RubyGems - notee - Versions diffs - 0.4.0 → 1.0.0 - Mend

notee 0.4.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (246) hide show

data/app/controllers/notee/application_controller.rb CHANGED Viewed

@@ -1,6 +1,11 @@
 module Notee
   class ApplicationController < ActionController::Base
     before_action :restrict_access_json
+    before_filter :set_request_filter
+    def set_request_filter
+      Thread.current[:request] = request
+    end
     def restrict_access_json
       return redirect_to new_token_path unless confirm_exist_token

data/app/controllers/notee/categories_controller.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Notee
     before_action :set_category, only: [:show, :update, :destroy]
     def index
-      @categories = Category.all
+      @categories = Category.where(is_deleted: false)
       render json: { status: 'success', categories: @categories }
     end
@@ -27,9 +27,12 @@ module Notee
     def update
       respond_to do |format|
+        Category.skip_callback(:save, :before, :set_slug)
         if @category.update(category_params)
+          Category.set_callback(:save, :before, :set_slug)
           format.json { render json: @category, status: 200 }
         else
+          Category.set_callback(:save, :before, :set_slug)
           format.json { render json: @category.errors, status: :unprocessable_entity }
         end
       end
@@ -37,10 +40,11 @@ module Notee
     def destroy
       respond_to do |format|
-        if @category.destroy
+        if @category.update(slug: nil, is_deleted: true)
+          Category.before_destroy_parent(@category.id)
           format.json { render json: @category, status: 200 }
         else
-          format.json { render json: @category.errors, status: :internal_server_error }
+          format.json { render json: @category.errors, status: :unprocessable_entity }
         end
       end
     end

data/app/controllers/notee/comments_controller.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Notee
     before_action :set_comment, only: [:update, :destroy]
     def index
-      comments = Comment.all.order(updated_at: :desc)
+      comments = Comment.where(is_deleted: false).order(updated_at: :desc)
       render json: { status: 'success', comments: comments }
     end
@@ -25,7 +25,7 @@ module Notee
     def update
       respond_to do |format|
-        if @comment.update(post_params)
+        if @comment.update(is_hidden: !@comment.is_hidden)
           format.json { render json: @comment, status: 200 }
         else
           format.json { render json: @comment.errors, status: :unprocessable_entity }
@@ -34,8 +34,13 @@ module Notee
     end
     def destroy
-      @comment.destroy
-      render json: { status: 'success' }
+      respond_to do |format|
+        if @comment.update(is_deleted: true)
+          format.json { render json: @comment, status: 200 }
+        else
+          format.json { render json: @comment.errors, status: :internal_server_error }
+        end
+      end
     end
     private

data/app/controllers/notee/images_controller.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Notee
   class ImagesController < ApplicationController
     def index
-      @images = Image.all.order(updated_at: :desc)
+      @images = Image.where(is_deleted: false).order(updated_at: :desc)
       render json: { status: 'success', images: @images }
     end
@@ -31,7 +31,7 @@ module Notee
       return unless @del_img = Image.find_by(content: params[:name])
       respond_to do |format|
-        if @del_img.destroy
+        if @del_img.update(is_deleted: true)
           format.json { render json: @del_img, status: 200 }
         else
           format.json { render json: @del_img.errors, status: :internal_server_error }

data/app/controllers/notee/posts_controller.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Notee
     # GET /posts
     def index
-      @posts = Post.all.order(updated_at: :desc)
+      @posts = Post.where(is_deleted: false).order(updated_at: :desc)
       render json: { status: 'success', posts: @posts }
     end
@@ -19,6 +19,7 @@ module Notee
     # POST /posts
     def create
       @post = Post.new(post_params)
+      @post.set_user_id
       respond_to do |format|
         if @post.save
           format.json { render json: @post, status: 200 }
@@ -30,6 +31,7 @@ module Notee
     # PATCH/PUT /posts/1
     def update
+      post_params[:user_id] = @post.user_id
       respond_to do |format|
         if @post.update(post_params)
           format.json { render json: @post, status: 200 }
@@ -41,8 +43,13 @@ module Notee
     # DELETE /posts/1
     def destroy
-      @post.destroy
-      render json: { status: 'success' }
+      respond_to do |format|
+        if @post.update(is_deleted: true)
+          format.json { render json: @post, status: 200 }
+        else
+          format.json { render json: @post.errors, status: :internal_server_error }
+        end
+      end
     end
     private
@@ -53,7 +60,7 @@ module Notee
     # Only allow a trusted parameter "white list" through.
     def post_params
-      params.require(:post).permit(:title, :content, :slug, :status, :category_id, :thumbnail_id, :published_at, :seo_keyword, :seo_description, :secret_published_password)
+      params.require(:post).permit(:title, :content, :slug, :status, :user_id, :category_id, :thumbnail_id, :published_at, :seo_keyword, :seo_description, :secret_published_password)
     end
   end
 end

