RubyGems - notee - Versions diffs - 0.4.0 → 1.0.0 - Mend

notee 0.4.0 → 1.0.0

Files changed (246) hide show

data/app/controllers/notee/application_controller.rb CHANGED Viewed

@@ -1,6 +1,11 @@
 module Notee
   class ApplicationController < ActionController::Base
     before_action :restrict_access_json
+    before_filter :set_request_filter
+    def set_request_filter
+      Thread.current[:request] = request
+    end
     def restrict_access_json
       return redirect_to new_token_path unless confirm_exist_token

data/app/controllers/notee/categories_controller.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Notee
     before_action :set_category, only: [:show, :update, :destroy]
     def index
-      @categories = Category.all
+      @categories = Category.where(is_deleted: false)
       render json: { status: 'success', categories: @categories }
     end
@@ -27,9 +27,12 @@ module Notee
     def update
       respond_to do |format|
+        Category.skip_callback(:save, :before, :set_slug)
         if @category.update(category_params)
+          Category.set_callback(:save, :before, :set_slug)
           format.json { render json: @category, status: 200 }
         else
+          Category.set_callback(:save, :before, :set_slug)
           format.json { render json: @category.errors, status: :unprocessable_entity }
         end
       end
@@ -37,10 +40,11 @@ module Notee
     def destroy
       respond_to do |format|
-        if @category.destroy
+        if @category.update(slug: nil, is_deleted: true)
+          Category.before_destroy_parent(@category.id)
           format.json { render json: @category, status: 200 }
         else
-          format.json { render json: @category.errors, status: :internal_server_error }
+          format.json { render json: @category.errors, status: :unprocessable_entity }
         end
       end
     end

data/app/controllers/notee/comments_controller.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Notee
     before_action :set_comment, only: [:update, :destroy]
     def index
-      comments = Comment.all.order(updated_at: :desc)
+      comments = Comment.where(is_deleted: false).order(updated_at: :desc)
       render json: { status: 'success', comments: comments }
     end
@@ -25,7 +25,7 @@ module Notee
     def update
       respond_to do |format|
-        if @comment.update(post_params)
+        if @comment.update(is_hidden: !@comment.is_hidden)
           format.json { render json: @comment, status: 200 }
         else
           format.json { render json: @comment.errors, status: :unprocessable_entity }
@@ -34,8 +34,13 @@ module Notee
     end
     def destroy
-      @comment.destroy
-      render json: { status: 'success' }
+      respond_to do |format|
+        if @comment.update(is_deleted: true)
+          format.json { render json: @comment, status: 200 }
+        else
+          format.json { render json: @comment.errors, status: :internal_server_error }
+        end
+      end
     end
     private

data/app/controllers/notee/images_controller.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Notee
   class ImagesController < ApplicationController
     def index
-      @images = Image.all.order(updated_at: :desc)
+      @images = Image.where(is_deleted: false).order(updated_at: :desc)
       render json: { status: 'success', images: @images }
     end
@@ -31,7 +31,7 @@ module Notee
       return unless @del_img = Image.find_by(content: params[:name])
       respond_to do |format|
-        if @del_img.destroy
+        if @del_img.update(is_deleted: true)
           format.json { render json: @del_img, status: 200 }
         else
           format.json { render json: @del_img.errors, status: :internal_server_error }

data/app/controllers/notee/posts_controller.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Notee
     # GET /posts
     def index
-      @posts = Post.all.order(updated_at: :desc)
+      @posts = Post.where(is_deleted: false).order(updated_at: :desc)
       render json: { status: 'success', posts: @posts }
     end
@@ -19,6 +19,7 @@ module Notee
     # POST /posts
     def create
       @post = Post.new(post_params)
+      @post.set_user_id
       respond_to do |format|
         if @post.save
           format.json { render json: @post, status: 200 }
@@ -30,6 +31,7 @@ module Notee
     # PATCH/PUT /posts/1
     def update
+      post_params[:user_id] = @post.user_id
       respond_to do |format|
         if @post.update(post_params)
           format.json { render json: @post, status: 200 }
@@ -41,8 +43,13 @@ module Notee
     # DELETE /posts/1
     def destroy
-      @post.destroy
-      render json: { status: 'success' }
+      respond_to do |format|
+        if @post.update(is_deleted: true)
+          format.json { render json: @post, status: 200 }
+        else
+          format.json { render json: @post.errors, status: :internal_server_error }
+        end
+      end
     end
     private
@@ -53,7 +60,7 @@ module Notee
     # Only allow a trusted parameter "white list" through.
     def post_params
-      params.require(:post).permit(:title, :content, :slug, :status, :category_id, :thumbnail_id, :published_at, :seo_keyword, :seo_description, :secret_published_password)
+      params.require(:post).permit(:title, :content, :slug, :status, :user_id, :category_id, :thumbnail_id, :published_at, :seo_keyword, :seo_description, :secret_published_password)
     end
   end
 end

