unsakini 0.0.0

data/angular/src/index.html

@@ -0,0 +1,14 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Angular</title>
+  <base href="/app/">
+
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link rel="icon" type="image/x-icon" href="favicon.ico">
+</head>
+<body>
+  <app-root>Loading...</app-root>
+</body>
+</html>

data/angular/src/main.ts

@@ -0,0 +1,12 @@
+import './polyfills.ts';
+
+import { platformBrowserDynamic } from '@angular/platform-browser-dynamic';
+import { enableProdMode } from '@angular/core';
+import { environment } from './environments/environment';
+import { AppModule } from './app/';
+
+if (environment.production) {
+  enableProdMode();
+}
+
+platformBrowserDynamic().bootstrapModule(AppModule);

data/angular/src/polyfills.ts

@@ -0,0 +1,19 @@
+// This file includes polyfills needed by Angular 2 and is loaded before
+// the app. You can add your own extra polyfills to this file.
+import 'core-js/es6/symbol';
+import 'core-js/es6/object';
+import 'core-js/es6/function';
+import 'core-js/es6/parse-int';
+import 'core-js/es6/parse-float';
+import 'core-js/es6/number';
+import 'core-js/es6/math';
+import 'core-js/es6/string';
+import 'core-js/es6/date';
+import 'core-js/es6/array';
+import 'core-js/es6/regexp';
+import 'core-js/es6/map';
+import 'core-js/es6/set';
+import 'core-js/es6/reflect';
+
+import 'core-js/es7/reflect';
+import 'zone.js/dist/zone';

data/angular/src/styles.css

@@ -0,0 +1 @@
+/* You can add global styles to this file, and also import other style files */

data/angular/src/test.ts

@@ -0,0 +1,31 @@
+import './polyfills.ts';
+import 'zone.js/dist/long-stack-trace-zone';
+import 'zone.js/dist/proxy.js';
+import 'zone.js/dist/sync-test';
+import 'zone.js/dist/jasmine-patch';
+import 'zone.js/dist/async-test';
+import 'zone.js/dist/fake-async-test';
+import { getTestBed } from '@angular/core/testing';
+import {
+  BrowserDynamicTestingModule,
+  platformBrowserDynamicTesting
+} from '@angular/platform-browser-dynamic/testing';
+
+// Unfortunately there's no typing for the `__karma__` variable. Just declare it as any.
+declare var __karma__: any;
+declare var require: any;
+
+// Prevent Karma from running prematurely.
+__karma__.loaded = function () {};
+
+// First, initialize the Angular testing environment.
+getTestBed().initTestEnvironment(
+  BrowserDynamicTestingModule,
+  platformBrowserDynamicTesting()
+);
+// Then we find all the tests.
+let context = require.context('./', true, /\.spec\.ts/);
+// And load the modules.
+context.keys().map(context);
+// Finally, start Karma to run the tests.
+__karma__.start();

data/angular/src/tsconfig.json

@@ -0,0 +1,18 @@
+{
+  "compilerOptions": {
+    "baseUrl": "",
+    "declaration": false,
+    "emitDecoratorMetadata": true,
+    "experimentalDecorators": true,
+    "lib": ["es6", "dom"],
+    "mapRoot": "./",
+    "module": "es6",
+    "moduleResolution": "node",
+    "outDir": "../dist/out-tsc",
+    "sourceMap": true,
+    "target": "es5",
+    "typeRoots": [
+      "../node_modules/@types"
+    ]
+  }
+}

data/angular/src/typings.d.ts

@@ -0,0 +1,2 @@
+// Typings reference file, you can add your own global typings here
+// https://www.typescriptlang.org/docs/handbook/writing-declaration-files.html

