restaurant 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +44 -4
- data/lib/restaurant/actions.rb +13 -15
- data/lib/restaurant/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7b71b7b9e2f1badd422562dbd949f97726687e86
|
4
|
+
data.tar.gz: a062a4d399caec20cc4632c4b18944202b8d1fda
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9f2b51e1b30de2786cb3ce4578073b6832a4e21863e84caf0e96886f65bd8eda8b42c7c980db443c5f6d8bde9ed69696d36a9437548d53f6b7800ddf5ab724b3
|
7
|
+
data.tar.gz: 04dbbaa38de272c411809c1a4d887feb24fe5b6a7fb0f4b80c62b2cb5b2148ba043bacedbaeb2e9ff6ca36ae5a84ce44241ca8b67eb7a651c0e6efd5b02a6e3a
|
data/README.md
CHANGED
@@ -90,7 +90,7 @@ module V1
|
|
90
90
|
end
|
91
91
|
```
|
92
92
|
|
93
|
-
### authentication
|
93
|
+
### authentication
|
94
94
|
Restaurant does not provide any auth layer, but it's easy to add it to your application.
|
95
95
|
Here is a short example to authenticate users with [doorkeeper](https://github.com/applicake/doorkeeper).
|
96
96
|
|
@@ -115,12 +115,52 @@ irb(main):002:0> app.get "/v2/recipes"
|
|
115
115
|
=> 401
|
116
116
|
irb(main):003:0> application = Doorkeeper::Application.create(name: "example", redirect_uri: "http://example.com")
|
117
117
|
=> #<Doorkeeper::Application ...>
|
118
|
-
irb(main):004:0>
|
118
|
+
irb(main):004:0> token = application.access_tokens.create
|
119
119
|
=> #<Doorkeeper::AccessToken ...>
|
120
120
|
irb(main):005:0> app.get "/v2/recipes", access_token: token.token
|
121
121
|
=> 200
|
122
|
-
|
123
|
-
|
122
|
+
```
|
123
|
+
|
124
|
+
### authorization
|
125
|
+
Here is an example of a scope-based authorization system.
|
126
|
+
|
127
|
+
```
|
128
|
+
$ vi app/controllers/application_controller.rb
|
129
|
+
class ApplicationController < ActionController::Base
|
130
|
+
doorkeeper_for :all
|
131
|
+
before_filter :require_authorization
|
132
|
+
|
133
|
+
private
|
134
|
+
|
135
|
+
def require_authorization
|
136
|
+
head 403 unless has_authorization?
|
137
|
+
end
|
138
|
+
|
139
|
+
def has_authorization?
|
140
|
+
doorkeeper_token.scopes.any? do |scope|
|
141
|
+
if role = Mongoid.default_session["roles"].find(:scope => scope).first
|
142
|
+
if action_names = role[resources_name]
|
143
|
+
action_names.include?(action_name)
|
144
|
+
end
|
145
|
+
end
|
146
|
+
end
|
147
|
+
end
|
148
|
+
end
|
149
|
+
|
150
|
+
$ rails c
|
151
|
+
irb(main):001:0> app.accept = "application/json"
|
152
|
+
irb(main):002:0> application = Doorkeeper::Application.create(name: "example", redirect_uri: "http://example.com")
|
153
|
+
=> #<Doorkeeper::Application ...>
|
154
|
+
irb(main):003:0> token = application.access_tokens.create(scopes: "admin")
|
155
|
+
=> #<Doorkeeper::AccessToken ...>
|
156
|
+
irb(main):004:0> app.get "/v2/recipes", access_token: token.token
|
157
|
+
=> 403
|
158
|
+
irb(main):005:0> Mongoid.default_session["roles"].insert(scope: "admin", recipes: ["index", "show"])
|
159
|
+
=> nil
|
160
|
+
irb(main):006:0> app.get "/v2/recipes", access_token: token.token
|
161
|
+
=> 200
|
162
|
+
irb(main):007:0> app.post "/v2/recipes", access_token: token.token, recipe: { title: "created" }
|
163
|
+
=> 403
|
124
164
|
```
|
125
165
|
|
126
166
|
## More
|
data/lib/restaurant/actions.rb
CHANGED
@@ -2,6 +2,8 @@ module Restaurant
|
|
2
2
|
module Actions
|
3
3
|
def self.included(base)
|
4
4
|
base.before_filter :require_valid_id, :require_resource, :only => [:show, :update, :destroy]
|
5
|
+
base.before_filter :add_created_at, :only => :create
|
6
|
+
base.before_filter :add_updated_at, :only => :update
|
5
7
|
end
|
6
8
|
|
7
9
|
def index
|
@@ -48,7 +50,7 @@ module Restaurant
|
|
48
50
|
end
|
49
51
|
|
50
52
|
def resource_params
|
51
|
-
params[resource_name] || {}
|
53
|
+
@resource_params ||= params[resource_name] || {}
|
52
54
|
end
|
53
55
|
|
54
56
|
def resource_id
|
@@ -66,31 +68,27 @@ module Restaurant
|
|
66
68
|
end
|
67
69
|
|
68
70
|
def sort_params
|
69
|
-
|
70
|
-
Hash[
|
71
|
-
params[:sort].map do |key, value|
|
72
|
-
[key, value.to_i]
|
73
|
-
end
|
74
|
-
]
|
75
|
-
else
|
76
|
-
{}
|
77
|
-
end
|
71
|
+
Hash[(params[:sort] || []).map {|key, value| [key, value.to_i] }]
|
78
72
|
end
|
79
73
|
|
80
74
|
def skip_params
|
81
|
-
(page - 1) * per_page
|
75
|
+
([params[:page].to_i, 1].max - 1) * per_page
|
82
76
|
end
|
83
77
|
|
84
78
|
def limit_params
|
85
79
|
per_page
|
86
80
|
end
|
87
81
|
|
88
|
-
def page
|
89
|
-
[params[:page].to_i, 1].max
|
90
|
-
end
|
91
|
-
|
92
82
|
def per_page
|
93
83
|
10
|
94
84
|
end
|
85
|
+
|
86
|
+
def add_created_at
|
87
|
+
resource_params[:created_at] = resource_params[:updated_at] = Time.now
|
88
|
+
end
|
89
|
+
|
90
|
+
def add_updated_at
|
91
|
+
resource_params[:updated_at] = Time.now
|
92
|
+
end
|
95
93
|
end
|
96
94
|
end
|
data/lib/restaurant/version.rb
CHANGED