openstax_api 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cce40c843b8d217abd9a7474b34217a10f380468
-  data.tar.gz: ae159bd0eda6a2191a5dfb3d8ac6b14f504b1df3
+  metadata.gz: 0182a7fe7cdaf9adbe7a8719473cd4546c2f3bcb
+  data.tar.gz: be4936d879e58990235b59857c65892fc1711456
 SHA512:
-  metadata.gz: 7416764ded4187e6dde991c812339d9c370a426ef7ca928807edbb9be0d86aa591d12b01660868066527c2dfb2df84322bdb2da1acbecddc6dade5e218cf4860
-  data.tar.gz: b714b80dbd734dd882eeb2a28442835f66372d9f5b32e920258e7291b90e536154c9e883de04b72b1a913991d6082763479e4a87dfabc3950527894e03d6b72f
+  metadata.gz: 2948208fe965b6e01bc5e67615b48058d52998fb40e4f2db620e4ee646f6559b19c0725439956f2107dc171b698b718b9252703a267a484ff324dcb7208949aa
+  data.tar.gz: 433bd360c6317cde8864ad9933877605387eaf3a8d92ee3267836abdce5e143663b2cb65acdec7f7ce735b0b4adb266ab5f97e04020c14496f9c7daaed6b9b3a

data/app/controllers/openstax/api/v1/api_controller.rb

@@ -1,4 +1,7 @@
 require 'roar-rails'
+require 'exception_notification'
+require 'openstax/api/roar'
+require 'openstax/api/apipie'
 
 module OpenStax
   module Api
@@ -6,7 +9,9 @@ module OpenStax
 
       class ApiController < ::ApplicationController
         
-        include Roar::Rails::ControllerAdditions
+        include ::Roar::Rails::ControllerAdditions
+        include OpenStax::Api::Roar
+        include OpenStax::Api::Apipie
 
         fine_print_skip_signatures(:general_terms_of_use,
                                    :privacy_policy) \
@@ -19,18 +24,7 @@ module OpenStax
         respond_to :json
         rescue_from Exception, :with => :rescue_from_exception
 
-        def self.api_example(options={})
-          return if Rails.env.test?
-          raise IllegalArgument, "must supply a :url parameter" if !options[:url_base]
-
-          url_base = options[:url_base].is_a?(Symbol) ?
-                       UrlGenerator.new.send(options[:url_base], protocol: 'https') :
-                       options[:url_base].to_s
-          
-          "#{url_base}/#{options[:url_end] || ''}"
-        end
-
-        # TODO doorkeeper users (or rather users who have doorkeeper
+        # TODO: doorkeeper users (or rather users who have doorkeeper
         # applications) need to agree to API terms of use (need to have agreed
         # to it at one time, can't require them to agree when terms change since
         # their apps are doing the talking) -- this needs more thought
@@ -39,13 +33,11 @@ module OpenStax
           @current_user ||= doorkeeper_token ? 
                             User.find(doorkeeper_token.resource_owner_id) : 
                             super
-          # TODO maybe freak out if current user is anonymous (require we know
+          # TODO: maybe freak out if current user is anonymous (require we know
           # who person/app is so we can do things like throttling, API terms
           # agreement, etc)
         end
 
-
-        
       protected
 
         def rescue_from_exception(exception)
@@ -66,147 +58,19 @@ module OpenStax
           end
 
           if notify
-            # TODO: Not yet in OSU
-=begin
             ExceptionNotifier.notify_exception(
               exception,
               env: request.env,
               data: { message: "An exception occurred" }
             )
-=end
+
             Rails.logger.error("An exception occurred: #{exception.message}\n\n#{exception.backtrace.join("\n")}") \
           end
           
           head error
         end
         
-        def self.json_schema(representer, options={})
-          RepresentableSchemaPrinter.json(representer, options)
-        end
-
-        # A hack at a conversion from a Representer to a series of Apipie declarations
-        # Can call it like any Apipie DSL method, 
-        #
-        #  example "blah"
-        #  representer Api::V1::ExerciseRepresenter
-        #  def update ...
-        #
-        def self.representer(representer)
-          representer.representable_attrs.each do |attr|
-            schema_info = attr.options[:schema_info] || {}
-            param attr.name, (attr.options[:type] || Object), required: schema_info[:required]
-          end
-        end
 