data/angular/tslint.json

@@ -0,0 +1,114 @@
+{
+  "rulesDirectory": [
+    "node_modules/codelyzer"
+  ],
+  "rules": {
+    "class-name": true,
+    "comment-format": [
+      true,
+      "check-space"
+    ],
+    "curly": true,
+    "eofline": true,
+    "forin": true,
+    "indent": [
+      true,
+      "spaces"
+    ],
+    "label-position": true,
+    "label-undefined": true,
+    "max-line-length": [
+      true,
+      140
+    ],
+    "member-access": false,
+    "member-ordering": [
+      true,
+      "static-before-instance",
+      "variables-before-functions"
+    ],
+    "no-arg": true,
+    "no-bitwise": true,
+    "no-console": [
+      true,
+      "debug",
+      "info",
+      "time",
+      "timeEnd",
+      "trace"
+    ],
+    "no-construct": true,
+    "no-debugger": true,
+    "no-duplicate-key": true,
+    "no-duplicate-variable": true,
+    "no-empty": false,
+    "no-eval": true,
+    "no-inferrable-types": true,
+    "no-shadowed-variable": true,
+    "no-string-literal": false,
+    "no-switch-case-fall-through": true,
+    "no-trailing-whitespace": true,
+    "no-unused-expression": true,
+    "no-unused-variable": true,
+    "no-unreachable": true,
+    "no-use-before-declare": true,
+    "no-var-keyword": true,
+    "object-literal-sort-keys": false,
+    "one-line": [
+      true,
+      "check-open-brace",
+      "check-catch",
+      "check-else",
+      "check-whitespace"
+    ],
+    "quotemark": [
+      true,
+      "single"
+    ],
+    "radix": true,
+    "semicolon": [
+      "always"
+    ],
+    "triple-equals": [
+      true,
+      "allow-null-check"
+    ],
+    "typedef-whitespace": [
+      true,
+      {
+        "call-signature": "nospace",
+        "index-signature": "nospace",
+        "parameter": "nospace",
+        "property-declaration": "nospace",
+        "variable-declaration": "nospace"
+      }
+    ],
+    "variable-name": false,
+    "whitespace": [
+      true,
+      "check-branch",
+      "check-decl",
+      "check-operator",
+      "check-separator",
+      "check-type"
+    ],
+
+    "directive-selector-prefix": [true, "app"],
+    "component-selector-prefix": [true, "app"],
+    "directive-selector-name": [true, "camelCase"],
+    "component-selector-name": [true, "kebab-case"],
+    "directive-selector-type": [true, "attribute"],
+    "component-selector-type": [true, "element"],
+    "use-input-property-decorator": true,
+    "use-output-property-decorator": true,
+    "use-host-property-decorator": true,
+    "no-input-rename": true,
+    "no-output-rename": true,
+    "use-life-cycle-interface": true,
+    "use-pipe-transform-interface": true,
+    "component-class-suffix": true,
+    "directive-class-suffix": true,
+    "templates-use-public": true,
+    "invoke-injectable": true
+  }
+}

data/angular/typings.json

@@ -0,0 +1,4 @@
+{
+  "globalDevDependencies": {
+  }
+}

data/app/controllers/api/boards_controller.rb

@@ -0,0 +1,67 @@
+class Api::BoardsController < ApplicationController
+
+
+  include LoggedInControllerConcern
+  include SerializerControllerConcern
+  include BoardOwnerControllerConcern
+  include ::ActionController::Serialization
+
+  before_action :ensure_board, :only => [:show, :update, :destroy]
+  before_action :ensure_board_owner, :only => [:update, :destroy]
+
+  # Returns boards belonging to current user
+  #
+  # `GET /api/boards`
+  #
+  def index
+    render json: @user.user_boards
+  end
+
+  # Creates board belonging to current user.
+  #
+  # `POST /api/boards`
+  #
+  def create
+    @user_board = UserBoard.new(
+      name: params[:board][:name],
+      user_id: @user.id,
+      encrypted_password: params[:encrypted_password],
+      is_admin: true
+    )
+    if @user_board.save
+      render json: @user_board, status: :created
+    else
+      render json: @user_board.errors.full_messages, status: 422
+    end
+
+  end
+
+  # Render a single board.
+  #
+  # `GET /api/boards/:id`
+  #
+  def show
+    render json: @user_board
+  end
+
+  # Updates a single board.
+  #
+  # `PUT /api/boards/:id`
+  def update
+    if @user_board.update(name: params[:board][:name], encrypted_password: params[:encrypted_password])
+      render json: @user_board
+    else
+      errors = @board.errors.full_messages.concat @user_board.errors.full_messages
+      render json: errors, status: 422
+    end
+  end
+
+  # Deletes a board resource.
+  #
+  # `DELETE /api/boards/:id`
+  def destroy
+    @board.destroy
+    render status: :ok
+  end
+
+end

