openstax_api 2.5.1 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4e9f64fc680c9305cdab0cf7c5763750825793bc
-  data.tar.gz: 0d469d8177f3417341d18e502ba8c575bc7bb153
+  metadata.gz: e4a4d7a6e7dd7a7ccda5ca535edb33ce7dc6694c
+  data.tar.gz: 1337c07dcb6b7097a7411850b09781ab0729110e
 SHA512:
-  metadata.gz: acdfccc6cda3472e3f14f7cee2e2feb21175d5208719a0adbf42f8f4a368259b583f3dafa8012504e170e31f736826aa18f8a52ba5b2ee0c9b3bb13cdd15c6b7
-  data.tar.gz: 1e9d2348a19c27782de4f31ed8740120b3ce6346e45ce8d452d56a6fb8cb91c3cf258dbb98a4c4e7df3889e4852b08e44f8ddc0b93df2d490d466ee4e450988e
+  metadata.gz: d7b974c2cb4bc39dea96d829e94b5296db85fa15d03e8d9cb30f075e27a3e606296ad3188a68cb6108d451a9ba322ba386087469e40d85718125af75ae57a609
+  data.tar.gz: dc0ee731484d0a14411327ee1cde7d0e622421d0973d47108255a11ab22a5104df0a3ee1975ffd14fa5e0d26a0ab158fd3d0c413023a435da40bb2644040a1e6

data/Rakefile

@@ -11,12 +11,10 @@ load 'rails/tasks/engine.rake'
 
 Bundler::GemHelper.install_tasks
 
-require 'rake/testtask'
+require 'rspec/core'
+require 'rspec/core/rake_task'
 
-Rake::TestTask.new(:spec => 'app:db:test:prepare') do |t|
-  t.libs << 'spec'
-  t.pattern = 'spec/**/*_spec.rb'
-  t.verbose = false
-end
+desc 'Run all specs in spec directory (excluding plugin specs)'
+RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare')
 
 task :default => :spec

data/app/controllers/openstax/api/v1/api_controller.rb

@@ -37,7 +37,7 @@ module OpenStax
         protected
 
         def session_user?
-          current_session_user && doorkeeper_token.blank?
+          !!current_session_user && doorkeeper_token.blank?
         end
 
       end

data/app/representers/openstax/api/v1/abstract_search_representer.rb

@@ -0,0 +1,40 @@
+# Represents search results for a JSON API
+#
+# Subclasses should define the representer for the search results:
+#   collection :items, inherit: true, decorator: SomeRepresenter
+#
+# See spec/dummy/app/representers/user_search_representer.rb for an example search representer
+
+module OpenStax
+  module Api
+    module V1
+      class AbstractSearchRepresenter < ::Roar::Decorator
+
+        include ::Roar::Representer::JSON
+
+        property :total_count,
+                 type: Integer,
+                 readable: true,
+                 writeable: false,
+                 exec_context: :decorator,
+                 schema_info: {
+                   required: true,
+                   description: "The number of items matching the query; can be more than the number returned if paginating"
+                 }
+
+        collection :items,
+                   readable: true,
+                   writeable: false,
+                   schema_info: {
+                     required: true,
+                     description: "The items matching the query or a subset thereof when paginating"
+                   }
+
+        def total_count
+          represented[:total_count] || represented[:items].limit(nil).offset(nil).count
+        end
+
+      end
+    end 
+  end
+end

data/lib/openstax/api/constraints.rb

@@ -1,16 +1,15 @@
+require 'openstax_utilities'
+
 module OpenStax
   module Api
     class Constraints
-      cattr_accessor :main_app_name
-      
       def initialize(options)
         @version = options[:version]
         @default = options[:default]
       end
 
       def api_accept_header
-        self.main_app_name ||= OpenStax::Api::Engine::MAIN_APP_NAME.underscore
-        "application/vnd.#{self.main_app_name}.openstax.#{@version.to_s}"
+        "application/vnd.openstax.#{OSU::SITE_NAME}.#{@version.to_s}"
       end
       
       def matches?(req)

data/lib/openstax/api/engine.rb

@@ -1,5 +1,6 @@
 require 'roar-rails'
 require 'exception_notification'
+require 'openstax_utilities'
 require 'openstax/api/roar'
 require 'openstax/api/apipie'
 
@@ -8,17 +9,11 @@ module OpenStax
     class Engine < ::Rails::Engine
       isolate_namespace OpenStax::Api
 