data/app/controllers/notee/roles_controller.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Notee
       user = find_user_by_access_token
       if user
-        render json: { status: 'success', user: user }
+        render json: { status: 'success', role: user.role }
       else
         render json: { status: 'failed' }
       end

data/app/controllers/notee/tokens_controller.rb CHANGED Viewed

@@ -9,25 +9,19 @@ module Notee
     end
     def create
-      if Notee.notee_id == params[:id] && Notee.notee_password == params[:password]
-        if token = Token.create!
-          session[:access_token] = token.access_token
-          return redirect_to root_path
-        end
-      end
-      if now_user = User.sign_in(params[:id], params[:password])
-        if token = Token.create!(user_id: now_user.id)
-          session[:access_token] = token.access_token
-        end
-      end
+      User.sign_in(params[:id], params[:password])
       redirect_to root_path
     end
     def destroy
-      Token.find_by_access_token(session[:access_token]).destroy!
-      session.delete(:access_token)
+      respond_to do |format|
+        if @token = Token.find_by_access_token(session[:access_token]).destroy!
+          session.delete(:access_token)
+          format.json { render json: @token, status: 200 }
+          else
+          format.json { render json: @token.errors, status: :unprocessable_entity }
+        end
+      end
     end
   end
 end

data/app/controllers/notee/trashes_controller.rb ADDED Viewed

@@ -0,0 +1,60 @@
+require_dependency 'notee/application_controller'
+module Notee
+	class TrashesController < ApplicationController
+		before_action :set_trash, only: [:update]
+		def index
+			trash_model = get_model
+			if @trashes = trash_model.trash
+				render json: { status: 'success', trashes: @trashes }
+			else
+				render json: @trashes.errors, status: 422
+			end
+		end
+		def update
+			get_model.skip_callback(:update, :before, :update_authority)
+			respond_to do |format|
+				if @trash.update(is_deleted: false)
+					format.json { render json: @trash, status: 200 }
+				else
+					format.json { render json: @trash.errors, status: :unprocessable_entity }
+				end
+			end
+			get_model.set_callback(:update, :before, :update_authority)
+		end
+		def self.cleanup
+			Post.trash.time_limit.delete_all
+			Category.trash.time_limit.delete_all
+			Image.trash.time_limit.delete_all
+			User.trash.time_limit.delete_all
+			Comment.trash.time_limit.delete_all
+		end
+		private
+		def get_model
+			case params[:model]
+				when 'posts'
+					return Post
+				when 'categories'
+					return Category
+				when 'images'
+					return Image
+				when 'users'
+					return User
+				when 'comments'
+					return Comment
+			end
+		end
+		def set_trash
+			trash_model = get_model
+			@trash = trash_model.find_by(id: params[:id])
+		end
+	end
+end

data/app/controllers/notee/users_controller.rb CHANGED Viewed

@@ -3,13 +3,14 @@ require_dependency 'notee/application_controller'
 module Notee
   class UsersController < ApplicationController
     # callbacks
     before_action :set_user, only: [:show, :update, :destroy]
     before_action :convert_from_string_to_int, only: [:create, :update]
     # GET /users
     def index
-      @users = User.all.order(updated_at: :desc)
+      @users = User.where(is_deleted: false).order(updated_at: :desc)
       render json: { status: 'success', users: @users }
     end
@@ -18,10 +19,14 @@ module Notee
       render json: { status: 'success', user: @user }
     end
+    def mypage
+      @user = Token.find_by(access_token: session[:access_token]).user
+      render json: { status: 'success', user: @user }
+    end
     # POST /posts
     def create
       @user = User.new(user_params)
-      @user.file = user_params[:profile_img]
       respond_to do |format|
         if @user.save
           format.json { render json: @user, status: 200 }
@@ -33,7 +38,6 @@ module Notee
     # PATCH/PUT /posts/1
     def update
-      @user.file = user_params[:profile_img]
       respond_to do |format|
         if @user.update(user_params)
           format.json { render json: @user, status: 200 }
@@ -43,10 +47,26 @@ module Notee
       end
     end
+    def update_password
+      @user = Token.find_by(access_token: session[:access_token]).user
+      respond_to do |format|
+        if @user.update_password(user_params)
+          format.json { render json: @user, status: 200 }
+        else
+          format.json { render json: @user.errors, status: :unprocessable_entity }
+        end
+      end
+    end
     # DELETE /posts/1
     def destroy
-      @user.destroy
-      render json: { status: 'success' }
+      respond_to do |format|
+        if @user.update(is_deleted: true)
+          format.json { render json: @user, status: 200 }
+        else
+          format.json { render json: @user.errors, status: :internal_server_error }
+        end
+      end
     end
     private
@@ -61,7 +81,7 @@ module Notee
     # Only allow a trusted parameter "white list" through.
     def user_params
-      params.require(:user).permit(:name, :email, :password, :password_confirm, :profile, :profile_img, :role)
+      params.require(:user).permit(:name, :email, :now_password, :password, :password_confirm, :profile, :profile_img, :role, :file)
     end
   end
 end