data/app/controllers/api/comments_controller.rb

@@ -0,0 +1,51 @@
+class Api::CommentsController < ApplicationController
+
+  include LoggedInControllerConcern
+  include PostOwnerControllerConcern
+  include CommentOwnerControllerConcern
+  include ::ActionController::Serialization
+
+  before_action :ensure_post, only: [:index, :create]
+  before_action :ensure_comment, only: [:show, :update, :destroy]
+  before_action :ensure_comment_owner, only: [:update, :destroy]
+
+  # Renders the comments belonging to the post
+  #
+  # `GET /api/boards/:board_id/posts/:post_id/`
+  def index
+    render json: @post.comments
+  end
+
+  # Creates new comment belonging to the post
+  #
+  # `POST /api/boards/:board_id/posts/:post_id/`
+  def create
+    @comment = Comment.new(params.permit(:content))
+    @comment.user = @user
+    @comment.post = @post
+    if @comment.save
+      render json: @comment
+    else
+      render json: @comment.errors, status: 422
+    end
+  end
+
+  # Updates a comment
+  #
+  # `PUT /api/boards/:board_id/posts/:post_id/comments/:id`
+  def update
+    if @comment.update(params.permit(:content))
+      render json: @comment
+    else
+      render json: @comment.errors, status: 422
+    end
+  end
+
+  # Deletes a comment
+  #
+  # `DELETE /api/boards/:board_id/posts/:post_id/comments/:id`
+  def destroy
+    @comment.destroy
+    render status: :ok
+  end
+end

data/app/controllers/api/posts_controller.rb

@@ -0,0 +1,58 @@
+class Api::PostsController < ApplicationController
+
+  include LoggedInControllerConcern
+  include BoardOwnerControllerConcern
+  include PostOwnerControllerConcern
+  include ::ActionController::Serialization
+
+  before_action :ensure_board, only: [:index, :create]
+  before_action :ensure_post, only: [:show, :update, :destroy]
+  before_action :ensure_post_owner, only: [:update, :destroy]
+
+# Renders the post belonging to the board
+#
+# `GET /api/boards/:board_id/posts`
+  def index
+    render json: @board.posts
+  end
+
+# Renders a single post belonging to the board
+#
+# `GET /api/boards/:board_id/posts/:id`
+  def show
+    render json: @post
+  end
+
+# Creates a single post belonging to the board
+#
+# `POST /api/boards/:board_id/posts/`
+  def create
+    @post = Post.new(params.permit(:title, :content, :board_id))
+    @post.user = @user
+    if (@post.save)
+      render json: @post, status: :created
+    else
+      render json: @post.errors, status: 422
+    end
+  end
+
+# Updates a single post belonging to the board
+#
+# `PUT /api/boards/:board_id/posts/:id`
+  def update
+    if (@post.update(params.permit(:title, :content)))
+      render json: @post, status: :ok
+    else
+      render json: @post.errors, status: 422
+    end
+  end
+
+# Deletes a single post belonging to the board
+#
+# `DELETE /api/boards/:board_id/posts/:id`
+  def destroy
+    @post.destroy
+    render status: :ok
+  end
+
+end