-      config.after_initialize do
-        MAIN_APP_NAME = ::Rails.application.class.parent_name
-      end
-
       config.generators do |g|
         g.test_framework      :rspec,        :fixture => false
         g.fixture_replacement :factory_girl, :dir => 'spec/factories'
-      end
-
-      ActiveSupport::Inflector.inflections do |inflect|
-        inflect.acronym 'OpenStax'
+        g.assets false
+        g.helper false
       end
     end
   end

data/lib/openstax/api/representable_schema_printer.rb

@@ -2,6 +2,7 @@ module OpenStax
   module Api
     class RepresentableSchemaPrinter
 
+      # Returns the json schema for a representer
       def self.json_schema(representer, options = {})
         definitions = {}
         schema = json_object(representer, definitions, options)
@@ -9,6 +10,8 @@ module OpenStax
         schema
       end
 
+      # Returns some formatted Markdown with HTML containing the
+      # JSON schema for a given representer
       def self.json(representer, options={})
         options[:include] ||= [:readable, :writeable]
 
@@ -20,29 +23,34 @@ module OpenStax
         "\n<pre class='code'>\n#{json_string}\n</pre>\n"
       end
 
-    protected
+      protected
 
+      # Attempts to extract the given representer's name
       def self.representer_name(representer)
         name = representer.name
         return nil if name.nil?
         name.chomp('Representer').demodulize.camelize(:lower)
       end
 
+      # Gets the definition name for the given representer name
       def self.definition_name(name)
         "#/definitions/#{name}"
       end
 
+      # Helper function for json_schema
       def self.json_object(representer, definitions, options = {})
+        # Initialize the schema
         schema = { type: :object, required: [], properties: {},
                    additionalProperties: false }
 
         representer.representable_attrs.each do |attr|
-          name = attr[:as].evaluate(self)
+          # Handle some common attributes (as, schema_info, required)
+          name = attr[:as].evaluate(representer)
           schema_info = attr[:schema_info] || {}
 
           schema[:required].push(name.to_sym) if schema_info[:required]
 
-          # Skip unless attr includes the specified key or is required
+          # Skip attr it attr includes the specified key or is "required"
           next unless [options[:include]].flatten.any?{ |inc|
             m = inc.to_s + "?"
             attr.respond_to?(m) ? attr.send(m) : attr[inc]
@@ -54,65 +62,79 @@ module OpenStax
                  (name.end_with?('id') ? :integer : :string) : type
           attr_info ||= { type: type }
 
+          # Process the schema_info attribute
           schema_info.each do |key, value|
+            # Handle special keys (required, definitions, type)
             next if key == :required
             if key == :definitions
               definitions.merge!(value)
               next
             end
             value = value.to_s.downcase if key == :type
+            # Store the schema_info k-v pair in attr_info
             attr_info[key] = value
           end
 
           # Overwrite type for collections
           attr_info[:type] = 'array' if attr[:collection]
 
+          # Handle nested representers
           if attr[:extend]
-            # We're dealing with a nested representer.  It may just be a simple representer 
-            # or it could be an Uber::Callable (representing that the representer could be
-            # one of a number of possible representers)
-
-            if attr[:extend].is_a?(Uber::Options::Value) && attr[:extend].dynamic?
-              # We're dealing with an Uber::Callable situation, so need to get the list of 
-              # possible representers and add each one to the "oneOf" list as well as to
-              # the definitions hash
-
-              attr_info[:type] = 'object'
-              attr_info[:oneOf] = []
-
-              attr[:extend].evaluate(:all_sub_representers).each do |sub_representer|
-                srname = representer_name(sub_representer)
-                attr_info[:oneOf].push(:$ref => definition_name(srname))
-                definitions[srname] = json_object(sub_representer, definitions, options) if definitions[srname].nil?
-              end
-            else
-              # We're dealing with a simple representer
-              
-              decorator = attr[:extend].evaluate(self)
+            # The nested representer can be either a simple representer or
+            # an Uber::Callable, in which case there could be multiple representers
+
+            # Get the nested representers
+            # Evaluate syntax is evaluate(context, instance or class, *args)
+            # We have no instance or class (since we have no fragment), so we pass nil
+            # By convention, the callables we use should return an array of all
+            # possible representers when we pass the :all_sub_representers => true option
+            decorators = [attr[:extend].evaluate(representer, nil, :all_sub_representers => true)].flatten
+
+            # Count the representers
+            include_oneof = decorators.length > 1
+            # If we have more than one possible representer, use oneOf to list them all
+            sreps = include_oneof ? { oneOf: [] } : {}
+
+            decorators.each do |decorator|
+              # Attempt to get the representer's name
               rname = representer_name(decorator)
 
               if rname
+                # We have a representer name, so use a schema definition with that name
                 dname = definition_name(rname)
+                dhash = { :$ref => dname }
+
+                include_oneof ? sreps[:oneOf].push(dhash) : sreps = dhash
 