-        def get_representer(represent_with, model=nil)
-          return nil if represent_with.nil?
-          if represent_with.is_a? Proc
-            represent_with.call(model)
-          else
-            represent_with
-          end
-        end
-
-        def rest_get(model_klass, id, represent_with=nil)
-          @model = model_klass.find(id)
-          raise SecurityTransgression unless current_user.can_read?(@model)
-          respond_with @model, represent_with: get_representer(represent_with, @model)
-        end
-
-        def rest_update(model_klass, id, represent_with=nil)
-          @model = model_klass.find(id)
-          raise SecurityTransgression unless current_user.can_update?(@model)
-          consume!(@model, represent_with: get_representer(represent_with, @model))
-          
-          if @model.save
-            head :no_content
-          else
-            render json: @model.errors, status: :unprocessable_entity
-          end
-        end
-
-        def rest_create(model_klass)
-          @model = model_klass.new()
-
-          # Unlike the implications of the representable README, "consume!" can
-          # actually make changes to the database.  See http://goo.gl/WVLBqA. 
-          # We do want to consume before checking the permissions so we can know
-          # what we're dealing with, but if user doesn't have permission we don't
-          # want to have changed the DB.  Wrap in a transaction to protect ourselves.
-
-          model_klass.transaction do 
-            consume!(@model)
-            raise SecurityTransgression unless current_user.can_create?(@model)
-          end
-
-          if @model.save
-            respond_with @model
-          else
-            render json: @model.errors, status: :unprocessable_entity
-          end
-        end
-
-        def rest_destroy(model_klass, id)
-          @model = model_klass.find(id)
-          raise SecurityTransgression unless current_user.can_destroy?(@model)
-          
-          if @model.destroy
-            head :no_content
-          else
-            render json: @model.errors, status: :unprocessable_entity
-          end
-        end
-
-        def standard_sort(model_klass)
-          # take array of all IDs or hash of id => position,
-          # regardless build up an array of all IDs in the right order and pass those to sort
-
-          new_positions = params['newPositions']
-          return head :no_content if new_positions.length == 0
-
-          # Can't have duplicate positions or IDs
-          unique_ids =       new_positions.collect{|np| np['id']}.uniq
-          unique_positions = new_positions.collect{|np| np['position']}.uniq
-
-          return head :bad_request if unique_ids.length != new_positions.length
-          return head :bad_request if unique_positions.length != new_positions.length
-
-          first = model_klass.where(:id => new_positions[0]['id']).first
-
-          return head :not_found if first.blank?
-
-          originalOrdered = first.me_and_peers.ordered.all
-
-          originalOrdered.each do |item|
-            raise SecurityTransgression unless item.send(:container_column) == originalOrdered[0].send(:container_column) \
-              if item.respond_to?(:container_column)
-            raise SecurityTransgression unless current_user.can_sort?(item)
-          end
-
-          originalOrderedIds = originalOrdered.collect{|sc| sc.id}
-
-          newOrderedIds = Array.new(originalOrderedIds.size)
-        
-          new_positions.each do |newPosition|
-            id = newPosition['id'].to_i
-            newOrderedIds[newPosition['position']] = id
-            originalOrderedIds.delete(id)
-          end
-
-          ptr = 0
-          for oldId in originalOrderedIds 
-            while !newOrderedIds[ptr].nil?; ptr += 1; end
-            newOrderedIds[ptr] = oldId
-          end
-
-          begin 
-            model_klass.sort!(newOrderedIds)
-          rescue Exception => e
-            return head :internal_server_error
-          end
-
-          head :no_content
-        end
 
       end
 

data/app/controllers/openstax/api/v1/oauth_based_api_controller.rb

@@ -4,8 +4,6 @@ module OpenStax
 
       class OauthBasedApiController < ApiController
 
-        respond_to :json
-
         def current_user
           @current_api_user ||= ApiUser.new(doorkeeper_token, lambda { super })
         end

data/app/models/openstax/api/api_user.rb

@@ -11,6 +11,8 @@
 # This API class gives us a way to abstract out these cases and also
 # gives us accessors to get the Application and User objects, if available.
 
