refinerycms-api 1.0.0.beta

data/app/controllers/refinery/api/v1/inquiries/inquiries_controller.rb

@@ -0,0 +1,69 @@
+if defined?(Refinery::Inquiries)
+  module Refinery
+    module Api
+      module V1
+        module Inquiries
+          class InquiriesController < Refinery::Api::BaseController
+
+            def index
+              if params[:ids]
+                @inquiries = Refinery::Inquiries::Inquiry.
+                          accessible_by(current_ability, :read).
+                          where(id: params[:ids].split(','))
+              else
+                @inquiries = Refinery::Inquiries::Inquiry.
+                          accessible_by(current_ability, :read).
+                          # ransack(params[:q]).result
+                          order("created_at DESC")
+              end
+
+              respond_with(@inquiries)
+            end
+
+            def show
+              @inquiry = inquiry
+              respond_with(@inquiry)
+            end
+
+            def new
+            end
+
+            def create
+              authorize! :create, ::Refinery::Inquiries::Inquiry
+              @inquiry = Refinery::Inquiries::Inquiry.new(inquiry_params)
+
+              if @inquiry.save
+                respond_with(@inquiry, status: 201, default_template: :show)
+              else
+                invalid_resource!(@inquiry)
+              end
+            end
+
+            def destroy
+              authorize! :destroy, inquiry
+              inquiry.destroy
+              respond_with(inquiry, status: 204)
+            end
+
+            private
+
+            def inquiry
+              @inquiry ||= Refinery::Inquiries::Inquiry.
+                          accessible_by(current_ability, :read).
+                          find(params[:id])
+            end
+
+            def inquiry_params
+              if params[:inquiry] && !params[:inquiry].empty?
+                params.require(:inquiry).permit(permitted_inquiries_inquiry_attributes)
+              else
+                {}
+              end
+            end
+
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/refinery/api/v1/pages_controller.rb

@@ -0,0 +1,77 @@
+module Refinery
+  module Api
+    module V1
+      class PagesController < Refinery::Api::BaseController
+
+        def index
+          if params[:ids]
+            @pages = Refinery::Page.
+                      includes(:translations, :children).
+                      accessible_by(current_ability, :read).
+                      where(id: params[:ids].split(','))
+          else
+            @pages = Refinery::Page.
+                      includes(:translations, :children).
+                      accessible_by(current_ability, :read).
+                      # ransack(params[:q]).result
+                      order(:lft)
+          end
+
+          respond_with(@pages)
+        end
+
+        def show
+          @page = page
+          respond_with(@page)
+        end
+
+        def new
+        end
+
+        def create
+          authorize! :create, Page
+          @page = Refinery::Page.new(page_params)
+
+          if @page.save
+            respond_with(@page, status: 201, default_template: :show)
+          else
+            invalid_resource!(@page)
+          end
+        end
+
+        def update
+          authorize! :update, page
+          if page.update_attributes(page_params)
+            respond_with(page, status: 200, default_template: :show)
+          else
+            invalid_resource!(page)
+          end
+        end
+
+        def destroy
+          authorize! :destroy, page
+          page.destroy
+          respond_with(page, status: 204)
+        end
+
+        private
+
+        def page
+          @page ||= Refinery::Page.
+                      includes(:translations, :parts).
+                      accessible_by(current_ability, :read).
+                      find(params[:id])
+        end
+
+        def page_params
+          if params[:page] && !params[:page].empty?
+            params.require(:page).permit(permitted_page_attributes)
+          else
+            {}
+          end
+        end
+
+      end
+    end
+  end
+end

data/app/controllers/refinery/api/v1/resources_controller.rb

@@ -0,0 +1,66 @@
+module Refinery
+  module Api
+    module V1
+      class ResourcesController < Refinery::Api::BaseController
+        def index
+          if params[:ids]
+            @resources = Refinery::Resource.
+                          includes(:translations).
+                          accessible_by(current_ability, :read).
+                          where(id: params[:ids].split(','))
+          else
+            @resources = Refinery::Resource.
+                          includes(:translations).
+                          accessible_by(current_ability, :read).
+                          # load.ransack(params[:q]).result
+                          all
+          end
+          respond_with(@resources)
+        end
+
+        def show
+          @resource = Refinery::Resource.
+                        includes(:translations).
+                        accessible_by(current_ability, :read).
+                        find(params[:id])
+          respond_with(@resource)
+        end
+
+        def new
+        end
+
+        def create
+          authorize! :create, Resource
+          @resources = Refinery::Resource.create_resources(resource_params)
+
+          if @resources.all?(&:valid?)
+            respond_with(@resources, status: 201, default_template: :show)
+          else
+            invalid_resource!(@resources)
+          end
+        end
+
+        def update
+          @resource = Refinery::Resource.accessible_by(current_ability, :update).find(params[:id])
+          if @resource.update_attributes(resource_params)
+            respond_with(@resource, default_template: :show)
+          else
+            invalid_resource!(@resource)
+          end
+        end
+
+        def destroy
+          @resource = Refinery::Resource.accessible_by(current_ability, :destroy).find(params[:id])
+          @resource.destroy
+          respond_with(@resource, status: 204)
+        end
+
+        private
+
+        def resource_params
+          params.require(:resource).permit(permitted_resource_attributes)
+        end
+      end
+    end
+  end
+end