-                if attr[:collection]
-                  attr_info[:items] = { :$ref => dname }
-                else
-                  # Type is included in ref
-                  attr_info.delete(:type)
-                  attr_info[:$ref] = dname
-                end
                 if definitions[rname].nil?
+                  # No definition with that name found, so add it
+                  # A blank definition is added first to prevent infinite loops
                   definitions[rname] = {}
-                  definitions[rname] = json_object(decorator,
-                                                   definitions, options)
+                  definitions[rname] = json_object(decorator, definitions, options)
                 end
               else
-                attr_info.merge!(json_object(decorator, definitions, options))
+                # No representer name, so add the object inline instead
+                obj = json_object(decorator, definitions, options)
+                include_oneof ? sreps[:oneOf].push(obj) : sreps = obj
               end
-            end # .is_a?(...)
+            end
+
+            if attr[:collection]
+              # Collection
+              #   Type already set above (array)
+              #   Add sub representers under :items
+              attr_info[:items] = sreps
+            else
+              # Not a collection
+              #   Type included in ref
+              #   Add sub representers inline
+              attr_info.delete(:type)
+              attr_info.merge!(sreps)
+            end
 
           end
 
+          # Merge attr_info back into the schema
           schema[:properties][name.to_sym] = attr_info
         end
 
@@ -121,6 +143,7 @@ module OpenStax
           schema.delete(field) if schema[field].blank?
         end
 
+        # Return the completed object schema
         schema
       end
 

data/lib/openstax/api/roar.rb

@@ -8,43 +8,46 @@ module OpenStax
 
     module Roar
 
-      def get_representer(represent_with, model=nil)
-        return nil if represent_with.nil?
-        if represent_with.is_a? Proc
-          represent_with.call(model)
-        else
-          represent_with
-        end
+      def standard_create(model, represent_with=nil, &block)
+        standard_nested_create(model, nil, nil, represent_with, &block)
       end
 
-      def standard_read(model_klass, id, represent_with=nil)
-        @model = model_klass.find(id)
+      def standard_read(model, represent_with=nil)
         OSU::AccessPolicy.require_action_allowed!(:read, current_api_user, @model)
-        respond_with @model, represent_with: get_representer(represent_with, @model)
+        respond_with model, represent_with: represent_with
       end
 
-      def standard_update(model_klass, id, represent_with=nil)
-        @model = model_klass.find(id)
-        OSU::AccessPolicy.require_action_allowed!(:update, current_api_user, @model)
-        consume!(@model, represent_with: get_representer(represent_with, @model))
+      def standard_update(model, represent_with=nil)
+        OSU::AccessPolicy.require_action_allowed!(:update, current_api_user, model)
+
+        model_klass.transaction do
+          consume!(model, represent_with: represent_with)
+          yield model if block_given?
+          OSU::AccessPolicy.require_action_allowed!(:update, current_api_user, model)
         
-        if @model.save
-          head :no_content
-        else
-          render json: @model.errors, status: :unprocessable_entity
+          if model.save
+            head :no_content
+          else
+            render json: model.errors, status: :unprocessable_entity
+          end
         end
       end
 
-      def standard_create(model_klass, represent_with=nil, &block)
-        standard_nested_create(model_klass, nil, nil, represent_with, &block)
+      def standard_destroy(model)
+        OSU::AccessPolicy.require_action_allowed!(:destroy, current_api_user, model)
+        
+        if model.destroy
+          head :no_content
+        else
+          render json: model.errors, status: :unprocessable_entity
+        end
       end
 
-      def standard_nested_create(model_klass, container_association=nil, container_id=nil, represent_with=nil)
-        @model = model_klass.new()
-
-        if container_association && container_id
-          foreign_key = model_klass.reflect_on_association(container_association).association_foreign_key
-          @model.send(foreign_key + '=', container_id)
+      def standard_nested_create(model, container_association=nil,
+                                 container=nil, represent_with=nil)
+        if container_association && container
+          OSU::AccessPolicy.require_action_allowed!(:update, current_api_user, container)
+          model.send("#{container_association.to_s}=", container)
         end
 