+require 'openstax_utilities'
+
 module OpenStax
   module Api
     class ApiUser
@@ -25,10 +27,11 @@ module OpenStax
         # procs that can get it for us.  This could save us some queries.
 
         if doorkeeper_token
+          user_class = OpenStax::Api.configuration.user_class_name.classify.constantize
           @application_proc = lambda { doorkeeper_token.application }
           @user_proc = lambda {
             doorkeeper_token.resource_owner_id ? 
-              User.find(doorkeeper_token.resource_owner_id) :
+              user_class.find(doorkeeper_token.resource_owner_id) :
               nil
           }
         else
@@ -37,9 +40,7 @@ module OpenStax
         end
       end
 
-      # Returns a Doorkeeper::Application or nil 
-      # TODO should we have a NoApplication like NoUser (or maybe should
-      # NoUser just be replaced with nil)
+      # Returns a Doorkeeper::Application or nil
       def application
         @application ||= @application_proc.call
       end

data/lib/openstax/api/apipie.rb

@@ -0,0 +1,51 @@
+# Copyright 2011-2014 Rice University. Licensed under the Affero General Public 
+# License version 3 or later.  See the COPYRIGHT file for details.
+
+require 'openstax/api/representable_schema_printer'
+
+module OpenStax
+  module Api
+
+    module Apipie
+
+      def self.included(base)
+        base.send :extend, ClassMethods
+      end
+
+      module ClassMethods
+
+        def api_example(options={})
+          return if Rails.env.test?
+          raise IllegalArgument, "must supply a :url parameter" if !options[:url_base]
+
+          url_base = options[:url_base].is_a?(Symbol) ?
+          UrlGenerator.new.send(options[:url_base], protocol: 'https') :
+          options[:url_base].to_s
+
+          "#{url_base}/#{options[:url_end] || ''}"
+        end
+
+        def json_schema(representer, options={})
+          RepresentableSchemaPrinter.json(representer, options)
+        end
+
+        # A hack at a conversion from a Representer to a series of Apipie declarations
+        # Can call it like any Apipie DSL method, 
+        #
+        #  example "blah"
+        #  representer Api::V1::ExerciseRepresenter
+        #  def update ...
+        #
+        def representer(representer)
+          representer.representable_attrs.each do |attr|
+            schema_info = attr.options[:schema_info] || {}
+            param attr.name, (attr.options[:type] || Object), required: schema_info[:required]
+          end
+        end
+
+      end
+
+    end
+
+  end
+end

data/lib/openstax/api/representable_schema_printer.rb

@@ -0,0 +1,83 @@
+module OpenStax
+  module Api
+    class RepresentableSchemaPrinter
+
+      def self.json(representer, options={})
+        options[:include] ||= [:readable, :writeable]
+        options[:indent] ||= '  '
+
+        definitions = {}
+
+        schema = json_schema(representer, definitions, options)
+        schema[:definitions] = definitions
+
+        json_string = JSON.pretty_generate(schema, {indent: options[:indent]})
+
+        "\nSchema  {##{SecureRandom.hex(4)} .schema}\n------\n" +
+        "<pre class='code'>\n#{json_string}\n</pre>\n"
+      end
+
+    protected
+
+      def self.json_schema(representer, definitions, options={})
+        schema = {
+          # id: schema_id(representer),
+          # title: schema_title(representer),
+          type: "object",
+          properties: {},
+          required: []
+          # :$schema => "http://json-schema.org/draft-04/schema#"
+        }
+
+        representer.representable_attrs.each do |attr|
+          schema_info = attr.options[:schema_info] || {}
+
+          schema[:required].push(attr.name) if schema_info[:required]
+
+          next unless [options[:include]].flatten.any?{|inc| attr.send(inc.to_s+"?") || schema_info[:required]}
+          
+          attr_info = {}
+
+          if attr.options[:collection]
+            attr_info[:type] = "array"
+          else
+            attr_info[:type] = attr.options[:type].to_s.downcase if attr.options[:type]
+          end
+
+          schema_info.each do |key, value|
+            next if [:required].include?(key)
+            value = value.to_s.downcase if key == :type
+            attr_info[key] = value
+          end
+
+          decorator = attr.options[:decorator].try(:is_a?, Proc) ? nil : attr.options[:decorator]
+
+          if decorator
+            relative_schema_id(decorator).tap do |id|
+              attr_info[:$ref] = "#/definitions/#{id}"
+              definitions[id] ||= json_schema(decorator, definitions, options)
+            end
+          end
+
+          schema[:properties][attr.name.to_sym] = attr_info
+        end
+
+        schema
+      end
+
+      def self.schema_title(representer)
+        representer.name.gsub(/Representer/,'')
+      end
+
+      def self.schema_id(representer)
+        "http://#{OpenStax::Api::Engine::MAIN_APP_NAME.to_s}.openstax.org/" +
+        "#{schema_title(representer).downcase.gsub(/::/,'/')}"
+      end
+
+      def self.relative_schema_id(representer)
+        representer.name.gsub(/Representer/,'').downcase.gsub(/::/,'/')
+      end
+
+    end
+  end
+end