data/app/decorators/models/refinery/authentication/devise/user_decorator.rb

@@ -0,0 +1,5 @@
+if defined?(Refinery::Api.user_class)
+  Refinery::Api.user_class.class_eval do
+    include Refinery::UserApiAuthentication
+  end
+end

data/app/helpers/refinery/api/api_helpers.rb

@@ -0,0 +1,54 @@
+module Refinery
+  module Api
+    module ApiHelpers
+      ATTRIBUTES = [
+        :image_attributes,
+        :page_attributes,
+        :page_part_attributes,
+        :resource_attributes,
+        :blog_post_attributes,
+        :inquiries_inquiry_attributes
+      ]
+
+      mattr_reader *ATTRIBUTES
+
+      def required_fields_for(model)
+        required_fields = model._validators.select do |field, validations|
+          validations.any? { |v| v.is_a?(ActiveModel::Validations::PresenceValidator) }
+        end.map(&:first) # get fields that are invalid
+        # Permalinks presence is validated, but are really automatically generated
+        # Therefore we shouldn't tell API clients that they MUST send one through
+        required_fields.map!(&:to_s).delete("permalink")
+        # Do not require slugs, either
+        required_fields.delete("slug")
+        required_fields
+      end
+
+      @@image_attributes = [
+        { image: [] }, :image_size, :image_title, :image_alt
+      ]
+
+      @@page_attributes = [
+        :browser_title, :draft, :link_url, :menu_title, :meta_description,
+        :parent_id, :skip_to_first_child, :show_in_menu, :title, :view_template,
+        :layout_template, :custom_slug, parts_attributes: [:id, :title, :slug, :body, :position]
+      ]
+
+      @@page_part_attributes = [
+        :title, :slug, :body, :locale
+      ]
+
+      @@resource_attributes = [
+        :resource_title, { file: [] }
+      ]
+
+      @@blog_post_attributes = [
+        :title, :body, :custom_teaser, :tag_list,
+        :draft, :published_at, :custom_url, :user_id, :username, :browser_title,
+        :meta_description, :source_url, :source_url_title, category_ids: []
+      ]
+
+      @@inquiries_inquiry_attributes = [:name, :phone, :message, :email]
+    end
+  end
+end

data/app/models/concerns/refinery/user_api_authentication.rb

@@ -0,0 +1,19 @@
+module Refinery
+  module UserApiAuthentication
+    def generate_refinery_api_key!
+      self.refinery_api_key = generate_refinery_api_key
+      save!
+    end
+
+    def clear_refinery_api_key!
+      self.refinery_api_key = nil
+      save!
+    end
+
+    private
+
+    def generate_refinery_api_key
+      SecureRandom.hex(24)
+    end
+  end
+end

data/app/models/refinery/ability.rb

@@ -0,0 +1,59 @@
+# Implementation class for Cancan gem.  Instead of overriding this class, consider adding new permissions
+# using the special +register_ability+ method which allows extensions to add their own abilities.
+#
+# See http://github.com/ryanb/cancan for more details on cancan.
+require 'cancan'
+module Refinery
+  class Ability
+    include CanCan::Ability
+
+    class_attribute :abilities
+    self.abilities = Set.new
+
+    # Allows us to go beyond the standard cancan initialize method which makes it difficult for engines to
+    # modify the default +Ability+ of an application.  The +ability+ argument must be a class that includes
+    # the +CanCan::Ability+ module.  The registered ability should behave properly as a stand-alone class
+    # and therefore should be easy to test in isolation.
+    def self.register_ability(ability)
+      self.abilities.add(ability)
+    end
+
+    def self.remove_ability(ability)
+      self.abilities.delete(ability)
+    end
+
+    def initialize(user)
+      self.clear_aliased_actions
+
+      # override cancan default aliasing (we don't want to differentiate between read and index)
+      alias_action :delete, to: :destroy
+      alias_action :edit, to: :update
+      alias_action :new, to: :create
+      alias_action :new_action, to: :create
+      alias_action :show, to: :read
+      alias_action :index, :read, to: :display
+      alias_action :create, :update, :destroy, to: :modify
+
+      user ||= Refinery::Api.user_class.new
+
+      if user.respond_to?(:has_role?) && user.has_role?('superuser')
+        can :manage, :all
+      else
+        can :display, Image
+        can :display, Page
+        can :display, Resource
+        can :display, Blog::Post if defined?(Refinery::Blog)
+        can :display, Inquiries::Inquiry if defined?(Refinery::Inquiries)
+      end
+
+      # Include any abilities registered by extensions, etc.
+      Ability.abilities.each do |clazz|
+        ability = clazz.send(:new, user)
+        @rules = rules + ability.send(:rules)
+      end
+
+      # Protect admin role
+      cannot [:update, :destroy], Role, name: ['superuser'] if defined?(Role)
+    end
+  end
+end

