model_driven_api 2.3.0 → 2.3.5
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 315cd43dc90a24097cd08e0ee261ba26b94b8b2e1a9f640416b68b7366b0352e
|
|
4
|
+
data.tar.gz: 47a36df93c41c8bcb0a32d832d3b7067e1b9894eda39c313fc0c18cdf17ced2d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8d121bf09e8f799dc08ba1b7a5cb5c1b17b6d810eaee6a4c32886733f1e1133a770618bcc2c31ebbf5876f377d017244ad68d63b9d76770dfdcd4e779e09c313
|
|
7
|
+
data.tar.gz: c47b0e7fc8a63f96eb238cc8b6d8601b15e0d534b00151717ac333fff86f764998bb7857a471037c918bb25c24b89fe4ab7a63186683209c98e48eb4f18ffb4f
|
data/README.md
CHANGED
|
@@ -422,7 +422,7 @@ Once loaded the tests inside the insomnia application, please right click on the
|
|
|
422
422
|
|
|
423
423
|
## TODO
|
|
424
424
|
|
|
425
|
-
*
|
|
425
|
+
* Document the new feature (from version 2.3.3) to add Authentication methods which override the JWT described above. Useful for Webhooks and machine2machine trusted dialogues.
|
|
426
426
|
|
|
427
427
|
## References
|
|
428
428
|
Thanks to all these people for ideas:
|
|
@@ -21,7 +21,7 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
21
21
|
|
|
22
22
|
# Normal Index Action with Ransack querying
|
|
23
23
|
@q = (@model.column_names.include?("user_id") ? @model.where(user_id: current_user.id) : @model).ransack(@query.presence|| params[:q])
|
|
24
|
-
@records_all = @q.result(distinct: true)
|
|
24
|
+
@records_all = @q.result # (distinct: true) Removing, but I'm not sure, with it I cannot sort in postgres for associated records (throws an exception on misuse of sort with distinct)
|
|
25
25
|
page = (@page.presence || params[:page])
|
|
26
26
|
per = (@per.presence || params[:per])
|
|
27
27
|
pages_info = (@pages_info.presence || params[:pages_info])
|
|
@@ -107,15 +107,34 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
107
107
|
# call an unwanted method in the AR Model.
|
|
108
108
|
resource = "custom_action_#{params[:do]}"
|
|
109
109
|
raise NoMethodError unless @model.respond_to?(resource)
|
|
110
|
-
return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
|
|
110
|
+
# return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
|
|
111
|
+
return true, MultiJson.dump(@model.send(resource, params))
|
|
111
112
|
end
|
|
112
113
|
# if it's here there is no custom action in the request querystring
|
|
113
114
|
return false
|
|
114
115
|
end
|
|
116
|
+
|
|
117
|
+
def class_exists?(class_name)
|
|
118
|
+
klass = Module.const_get(class_name)
|
|
119
|
+
return klass.is_a?(Class)
|
|
120
|
+
rescue NameError
|
|
121
|
+
return false
|
|
122
|
+
end
|
|
115
123
|
|
|
116
124
|
def authenticate_request
|
|
117
|
-
|
|
118
|
-
|
|
125
|
+
# puts request.headers.inspect
|
|
126
|
+
@current_user = nil
|
|
127
|
+
# puts "Are there wbehooks headers to check for? #{Settings.ns(:security).allowed_authorization_headers}"
|
|
128
|
+
Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
|
|
129
|
+
# puts "Found header #{header}: #{request.headers[header.underscore.dasherize]}"
|
|
130
|
+
check_authorization("Authorize#{header}".constantize.call(request.headers, request.raw_post)) if request.headers[header.underscore.dasherize]
|
|
131
|
+
end
|
|
132
|
+
return unauthenticated!(OpenStruct.new({message: @auth_errors})) unless @current_user
|
|
133
|
+
|
|
134
|
+
# This is the default one, if the header doesn't have a valid form for one of the other Auth methods, then use this Auth Class
|
|
135
|
+
check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user
|
|
136
|
+
return unauthenticated!(OpenStruct.new({message: @auth_errors})) unless @current_user
|
|
137
|
+
|
|
119
138
|
current_user = @current_user
|
|
120
139
|
params[:current_user_id] = @current_user.id
|
|
121
140
|
# Now every time the user fires off a successful GET request,
|
|
@@ -147,6 +166,14 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
147
166
|
return not_found! if (!@model.new.is_a? ActiveRecord::Base rescue false)
|
|
148
167
|
end
|
|
149
168
|
|
|
169
|
+
def check_authorization cmd
|
|
170
|
+
if cmd.success?
|
|
171
|
+
@current_user = cmd.result
|
|
172
|
+
else
|
|
173
|
+
@auth_errors = cmd.errors
|
|
174
|
+
end
|
|
175
|
+
end
|
|
176
|
+
|
|
150
177
|
# Nullifying strong params for API
|
|
151
178
|
def params
|
|
152
179
|
request.parameters
|
|
@@ -33,7 +33,7 @@ module ApiExceptionManagement
|
|
|
33
33
|
|
|
34
34
|
def api_error(status: 500, errors: [])
|
|
35
35
|
# puts errors.full_messages if !Rails.env.production? && errors.respond_to?(:full_messages)
|
|
36
|
-
head status && return if errors.
|
|
36
|
+
head status && return if errors.blank?
|
|
37
37
|
|
|
38
38
|
# For retrocompatibility, I try to send back only strings, as errors
|
|
39
39
|
errors_response = if errors.respond_to?(:full_messages)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: model_driven_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.3.
|
|
4
|
+
version: 2.3.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gabriele Tassoni
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-02-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thecore_backend_commons
|