data/app/models/notee/application_record.rb CHANGED Viewed

@@ -1,5 +1,32 @@
 module Notee
   class ApplicationRecord < ActiveRecord::Base
     self.abstract_class = true
+    # scopes
+    scope :trash, -> { where(is_deleted: true) }
+    scope :not_trash, -> { where(is_deleted: false) }
+    scope :time_limit, -> { where('updated_at <= ?', Time.current - 60*60*24*30) }
+    # authority check
+    before_create :create_authority
+    before_update :update_authority, unless: :is_destroy?
+    before_update :destroy_authority, if: :is_destroy?
+    def create_authority
+      Authority.check('create', self)
+    end
+    def update_authority
+      Authority.check('update', self)
+    end
+    def destroy_authority
+      Authority.check('destroy', self)
+    end
+    def is_destroy?
+      return true if self.is_deleted == true
+      false
+    end
   end
 end

data/app/models/notee/authority.rb ADDED Viewed

@@ -0,0 +1,377 @@
+module Notee
+	class Authority
+		include ActiveModel::Model
+		class AuthorityError < StandardError; end
+		class << self
+			TARGET_ARR = ['Post', 'Category', 'Image', 'User']
+			def check(crud, new_model_obj)
+				check_deleted
+				role = get_role
+				case role
+					when 'writer' then
+						writer(crud, new_model_obj)
+					when 'editor' then
+						editor(crud, new_model_obj)
+					when 'manager' then
+						manager(crud, new_model_obj)
+					when 'root' then
+						root_user(crud, new_model_obj)
+					else
+				end
+			end
+			def get_role
+				token = Token.find_by(access_token: Thread.current[:request].session[:access_token])
+				return token.user.role
+			end
+			def get_user_id
+				token = Token.find_by(access_token: Thread.current[:request].session[:access_token])
+				return token.user.id
+			end
+			private
+			# /////////////////////////////////
+			# WRITER
+			# /////////////////////////////////
+			# you can
+			# create: 	posts, categories, images
+			# update:		my posts, categories, images, my user without role
+			# delete:		my posts
+			# you cannot
+			# create: 	users
+			# update: 	other posts, other users, my user role
+			# delete:		other posts, categories, images, users
+			def writer(crud, new_model_obj)
+				case crud
+					when 'create' then
+						writer_create(new_model_obj)
+					when 'update' then
+						writer_update(new_model_obj)
+					when 'destroy' then
+						writer_destroy(new_model_obj)
+					else
+				end
+			end
+			def writer_create(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Writer create a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Writer create a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Writer create a image")
+					when /User/ then
+						# error
+						raise AuthorityError, 'Writer can not create User'
+					else
+				end
+			end
+			def writer_update(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# error
+						raise AuthorityError, 'Writer can update only my Post' unless get_user_id == new_model_obj.user_id
+						# success
+						Rails.logger.debug("Writer update my post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Writer update a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Writer update a image")
+					when /User/ then
+						# error
+						raise AuthorityError, 'Writer can update only my Post' unless get_user_id == new_model_obj.id
+						# success
+						Rails.logger.debug("Writer update my user")
+					else
+				end
+			end
+			def writer_destroy(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# error
+						raise AuthorityError, 'Writer can destroy only my Post' unless get_user_id == new_model_obj.user_id
+						# success
+						Rails.logger.debug("Writer destroy my post")
+					when /Category/ then
+						# error
+						raise AuthorityError, 'Writer can not destroy Category'
+					when /Image/ then
+						# error
+						raise AuthorityError, 'Writer can not destroy Image'
+					when /User/ then
+						# error
+						raise AuthorityError, 'Writer can not destroy User'
+					else
+				end
+			end
+			# /////////////////////////////////
+			# EDITOR - Restriction
+			# /////////////////////////////////
+			# you can
+			# create: 	posts, categories, images
+			# update:		posts, categories, images, my user without role
+			# delete: 	posts, categories, images
+			# you cannot
+			# - create: 	users
+			# - update: 	other users, my user role
+			# - delete: 	users
+			def editor(crud, new_model_obj)
+				case crud
+					when 'create' then
+						editor_create(new_model_obj)
+					when 'update' then
+						editor_update(new_model_obj)
+					when 'destroy' then
+						editor_destroy(new_model_obj)
+					else
+				end