data/app/controllers/notee/roles_controller.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Notee
       user = find_user_by_access_token
       if user
-        render json: { status: 'success', user: user }
+        render json: { status: 'success', role: user.role }
       else
         render json: { status: 'failed' }
       end

data/app/controllers/notee/tokens_controller.rb CHANGED Viewed

@@ -9,25 +9,19 @@ module Notee
     end
     def create
-      if Notee.notee_id == params[:id] && Notee.notee_password == params[:password]
-        if token = Token.create!
-          session[:access_token] = token.access_token
-          return redirect_to root_path
-        end
-      end
-      if now_user = User.sign_in(params[:id], params[:password])
-        if token = Token.create!(user_id: now_user.id)
-          session[:access_token] = token.access_token
-        end
-      end
+      User.sign_in(params[:id], params[:password])
       redirect_to root_path
     end
     def destroy
-      Token.find_by_access_token(session[:access_token]).destroy!
-      session.delete(:access_token)
+      respond_to do |format|
+        if @token = Token.find_by_access_token(session[:access_token]).destroy!
+          session.delete(:access_token)
+          format.json { render json: @token, status: 200 }
+          else
+          format.json { render json: @token.errors, status: :unprocessable_entity }
+        end
+      end
     end
   end
 end

data/app/controllers/notee/trashes_controller.rb ADDED Viewed

@@ -0,0 +1,60 @@
+require_dependency 'notee/application_controller'
+module Notee
+	class TrashesController < ApplicationController
+		before_action :set_trash, only: [:update]
+		def index
+			trash_model = get_model
+			if @trashes = trash_model.trash
+				render json: { status: 'success', trashes: @trashes }
+			else
+				render json: @trashes.errors, status: 422
+			end
+		end
+		def update
+			get_model.skip_callback(:update, :before, :update_authority)
+			respond_to do |format|
+				if @trash.update(is_deleted: false)
+					format.json { render json: @trash, status: 200 }
+				else
+					format.json { render json: @trash.errors, status: :unprocessable_entity }
+				end
+			end
+			get_model.set_callback(:update, :before, :update_authority)
+		end
+		def self.cleanup
+			Post.trash.time_limit.delete_all
+			Category.trash.time_limit.delete_all
+			Image.trash.time_limit.delete_all
+			User.trash.time_limit.delete_all
+			Comment.trash.time_limit.delete_all
+		end
+		private
+		def get_model
+			case params[:model]
+				when 'posts'
+					return Post
+				when 'categories'
+					return Category
+				when 'images'
+					return Image
+				when 'users'
+					return User
+				when 'comments'
+					return Comment
+			end
+		end
+		def set_trash
+			trash_model = get_model
+			@trash = trash_model.find_by(id: params[:id])
+		end
+	end
+end

data/app/controllers/notee/users_controller.rb CHANGED Viewed

@@ -3,13 +3,14 @@ require_dependency 'notee/application_controller'
 module Notee
   class UsersController < ApplicationController
     # callbacks
     before_action :set_user, only: [:show, :update, :destroy]
     before_action :convert_from_string_to_int, only: [:create, :update]
     # GET /users
     def index
-      @users = User.all.order(updated_at: :desc)
+      @users = User.where(is_deleted: false).order(updated_at: :desc)
       render json: { status: 'success', users: @users }
     end
@@ -18,10 +19,14 @@ module Notee
       render json: { status: 'success', user: @user }
     end
+    def mypage
+      @user = Token.find_by(access_token: session[:access_token]).user
+      render json: { status: 'success', user: @user }
+    end
     # POST /posts
     def create
       @user = User.new(user_params)
-      @user.file = user_params[:profile_img]
       respond_to do |format|
         if @user.save
           format.json { render json: @user, status: 200 }
@@ -33,7 +38,6 @@ module Notee
     # PATCH/PUT /posts/1
     def update
-      @user.file = user_params[:profile_img]
       respond_to do |format|
         if @user.update(user_params)
           format.json { render json: @user, status: 200 }
@@ -43,10 +47,26 @@ module Notee
       end
     end
+    def update_password
+      @user = Token.find_by(access_token: session[:access_token]).user
+      respond_to do |format|
+        if @user.update_password(user_params)
+          format.json { render json: @user, status: 200 }
+        else
+          format.json { render json: @user.errors, status: :unprocessable_entity }
+        end
+      end
+    end
     # DELETE /posts/1
     def destroy
-      @user.destroy
-      render json: { status: 'success' }
+      respond_to do |format|
+        if @user.update(is_deleted: true)
+          format.json { render json: @user, status: 200 }
+        else
+          format.json { render json: @user.errors, status: :internal_server_error }
+        end
+      end
     end
     private
@@ -61,7 +81,7 @@ module Notee
     # Only allow a trusted parameter "white list" through.
     def user_params
-      params.require(:user).permit(:name, :email, :password, :password_confirm, :profile, :profile_img, :role)
+      params.require(:user).permit(:name, :email, :now_password, :password, :password_confirm, :profile, :profile_img, :role, :file)
     end
   end
 end