data/app/controllers/api/share_board_controller.rb

@@ -0,0 +1,118 @@
+class Api::ShareBoardController < ApplicationController
+
+  include LoggedInControllerConcern
+  include BoardOwnerControllerConcern
+  include PostOwnerControllerConcern
+  include CommentOwnerControllerConcern
+
+  before_action :validate_params
+
+  # Shares a board to other users. Example payload param:
+  #
+  # `POST /api/share/board`
+  #
+  # ```
+  # {
+  #   board: {
+  #     id: 1,
+  #     name: 'some encrypted text',
+  #   },
+  #   posts: [
+  #     {
+  #       board_id: 1,
+  #       title: 'some encrypted text',
+  #       content: 'some encrypted text',
+  #       comments: [
+  #         {
+  #           id: 1,
+  #           content: 'some encrypted text',
+  #           user_id: 1,
+  #           post_id: 1,
+  #         }
+  #       ]
+  #     }
+  #   ],
+  #   shared_user_ids: [1, 2, 3, 4],
+  #   encrypted_password: 'some encrypted password'
+  # }
+  # ```
+  # The `encrypted_password` param will be used to decrypt contents of this board. The encryption happens in the client so
+  # the server don't really know what is the original password. The board creator will have to share it privately to other users whom he/she shared it with so they can access the board.
+  #
+  # `posts` and `comments` fields can be empty.
+  def index
+    ActiveRecord::Base.transaction do
+      if params[:posts]
+        params[:posts].each do |post|
+          p = Post.find(post[:id])
+          p.title = post[:title]
+          p.content = post[:content]
+          p.save!
+
+          if post[:comments] and p.valid?
+            post[:comments].each do |comment|
+              c = Comment.find(comment[:id])
+              c.content = comment[:content]
+              c.save!
+            end
+          end
+        end
+      end
+      if @user_board.share(params[:shared_user_ids], params[:encrypted_password])
+        render status: :ok
+      else
+        raise "An error occured"
+      end
+    end
+  rescue
+    # clean up the created {UserBoard}s
+    render status: 422, json: ["Some of the data can't be saved."]
+  end
+
+  # Validates the contents of params against the database records.
+  def validate_params
+
+    if params[:encrypted_password].nil? or params[:shared_user_ids].nil? or params[:board].nil?
+      render status: 422
+      return
+    end
+
+    result = has_board_access(params[:board][:id])
+    if result[:status] != :ok
+      render status: result[:status]
+      return
+    else
+      if !result[:user_board].is_admin
+        render status: :forbidden
+        return
+      end
+      @board = result[:board]
+      @user_board = result[:user_board]
+    end
+
+    if params[:posts]
+
+      params[:posts].each do |post|
+        s = has_post_access(params[:board][:id], post[:id])[:status]
+        if s != :ok
+          render status: s
+          return
+        end
+
+        if post[:comments]
+          post[:comments].each do |comment|
+            s = has_comment_access(post[:id], comment[:id])[:status]
+            if s != :ok
+              render status: s
+              return
+            end
+          end
+        end
+
+      end
+
+    end
+
+  end
+
+end

data/app/controllers/api/users_controller.rb

@@ -0,0 +1,27 @@
+class Api::UsersController < ApplicationController
+
+  include LoggedInControllerConcern
+  include ::ActionController::Serialization
+
+  # Renders the current user as json
+  #
+  # `GET /api/user/:id`
+  #
+  def show
+    render json: @user
+  end
+
+# Returns the user with matching email
+#
+# `GET /api/users/search?email=xxx`
+#
+  def search
+    user = User.where("email = ? AND id != ?", params[:email], @user.id).first
+    if user
+      render json: user
+    else
+      render status: :not_found
+    end
+  end
+
+end

data/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+# Base controller for API controllers
+
+class ApplicationController < ActionController::API
+
+end