         # Unlike the implications of the representable README, "consume!" can
@@ -52,80 +55,34 @@ module OpenStax
         # We do want to consume before checking the permissions so we can know
         # what we're dealing with, but if user doesn't have permission we don't
         # want to have changed the DB.  Wrap in a transaction to protect ourselves.
-
         model_klass.transaction do
-          consume!(@model, represent_with: get_representer(represent_with, @model))
-          yield @model if block_given?
-          OSU::AccessPolicy.require_action_allowed!(:create, current_api_user, @model)
-        end
-
-        if @model.save
-          respond_with @model, represent_with: get_representer(represent_with, @model), status: :created
-        else
-          render json: @model.errors, status: :unprocessable_entity
+          consume!(model, represent_with: represent_with)
+          yield model if block_given?
+          OSU::AccessPolicy.require_action_allowed!(:create, current_api_user, model)
+
+          if model.save
+            respond_with model, represent_with: represent_with, status: :created
+          else
+            render json: model.errors, status: :unprocessable_entity
+          end
         end
       end
 
-      def standard_destroy(model_klass, id)
-        @model = model_klass.find(id)
-        OSU::AccessPolicy.require_action_allowed!(:destroy, current_api_user, @model)
-        
-        if @model.destroy
-          head :no_content
-        else
-          render json: @model.errors, status: :unprocessable_entity
-        end
+      def standard_index(relation, represent_with)
+        model_klass = relation.base_class
+        OSU::AccessPolicy.require_action_allowed!(:index, current_api_user, model_klass)
+        respond_with relation, represent_with: represent_with
       end
 
-      def standard_sort(model_klass)
-        # Take array of all IDs or hash of id => position,
-        # Regardless, build up an array of all IDs in the right order and pass those to sort
-
-        new_positions = params['newPositions']
-        return head :no_content if new_positions.length == 0
-
-        # Can't have duplicate positions or IDs
-        unique_ids =       new_positions.collect{|np| np['id']}.uniq
-        unique_positions = new_positions.collect{|np| np['position']}.uniq
-
-        return head :bad_request if unique_ids.length != new_positions.length
-        return head :bad_request if unique_positions.length != new_positions.length
-
-        first = model_klass.where(:id => new_positions[0]['id']).first
-
-        return head :not_found if first.blank?
-
-        originalOrdered = first.me_and_peers.ordered.all
-
-        originalOrdered.each do |item|
-          raise SecurityTransgression unless item.send(:container_column) == originalOrdered[0].send(:container_column) \
-            if item.respond_to?(:container_column)
-          OSU::AccessPolicy.require_action_allowed!(:sort, current_api_user, item)
-        end
-
-        originalOrderedIds = originalOrdered.collect{|sc| sc.id}
-
-        newOrderedIds = Array.new(originalOrderedIds.size)
-      
-        new_positions.each do |newPosition|
-          id = newPosition['id'].to_i
-          newOrderedIds[newPosition['position']] = id
-          originalOrderedIds.delete(id)
-        end
-
-        ptr = 0
-        for oldId in originalOrderedIds 
-          while !newOrderedIds[ptr].nil?; ptr += 1; end
-          newOrderedIds[ptr] = oldId
-        end
-
-        begin 
-          model_klass.sort!(newOrderedIds)
-        rescue Exception => e
-          return head :internal_server_error
-        end
+      def standard_search(routine, query, options, represent_with)
+        model_klass = routine.send(:initial_relation).base_class
+        OSU::AccessPolicy.require_action_allowed!(:search, current_api_user, model_klass)
+        outputs = routine.call(query, options).outputs
+        respond_with outputs, represent_with: represent_with
+      end
 
-        head :no_content
+      def standard_sort(*args)
+        raise NotYetImplemented
       end
       
     end

data/lib/openstax/api/version.rb

@@ -1,5 +1,5 @@
 module OpenStax
   module Api
-    VERSION = "2.5.1"
+    VERSION = "3.0.0"
   end
 end

data/spec/controllers/openstax/api/v1/api_controller_spec.rb

@@ -1,10 +1,96 @@
-require 'spec_helper'
+require 'rails_helper'
 