data/lib/openstax/api/roar.rb

@@ -0,0 +1,132 @@
+# Copyright 2011-2014 Rice University. Licensed under the Affero General Public 
+# License version 3 or later.  See the COPYRIGHT file for details.
+
+module OpenStax
+  module Api
+
+    module Roar
+
+      def get_representer(represent_with, model=nil)
+        return nil if represent_with.nil?
+        if represent_with.is_a? Proc
+          represent_with.call(model)
+        else
+          represent_with
+        end
+      end
+
+      def standard_read(model_klass, id, represent_with=nil)
+        @model = model_klass.find(id)
+        raise SecurityTransgression unless current_user.can_read?(@model)
+        respond_with @model, represent_with: get_representer(represent_with, @model)
+      end
+
+      def standard_update(model_klass, id, represent_with=nil)
+        @model = model_klass.find(id)
+        raise SecurityTransgression unless current_user.can_update?(@model)
+        consume!(@model, represent_with: get_representer(represent_with, @model))
+        
+        if @model.save
+          head :no_content
+        else
+          render json: @model.errors, status: :unprocessable_entity
+        end
+      end
+
+      def standard_create(model_klass, represent_with=nil)
+        standard_nested_create(model_klass, nil, nil, represent_with)
+      end
+
+      def standard_nested_create(model_klass, container_association=nil, container_id=nil, represent_with=nil)
+        @model = model_klass.new()
+
+        if container_association && container_id
+          foreign_key = model_klass.reflect_on_association(container_association).association_foreign_key
+          @model.send(foreign_key + '=', container_id)
+        end
+
+        # Unlike the implications of the representable README, "consume!" can
+        # actually make changes to the database.  See http://goo.gl/WVLBqA. 
+        # We do want to consume before checking the permissions so we can know
+        # what we're dealing with, but if user doesn't have permission we don't
+        # want to have changed the DB.  Wrap in a transaction to protect ourselves.
+
+        model_klass.transaction do 
+          consume!(@model, represent_with: get_representer(represent_with, @model))
+          yield @model if block_given?
+          raise SecurityTransgression unless current_user.can_create?(@model)
+        end
+
+        if @model.save
+          respond_with @model, represent_with: get_representer(represent_with, @model), status: :created
+        else
+          render json: @model.errors, status: :unprocessable_entity
+        end
+      end
+
+      def standard_destroy(model_klass, id)
+        @model = model_klass.find(id)
+        raise SecurityTransgression unless current_user.can_destroy?(@model)
+        
+        if @model.destroy
+          head :no_content
+        else
+          render json: @model.errors, status: :unprocessable_entity
+        end
+      end
+
+      def standard_sort(model_klass)
+        # Take array of all IDs or hash of id => position,
+        # Regardless, build up an array of all IDs in the right order and pass those to sort
+
+        new_positions = params['newPositions']
+        return head :no_content if new_positions.length == 0
+
+        # Can't have duplicate positions or IDs
+        unique_ids =       new_positions.collect{|np| np['id']}.uniq
+        unique_positions = new_positions.collect{|np| np['position']}.uniq
+
+        return head :bad_request if unique_ids.length != new_positions.length
+        return head :bad_request if unique_positions.length != new_positions.length
+
+        first = model_klass.where(:id => new_positions[0]['id']).first
+
+        return head :not_found if first.blank?
+
+        originalOrdered = first.me_and_peers.ordered.all
+
+        originalOrdered.each do |item|
+          raise SecurityTransgression unless item.send(:container_column) == originalOrdered[0].send(:container_column) \
+            if item.respond_to?(:container_column)
+          raise SecurityTransgression unless current_user.can_sort?(item)
+        end
+
+        originalOrderedIds = originalOrdered.collect{|sc| sc.id}
+
+        newOrderedIds = Array.new(originalOrderedIds.size)
+      
+        new_positions.each do |newPosition|
+          id = newPosition['id'].to_i
+          newOrderedIds[newPosition['position']] = id
+          originalOrderedIds.delete(id)
+        end
+
+        ptr = 0
+        for oldId in originalOrderedIds 
+          while !newOrderedIds[ptr].nil?; ptr += 1; end
+          newOrderedIds[ptr] = oldId
+        end
+
+        begin 
+          model_klass.sort!(newOrderedIds)
+        rescue Exception => e
+          return head :internal_server_error
+        end
+
+        head :no_content
+      end
+      
+    end
+
+  end
+end