+			end
+			def editor_create(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Editor create a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Editor create a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Editor create a image")
+					when /User/ then
+						# error
+						raise AuthorityError, 'Editor can not destroy User'
+					else
+				end
+			end
+			def editor_update(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Editor update a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Editor update a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Editor update a image")
+					when /User/ then
+						# error
+						raise AuthorityError, 'Editor can update only my Post' unless get_user_id == new_model_obj.id
+						# success
+						Rails.logger.debug("Editor update a user")
+					else
+				end
+			end
+			def editor_destroy(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Editor destroy a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Editor destroy a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Editor destroy a image")
+					when /User/ then
+						# error
+						raise AuthorityError, 'Editor can not destroy User'
+					else
+				end
+			end
+			# /////////////////////////////////
+			# MANAGER - Restriction
+			# /////////////////////////////////
+			# you can
+			# create: 	posts, categories, images, users
+			# update:		posts, categories, images, users
+			# delete: 	posts, categories, images, users
+			# you cannot
+			# - create: 	none
+			# - update: 	none
+			# - delete: 	none
+			def manager(crud, new_model_obj)
+				case crud
+					when 'create' then
+						manager_create(new_model_obj)
+					when 'update' then
+						manager_update(new_model_obj)
+					when 'destroy' then
+						manager_destroy(new_model_obj)
+					else
+				end
+			end
+			def manager_create(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Manager create a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Manager create a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Manager create a image")
+					when /User/ then
+						# success
+						Rails.logger.debug("Manager create a user")
+					else
+				end
+			end
+			def manager_update(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Manager update a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Manager update a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Manager update a image")
+					when /User/ then
+						# success
+						Rails.logger.debug("Manager update a user")
+					else
+				end
+			end
+			def manager_destroy(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Manager destroy a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Manager destroy a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Manager destroy a image")
+					when /User/ then
+						# success
+						Rails.logger.debug("Manager destroy a user")
+					else
+				end
+			end
+			# /////////////////////////////////
+			# ROOT
+			# /////////////////////////////////
+			# you can
+			# create: 	users
+			# update:		none
+			# delete: 	none
+			# you cannot
+			# - create: 	posts, categories, images
+			# - update: 	posts, categories, images, users
+			# - delete: 	posts, categories, images, users
+			def root_user(crud, new_model_obj)
+				case crud
+					when 'create' then
+						root_create(new_model_obj)
+					when 'update' then
+						root_update(new_model_obj)
+					else
+						# error
+						raise AuthorityError, 'Root user only create User, and update own profile'
+				end
+			end
+			def root_create(new_model_obj)
+				case new_model_obj.class.name
+					when /User/ then
+						# success
+						Rails.logger.debug("Root user create a user")
+					else
+						# error
+						raise AuthorityError, 'Root user only create User'
+				end
+			end
+			def root_update(new_model_obj)
+				case new_model_obj.class.name
+					when /User/ then
+						raise AuthorityError, 'Root user only update own profile' unless new_model_obj.id == 0
+						# success
+						Rails.logger.debug("Root user update own profile")
+					else
+						# error
+						raise AuthorityError, 'Root user only update own profile'
+				end
+			end
+			# /////////////////////////////////
+			# DELETED
+			# /////////////////////////////////
+			# you can
+			# create: 	none
+			# update:		none
+			# delete: 	none
+			# you cannot
+			# - create: 	all
+			# - update: 	all
+			# - delete: 	all
+			def check_deleted
+				token = Token.find_by(access_token: Thread.current[:request].session[:access_token])
+				if token.user.is_deleted
+					# error
+					raise AuthorityError, 'This User is Deleted..'
+				end
+			end
+		end
+	end
+end