(params[:id])
+        authorize investment
+
+        investment.push_to_trash!
+        head :no_content
+      end
+
+      [:confirm, :pendent, :refund, :hide, :cancel].each do |name|
+        define_method name do
+          investment = ::Investment.find(params[:id])
+          authorize investment
+
+          investment.send("#{name.to_s}!")
+          head :no_content
+        end
+      end
+
+      private
+
+      def permitted_params
+        params.permit(policy(@investment || ::Investment).permitted_attributes)[:investment]
+      end
+
+      def collection
+        @collection ||= begin
+          apply_scopes(
+            scoped_by_state(Dune::Api::Investment)
+          ).order('created_at desc').all
+        end
+      end
+
+      def scoped_by_state(scope)
+        state_scopes = params.slice(*Investment.state_names).keys
+        if state_scopes.any?
+          scope.with_state(state_scopes)
+        else
+          scope
+        end
+      end
+    end
+  end
+end

data/app/controllers/dune/api/v1/press_assets_controller.rb

@@ -0,0 +1,38 @@
+module Dune::Api
+  module V1
+    class PressAssetsController < BaseController
+      before_action :require_admin!, except: %i(index show)
+
+      include PaginatedController
+
+      def index
+        respond_with_pagination apply_scopes(PressAsset).all
+      end
+
+      def create
+        respond_with PressAsset.create(permited_params)
+      end
+
+      def update
+        respond_with PressAsset.update(params[:id], permited_params)
+      end
+
+      def show
+        respond_with PressAsset.find(params[:id])
+      end
+
+      def destroy
+        respond_with PressAsset.destroy(params[:id])
+      end
+
+      private
+
+      def permited_params
+        params.permit(
+          { press_asset:
+            PressAsset.attribute_names.map(&:to_sym) - [:created_at, :updated_at]
+        })[:press_asset]
+      end
+    end
+  end
+end

data/app/controllers/dune/api/v1/projects_controller.rb

@@ -0,0 +1,76 @@
+module Dune::Api
+  module V1
+    class ProjectsController < Dune::Api::BaseController
+      include PaginatedController
+
+      has_scope :order_by
+      has_scope :pg_search, as: :query
+      has_scope :between_created_at,
+        :between_expires_at,
+        :between_online_date,
+        using: %i(starts_at ends_at),
+        type:  :hash
+
+      def index
+        respond_with_pagination collection
+      end
+
+      def show
+        project = ::Project.find(params[:id])
+        authorize project
+        respond_with project, serializer: Dune::Api::ProjectSerializer
+      end
+
+      def update
+        @project = Project.find(params[:id])
+        authorize @project
+        respond_with Project.update(params[:id], permitted_params)
+      end
+
+      def destroy
+        project = Project.find(params[:id])
+        authorize project
+
+        project.push_to_trash!
+        head :no_content
+      end
+
+      [:approve, :launch, :reject, :push_to_draft].each do |name|
+        define_method name do
+          project = Project.find(params[:id])
+          authorize project
+
+          project.send("#{name.to_s}!")
+          head :no_content
+        end
+      end
+
+      private
+
+      def permitted_params
+        params.permit(policy(@project || Project).permitted_attributes)[:project]
+      end
+
+      def collection
+        @collection ||= begin
+          if ActiveRecord::ConnectionAdapters::Column.
+              value_to_boolean(params[:manageable])
+            authorized_scope = policy_scope(Dune::Api::Project)
+          else
+            authorized_scope = Dune::Api::Project.visible
+          end
+          apply_scopes(scoped_by_state(authorized_scope)).without_state('deleted')
+        end
+      end
+
+      def scoped_by_state(scope)
+        state_scopes = params.slice(*Project.state_names).keys
+        if state_scopes.any?
+          scope.with_state(state_scopes)
+        else
+          scope
+        end
+      end
+    end
+  end
+end

data/app/controllers/dune/api/v1/rewards_controller.rb

@@ -0,0 +1,9 @@
+module Dune::Api
+  module V1
+    class RewardsController < BaseController
+      def show
+        respond_with Reward.find(params[:id])
+      end
+    end
+  end
+end

data/app/controllers/dune/api/v1/sessions_controller.rb

@@ -0,0 +1,27 @@
+module Dune::Api
+  module V1
+    class SessionsController < BaseController
+      skip_before_action :check_authorization!, only: :create
+
+      def create
+        user = User.find_by(email: params.fetch(:email))
+        if user && user.valid_password?(params.fetch(:password))
+          render status: :created, json: {
+            access_token: user.get_access_token,
+            user_id:      user.id
+          }
+        else
+          render status: :unauthorized, json: {}
+        end
+      rescue KeyError
+        render status: :bad_request, json: {}
+      end
+
+      def destroy
+        access_token.try(:expire!)
+
+        render status: :ok, json: {}
+      end
+    end
+  end
+end

data/app/controllers/dune/api/v1/tags_controller.rb

@@ -0,0 +1,37 @@
+module Dune::Api
+  module V1
+    class TagsController < BaseController
+      before_action :require_admin!, except: %i(index show)
+
+      include PaginatedController
+
+      has_scope :popular, type: :boolean
+
+      def index
+        respond_with_pagination apply_scopes(Tag).all
+      end
+
+      def create
+        respond_with Tag.create(permited_params)
+      end
+
+      def update
+        respond_with Tag.update(params[:id], permited_params)
+      end
+
+      def show
+        respond_with Tag.find(params[:id])
+      end
+
+      def destroy
+        respond_with Tag.destroy(params[:id])
+      end
+
+      private
+
+      def permited_params
+        params.permit({ tag: [ :name, :visible ] })[:tag]
+      end
+    end
+  end
+end