data/lib/{openstax_api → openstax/api}/route_extensions.rb

@@ -1,4 +1,4 @@
-require 'openstax_api/constraints'
+require 'openstax/api/constraints'
 
 module OpenStax
   module Api

data/lib/{openstax_api → openstax/api}/version.rb

@@ -1,5 +1,5 @@
 module OpenStax
   module Api
-    VERSION = "0.1.0"
+    VERSION = "0.2.0"
   end
 end

data/lib/openstax_api.rb

@@ -1,8 +1,25 @@
-require 'openstax_api/engine'
-require 'openstax_api/doorkeeper_extensions'
-require 'openstax_api/route_extensions'
+require 'openstax/api/engine'
+require 'openstax/api/doorkeeper_extensions'
+require 'openstax/api/route_extensions'
 
 module OpenStax
   module Api
+
+      def self.configure
+        yield configuration
+      end
+
+      def self.configuration
+        @configuration ||= Configuration.new
+      end
+
+      class Configuration
+        attr_accessor :user_class_name
+        
+        def initialize      
+          @user_class_name = 'User'
+        end
+      end
+
   end
 end

data/spec/app/models/openstax/api/api_user_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 module OpenStax
   module Api
     describe ApiUser do
-      let(:user) { User.create }
+      let(:user) { DummyUser.create }
       let(:application) { double('Doorkeeper::Application') }
       let(:doorkeeper_token) { double('Doorkeeper::AccessToken') }
       let(:non_doorkeeper_user_proc) { lambda { user } }

data/spec/app/representers/openstax/api/v1/representable_schema_printer_spec.rb

@@ -5,7 +5,7 @@ module OpenStax
     module V1
       describe RepresentableSchemaPrinter do
         it 'must print model schemas' do
-          schema = RepresentableSchemaPrinter.json(UserRepresenter)
+          schema = RepresentableSchemaPrinter.json(DummyUserRepresenter)
           expect(schema).to include('Schema')
           expect(schema).to include('.schema')
           expect(schema).to include('------')

data/spec/dummy/app/models/dummy_user.rb

@@ -0,0 +1,2 @@
+class DummyUser < ActiveRecord::Base
+end

data/spec/dummy/app/representers/{user_representer.rb → dummy_user_representer.rb}

@@ -1,6 +1,6 @@
 require 'representable/json'
 
-module UserRepresenter
+module DummyUserRepresenter
   include Roar::Representer::JSON
   
   property :username

data/spec/dummy/config/initializers/openstax_api.rb

@@ -0,0 +1,3 @@
+OpenStax::Api.configure do |config|
+  config.user_class_name = 'DummyUser'
+end

data/spec/dummy/db/migrate/{1_create_users.rb → 1_create_dummy_users.rb}

@@ -1,6 +1,6 @@
-class CreateUsers < ActiveRecord::Migration
+class CreateDummyUsers < ActiveRecord::Migration
   def change
-    create_table :users do |t|
+    create_table :dummy_users do |t|
       t.string :username
       t.string :password_hash
 

data/spec/dummy/db/schema.rb

@@ -13,6 +13,13 @@
 
 ActiveRecord::Schema.define(:version => 1) do
 
+  create_table "dummy_users", :force => true do |t|
+    t.string   "username"
+    t.string   "password_hash"
+    t.datetime "created_at",    :null => false
+    t.datetime "updated_at",    :null => false
+  end
+
   create_table "oauth_access_grants", :force => true do |t|
     t.integer  "resource_owner_id", :null => false
     t.integer  "application_id",    :null => false
@@ -52,11 +59,4 @@ ActiveRecord::Schema.define(:version => 1) do
 
   add_index "oauth_applications", ["uid"], :name => "index_oauth_applications_on_uid", :unique => true
 
-  create_table "users", :force => true do |t|
-    t.string   "username"
-    t.string   "password_hash"
-    t.datetime "created_at",    :null => false
-    t.datetime "updated_at",    :null => false
-  end
-
 end