 module OpenStax
   module Api
     module V1
       describe ApiController do
-        # Nothing to test yet
+
+        let!(:user) { FactoryGirl.create :user }
+        let!(:user_2) { FactoryGirl.create :user }
+        let!(:application) { double('Doorkeeper::Application') }
+        let!(:doorkeeper_token) { double('Doorkeeper::AccessToken') }
+        let!(:non_doorkeeper_user_proc) { lambda { user } }
+        let!(:controller) { ApiController.new }
+
+        context 'no authentication' do
+          before (:each) do
+            controller.doorkeeper_token = nil
+            controller.present_user = nil
+          end
+          
+          it 'has no human_user and no application' do
+            expect(controller.send :session_user?).to eq false
+            expect(controller.current_application).to be_nil
+            expect(controller.current_human_user).to be_nil
+            expect(controller.current_session_user).to be_nil
+          end
+        end
+
+        context 'session' do
+          before (:each) do
+            controller.doorkeeper_token = nil
+            controller.present_user = user
+          end
+          
+          it 'has a human_user but no application' do
+            expect(controller.send :session_user?).to eq true
+            expect(controller.current_application).to be_nil
+            expect(controller.current_human_user).to eq user
+            expect(controller.current_session_user).to eq user
+          end
+        end
+
+        context 'token with application and human user' do
+          before (:each) do
+            controller.doorkeeper_token = doorkeeper_token
+            controller.present_user = nil
+          end
+          
+          it 'has a human_user from token and an application' do
+            allow(doorkeeper_token).to receive(:application).and_return(application)
+            allow(doorkeeper_token).to receive(:resource_owner_id).and_return(user.id)
+
+            expect(controller.send :session_user?).to eq false
+            expect(controller.current_application).to eq application
+            expect(controller.current_human_user).to eq user
+            expect(controller.current_session_user).to be_nil
+          end
+        end
+
+        context 'token with application only' do
+          before (:each) do
+            controller.doorkeeper_token = doorkeeper_token
+            controller.present_user = nil
+          end
+          
+          it 'has an application but no human_user' do
+            allow(doorkeeper_token).to receive(:application).and_return(application)
+            allow(doorkeeper_token).to receive(:resource_owner_id).and_return(nil)
+
+            expect(controller.send :session_user?).to eq false
+            expect(controller.current_application).to eq application
+            expect(controller.current_human_user).to eq nil
+            expect(controller.current_session_user).to eq nil
+          end
+        end
+
+        context 'session and token' do
+          before (:each) do
+            controller.doorkeeper_token = doorkeeper_token
+            controller.present_user = user_2
+          end
+
+          it 'ignores the session unless explicitly asked' do
+            allow(doorkeeper_token).to receive(:application).and_return(application)
+            allow(doorkeeper_token).to receive(:resource_owner_id).and_return(user)
+
+            expect(controller.send :session_user?).to eq false
+            expect(controller.current_application).to eq application
+            expect(controller.current_human_user).to eq user
+            expect(controller.current_session_user).to eq user_2
+          end
+        end
+
       end
     end
   end

data/spec/dummy/README.md

@@ -1 +1 @@
-Dummy application used to test the openstax_api gem.
+Dummy application used to test the openstax_api gem.

data/spec/dummy/Rakefile

@@ -1,7 +1,6 @@
-#!/usr/bin/env rake
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
 require File.expand_path('../config/application', __FILE__)
 
-Dummy::Application.load_tasks
+Rails.application.load_tasks

data/spec/dummy/app/assets/javascripts/application.js

@@ -5,11 +5,9 @@
 // or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
 //
 // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
-// the compiled file.
+// compiled file.
 //
-// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
-// GO AFTER THE REQUIRES BELOW.
+// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// about supported directives.
 //
-//= require jquery
-//= require jquery_ujs
 //= require_tree .

data/spec/dummy/app/assets/stylesheets/application.css

@@ -5,9 +5,11 @@
  * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
  * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
  *
- * You're free to add application-wide styles to this file and they'll appear at the top of the
- * compiled file, but it's generally better to create a new file per style scope.
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
  *
- *= require_self
  *= require_tree .
+ *= require_self
  */

data/spec/dummy/app/models/user.rb

@@ -0,0 +1,2 @@
+class User < ActiveRecord::Base
+end

data/spec/dummy/app/representers/user_representer.rb

@@ -0,0 +1,13 @@
+require 'representable/json'
+
+class UserRepresenter < ::Roar::Decorator
+
+  include Roar::Representer::JSON
+  
+  property :username, readable: false, writeable: false,
+                      schema_info: { required: true }
+  property :name, readable: true, writeable: true
+  property :email, readable: false, writeable: true
+  property :password_hash, readable: false, writeable: false
+
+end

data/spec/dummy/app/representers/user_search_representer.rb

@@ -0,0 +1,5 @@
+require 'representable/json'
+
+class UserSearchRepresenter < OpenStax::Api::V1::AbstractSearchRepresenter
+  collection :items, inherit: true, class: User, decorator: UserRepresenter
+end