data/app/models/notee/application_record.rb CHANGED Viewed

@@ -1,5 +1,32 @@
 module Notee
   class ApplicationRecord < ActiveRecord::Base
     self.abstract_class = true
+    # scopes
+    scope :trash, -> { where(is_deleted: true) }
+    scope :not_trash, -> { where(is_deleted: false) }
+    scope :time_limit, -> { where('updated_at <= ?', Time.current - 60*60*24*30) }
+    # authority check
+    before_create :create_authority
+    before_update :update_authority, unless: :is_destroy?
+    before_update :destroy_authority, if: :is_destroy?
+    def create_authority
+      Authority.check('create', self)
+    end
+    def update_authority
+      Authority.check('update', self)
+    end
+    def destroy_authority
+      Authority.check('destroy', self)
+    end
+    def is_destroy?
+      return true if self.is_deleted == true
+      false
+    end
   end
 end

data/app/models/notee/authority.rb ADDED Viewed

@@ -0,0 +1,377 @@
+module Notee
+	class Authority
+		include ActiveModel::Model
+		class AuthorityError < StandardError; end
+		class << self
+			TARGET_ARR = ['Post', 'Category', 'Image', 'User']
+			def check(crud, new_model_obj)
+				check_deleted
+				role = get_role
+				case role
+					when 'writer' then
+						writer(crud, new_model_obj)
+					when 'editor' then
+						editor(crud, new_model_obj)
+					when 'manager' then
+						manager(crud, new_model_obj)
+					when 'root' then
+						root_user(crud, new_model_obj)
+					else
+				end
+			end
+			def get_role
+				token = Token.find_by(access_token: Thread.current[:request].session[:access_token])
+				return token.user.role
+			end
+			def get_user_id
+				token = Token.find_by(access_token: Thread.current[:request].session[:access_token])
+				return token.user.id
+			end
+			private
+			# /////////////////////////////////
+			# WRITER
+			# /////////////////////////////////
+			# you can
+			# create: 	posts, categories, images
+			# update:		my posts, categories, images, my user without role
+			# delete:		my posts
+			# you cannot
+			# create: 	users
+			# update: 	other posts, other users, my user role
+			# delete:		other posts, categories, images, users
+			def writer(crud, new_model_obj)
+				case crud
+					when 'create' then
+						writer_create(new_model_obj)
+					when 'update' then
+						writer_update(new_model_obj)
+					when 'destroy' then
+						writer_destroy(new_model_obj)
+					else
+				end
+			end
+			def writer_create(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Writer create a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Writer create a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Writer create a image")
+					when /User/ then
+						# error
+						raise AuthorityError, 'Writer can not create User'
+					else
+				end
+			end
+			def writer_update(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# error
+						raise AuthorityError, 'Writer can update only my Post' unless get_user_id == new_model_obj.user_id
+						# success
+						Rails.logger.debug("Writer update my post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Writer update a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Writer update a image")
+					when /User/ then
+						# error
+						raise AuthorityError, 'Writer can update only my Post' unless get_user_id == new_model_obj.id
+						# success
+						Rails.logger.debug("Writer update my user")
+					else
+				end
+			end
+			def writer_destroy(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# error
+						raise AuthorityError, 'Writer can destroy only my Post' unless get_user_id == new_model_obj.user_id
+						# success
+						Rails.logger.debug("Writer destroy my post")
+					when /Category/ then
+						# error
+						raise AuthorityError, 'Writer can not destroy Category'
+					when /Image/ then
+						# error
+						raise AuthorityError, 'Writer can not destroy Image'
+					when /User/ then
+						# error
+						raise AuthorityError, 'Writer can not destroy User'
+					else
+				end
+			end
+			# /////////////////////////////////
+			# EDITOR - Restriction
+			# /////////////////////////////////
+			# you can
+			# create: 	posts, categories, images
+			# update:		posts, categories, images, my user without role
+			# delete: 	posts, categories, images
+			# you cannot
+			# - create: 	users
+			# - update: 	other users, my user role
+			# - delete: 	users
+			def editor(crud, new_model_obj)
+				case crud
+					when 'create' then
+						editor_create(new_model_obj)
+					when 'update' then
+						editor_update(new_model_obj)
+					when 'destroy' then
+						editor_destroy(new_model_obj)
+					else
+				end
+			end