data/app/controllers/concerns/board_owner_controller_concern.rb

@@ -0,0 +1,38 @@
+#Ensure user has access to the board and sets the `@board` variable in the controller
+module BoardOwnerControllerConcern
+  extend ActiveSupport::Concern
+
+  #Ensure user has access to the board and sets the `@board` variable in the controller
+  def ensure_board
+    board_id = params[:board_id] || params[:id]
+    result = has_board_access(board_id)
+    @board = result[:board]
+    @user_board = result[:user_board]
+    render status: result[:status] if result[:status] != :ok
+  end
+
+  # Validate if user has access to board
+  #
+  # @param board_id [Integer] board id
+  def has_board_access(board_id)
+    board = nil
+    if !board_id.nil?
+      board = Board.find_by_id(board_id)
+    else
+      return {status: :bad_request}
+    end
+    if (board)
+      user_board = UserBoard.where(user_id: @user.id, board_id: board_id).first
+      return {status: :forbidden }if user_board.nil?
+        return {status: :ok, board: board, user_board: user_board}
+      else
+        return {status: :not_found}
+      end
+    end
+
+    #Ensures user is owner of the board. Must be run after {#ensure_board} method.
+    def ensure_board_owner
+      render status: :forbidden if !@user_board.is_admin
+    end
+
+  end

data/app/controllers/concerns/comment_owner_controller_concern.rb

@@ -0,0 +1,33 @@
+# Ensures user is owner of the comment and sets the `@comment` variable in the controllers
+module CommentOwnerControllerConcern
+  extend ActiveSupport::Concern
+  
+  # Ensures user is owner of the comment and sets the `@comment` variable in the controllers
+  def ensure_comment
+    post_id = params[:post_id]
+    comment_id = params[:comment_id] || params[:id]
+    result = has_comment_access post_id, comment_id
+    @comment = result[:comment]
+    status = result[:status]
+    render status: status if status != :ok
+  end
+
+  # Validate if user has access to comment in the post
+  #
+  # @param post_id [Integer] post id
+  # @param comment_id [Integer] comment id
+  def has_comment_access(post_id, comment_id)
+    comment = Comment.where(id: comment_id, post_id: post_id, user_id: @user.id).first
+    if comment.nil?
+      return {status: :forbidden, comment: comment}
+    else
+      return {status: :ok, comment: comment}
+    end
+  end
+
+  # Ensures user is the owner of the comment. Must be run after {#ensure_comment} method.
+  def ensure_comment_owner
+    render status: :forbidden if @comment.user_id != @user.id
+  end
+
+end

data/app/controllers/concerns/logged_in_controller_concern.rb

@@ -0,0 +1,21 @@
+# Ensures users are logged in and sets `@user` instance variable in the controllers.
+# This is included in the base api controller.
+#
+# Returns `401` error if user is not authenticated
+module LoggedInControllerConcern
+  extend ActiveSupport::Concern
+
+  included do
+    include Knock::Authenticable
+  	before_action :authenticate_user
+    before_action :set_user
+  end
+
+  private
+  # Sets the `@user` variable in the controllers
+  def set_user
+  	render status: :unauthorized if current_user.nil?
+    @user = current_user
+  end
+
+end

data/app/controllers/concerns/post_owner_controller_concern.rb

@@ -0,0 +1,36 @@
+# Ensures user is owner of the post and sets the `@post` variable in the controllers
+module PostOwnerControllerConcern
+  extend ActiveSupport::Concern
+
+  # Ensures user is owner of the post and sets the `@post` variable in the controllers
+  def ensure_post
+    post_id = params[:post_id] || params[:id]
+    board_id = params[:board_id]
+    result = has_post_access(board_id, post_id)
+    status = result[:status]
+    @post = result[:post]
+    render status: status if status != :ok
+  end
+
+  # Validate if user has access to the post in the board
+  #
+  # @param board_id [Integer] board id
+  # @param post_id [Integer] post id
+  def has_post_access(board_id, post_id)
+    post = Post.where(id: post_id, board_id: board_id)
+                .joins("LEFT JOIN user_boards ON user_boards.board_id = posts.board_id")
+                .where("user_boards.user_id = ?", @user.id)
+                .first
+    if post.nil?
+      return {status: :forbidden}
+    else
+      return {status: :ok, post: post}
+    end
+  end
+
+  # Ensures user is owner of the post. Must be run after {#ensure_post}`.
+  def ensure_post_owner
+    render status: :forbidden if @post.user_id != @user.id
+  end
+
+end