data/app/views/refinery/api/errors/gateway_error.v1.rabl

@@ -0,0 +1,2 @@
+object false
+node(:error) { I18n.t(:gateway_error, scope: "refinery.api", text: @error) }

data/app/views/refinery/api/errors/invalid_api_key.v1.rabl

@@ -0,0 +1,2 @@
+object false
+node(:error) { I18n.t(:invalid_api_key, :key => api_key, :scope => "refinery.api") }

data/app/views/refinery/api/errors/invalid_resource.v1.rabl

@@ -0,0 +1,3 @@
+object false
+node(:error) { I18n.t(:invalid_resource, :scope => "refinery.api") }
+node(:errors) { @resource.errors.to_hash }

data/app/views/refinery/api/errors/must_specify_api_key.v1.rabl

@@ -0,0 +1,2 @@
+object false
+node(:error) { I18n.t(:must_specify_api_key, :scope => "refinery.api") }

data/app/views/refinery/api/errors/not_found.v1.rabl

@@ -0,0 +1,2 @@
+object false
+node(:error) { I18n.t(:resource_not_found, :scope => "refinery.api") }

data/app/views/refinery/api/errors/unauthorized.v1.rabl

@@ -0,0 +1,2 @@
+object false
+node(:error) { I18n.t(:unauthorized, :scope => "refinery.api") }

data/app/views/refinery/api/v1/blog/posts/index.v1.rabl

@@ -0,0 +1,5 @@
+object false
+node(:count) { @posts.count }
+child @posts => :posts do
+  extends "refinery/api/v1/blog/posts/show"
+end

data/app/views/refinery/api/v1/blog/posts/new.v1.rabl

@@ -0,0 +1,3 @@
+object false
+node(:attributes) { [*blog_post_attributes] }
+node(:required_attributes) { required_fields_for(Refinery::Blog::Post) }

data/app/views/refinery/api/v1/blog/posts/show.v1.rabl

@@ -0,0 +1,5 @@
+object @post
+
+cache [I18n.locale, 'show', root_object]
+
+attributes *blog_post_attributes

data/app/views/refinery/api/v1/images/index.v1.rabl

@@ -0,0 +1,5 @@
+object false
+node(:count) { @images.count }
+child(@images => :images) do
+  extends "refinery/api/v1/images/show"
+end

data/app/views/refinery/api/v1/images/new.v1.rabl

@@ -0,0 +1,3 @@
+object false
+node(:attributes) { [*image_attributes] }
+node(:required_attributes) { required_fields_for(Refinery::Image) }

data/app/views/refinery/api/v1/images/show.v1.rabl

@@ -0,0 +1,6 @@
+object @image
+attributes :image_size, :image_title, :image_alt
+
+node :image do |image|
+  image.image.url
+end

data/app/views/refinery/api/v1/inquiries/inquiries/index.v1.rabl

@@ -0,0 +1,5 @@
+object false
+node(:count) { @inquiries.count }
+child @inquiries => :inquiries do
+  extends "refinery/api/v1/inquiries/inquiries/show"
+end

data/app/views/refinery/api/v1/inquiries/inquiries/new.v1.rabl

@@ -0,0 +1,3 @@
+object false
+node(:attributes) { [*inquiries_inquiry_attributes] }
+node(:required_attributes) { required_fields_for(Refinery::Inquiries::Inquiry) }

data/app/views/refinery/api/v1/inquiries/inquiries/show.v1.rabl

@@ -0,0 +1,5 @@
+object @inquiry
+
+cache [I18n.locale, 'show', root_object]
+
+attributes *inquiries_inquiry_attributes

data/app/views/refinery/api/v1/pages/index.v1.rabl

@@ -0,0 +1,8 @@
+object false
+node(:count) { @pages.count }
+child @pages => :pages do
+  attributes *page_attributes
+  unless params[:without_children]
+    extends "refinery/api/v1/pages/pages"
+  end
+end