+			def editor_create(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Editor create a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Editor create a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Editor create a image")
+					when /User/ then
+						# error
+						raise AuthorityError, 'Editor can not destroy User'
+					else
+				end
+			end
+			def editor_update(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Editor update a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Editor update a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Editor update a image")
+					when /User/ then
+						# error
+						raise AuthorityError, 'Editor can update only my Post' unless get_user_id == new_model_obj.id
+						# success
+						Rails.logger.debug("Editor update a user")
+					else
+				end
+			end
+			def editor_destroy(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Editor destroy a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Editor destroy a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Editor destroy a image")
+					when /User/ then
+						# error
+						raise AuthorityError, 'Editor can not destroy User'
+					else
+				end
+			end
+			# /////////////////////////////////
+			# MANAGER - Restriction
+			# /////////////////////////////////
+			# you can
+			# create: 	posts, categories, images, users
+			# update:		posts, categories, images, users
+			# delete: 	posts, categories, images, users
+			# you cannot
+			# - create: 	none
+			# - update: 	none
+			# - delete: 	none
+			def manager(crud, new_model_obj)
+				case crud
+					when 'create' then
+						manager_create(new_model_obj)
+					when 'update' then
+						manager_update(new_model_obj)
+					when 'destroy' then
+						manager_destroy(new_model_obj)
+					else
+				end
+			end
+			def manager_create(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Manager create a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Manager create a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Manager create a image")
+					when /User/ then
+						# success
+						Rails.logger.debug("Manager create a user")
+					else
+				end
+			end
+			def manager_update(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Manager update a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Manager update a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Manager update a image")
+					when /User/ then
+						# success
+						Rails.logger.debug("Manager update a user")
+					else
+				end
+			end
+			def manager_destroy(new_model_obj)
+				case new_model_obj.class.name
+					when /Post/ then
+						# success
+						Rails.logger.debug("Manager destroy a post")
+					when /Category/ then
+						# success
+						Rails.logger.debug("Manager destroy a category")
+					when /Image/ then
+						# success
+						Rails.logger.debug("Manager destroy a image")
+					when /User/ then
+						# success
+						Rails.logger.debug("Manager destroy a user")
+					else
+				end
+			end
+			# /////////////////////////////////
+			# ROOT
+			# /////////////////////////////////
+			# you can
+			# create: 	users
+			# update:		none
+			# delete: 	none
+			# you cannot
+			# - create: 	posts, categories, images
+			# - update: 	posts, categories, images, users
+			# - delete: 	posts, categories, images, users
+			def root_user(crud, new_model_obj)
+				case crud
+					when 'create' then
+						root_create(new_model_obj)
+					when 'update' then
+						root_update(new_model_obj)
+					else
+						# error
+						raise AuthorityError, 'Root user only create User, and update own profile'
+				end
+			end
+			def root_create(new_model_obj)
+				case new_model_obj.class.name
+					when /User/ then
+						# success
+						Rails.logger.debug("Root user create a user")
+					else
+						# error
+						raise AuthorityError, 'Root user only create User'
+				end
+			end
+			def root_update(new_model_obj)
+				case new_model_obj.class.name
+					when /User/ then
+						raise AuthorityError, 'Root user only update own profile' unless new_model_obj.id == 0
+						# success
+						Rails.logger.debug("Root user update own profile")
+					else
+						# error
+						raise AuthorityError, 'Root user only update own profile'
+				end
+			end
+			# /////////////////////////////////
+			# DELETED
+			# /////////////////////////////////
+			# you can
+			# create: 	none
+			# update:		none
+			# delete: 	none
+			# you cannot
+			# - create: 	all
+			# - update: 	all
+			# - delete: 	all
+			def check_deleted
+				token = Token.find_by(access_token: Thread.current[:request].session[:access_token])
+				if token.user.is_deleted
+					# error
+					raise AuthorityError, 'This User is Deleted..'
+				end
+			end
+		end
+	end
+end