Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • portalmec/portalmec
  • rfhferreira/cleanning-portalmec
2 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 1193 additions and 106 deletions
app/controllers/concerns/taggable_controller.rb
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
module TaggableController
extend ActiveSupport::Concern
......@@ -16,7 +35,7 @@ module TaggableController
# DELETE /v1/learning_objects/1/untagging
# DELETE /v1/learning_objects/1/untagging.json
def untagging
@owner.untag(taggable, tag_params[:name])
@owner.untag(taggable, with: [tag_params[:name]])
render json: taggable.tags, status: :ok
end
......@@ -27,7 +46,7 @@ module TaggableController
end
def tag_params
params.require(:tag).permit(:name, :owner_id, :owner_type)
params.require(:tags).permit(:name, :owner_id, :owner_type)
end
def set_owner
......
app/controllers/v1/activities_controller.rb
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::ActivitiesController < ApplicationController
include ::ResourceModel
include ::Paginator
before_action :authenticate_user!
before_action :set_activity, only: [:show]
# GET v1/activities
# GET v1/activities.json
......@@ -12,13 +33,50 @@ class V1::ActivitiesController < ApplicationController
render json: activities
end
# GET v1/activities/1
# GET v1/activities/1.json
def show
authorize :activity, :show?
render json: @activity
end
def view
PublicActivity::Activity.where(id: view_params[:ids]).each do |activity|
# Change request.remote_ip to req.env["HTTP_X_REAL_IP"] in production
activity.view(current_user, request.remote_ip)
end
render status: :ok
end
# GET v1/users/1/activities
# GET v1/users/1/activities.json
# Render specific user activities
# Only followers can see user activities
def user_activities
raise ::Pundit::NotAuthorizedError unless ::ActivityPolicy.new(current_user, resource_model).user_activities?
activities = paginate resource_model.activities
activities = paginate resource_model.activities_filtered
render json: activities
end
def me
authorize :activity, :index?
activities = paginate current_user.activities_filtered
render json: activities
end
private
def view_params
return nil if params[:activities].nil?
params[:activities].permit(ids: [])
end
def set_activity
@activity = ::ActivityPolicy::Scope.new(current_user, ::PublicActivity::Activity).resolve.where(id: params[:id]).first
render status: :not_found if @activity.blank?
@activity
end
end
app/controllers/v1/collections_controller.rb
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::CollectionsController < ApplicationController
include ::SociableController
include ::DownloadableController
include ::FollowableController
include ::TaggableController
include ::DeletedObjectsController
include ::HighlightsController
include ::Paginator
include ::SubjectableController
include ::StageableController
before_action :set_collection, only: [:show, :update, :destroy, :add_object]
before_action :authenticate_user!, only: [:create, :update, :destroy]
before_action :authenticate_user!, only: [:create, :update, :destroy, :tagging, :untagging, :follow, :unfollow, :follow_toggle]
before_action :set_collection, only: [:show, :update, :destroy, :add_object, :delete_object, :subjecting, :unsubjecting, :add_stages, :remove_stages, :follow, :unfollow, :follow_toggle]
before_action :set_new_collection, only: :index
before_action :authorize!, except: [:create, :tagging, :untagging, :download]
# GET /v1/collections
# GET /v1/collections.json
def index
collections = paginate Collection
collections = paginate policy_scope(Collection)
render json: collections
end
......@@ -27,8 +50,11 @@ class V1::CollectionsController < ApplicationController
# POST /v1/collection.json
def create
collection = Collection.new(collection_params)
collection.owner = current_user if collection.owner.nil?
authorize collection
if collection.save
collection_associations(collection)
render json: collection, status: :created
else
render json: collection.errors, status: :unprocessable_entity
......@@ -39,6 +65,7 @@ class V1::CollectionsController < ApplicationController
# PUT/PATCH /v1/users/1.json
def update
if @collection.update(collection_params)
collection_associations(@collection)
render json: @collection, status: :ok
else
render json: @collection.errors, status: :unprocessable_entity
......@@ -48,29 +75,31 @@ class V1::CollectionsController < ApplicationController
# DELETE /v1/collections/1
# DELETE /v1/collections/1.json
def destroy
items = @collection.collection_items.select(:id)
if !items.blank?
@collection.delete_items(items)
end
@collection.destroy
render status: :ok
response = { 'status': 'deleted' }
render status: :ok, json: response
end
# POST /v1/collections/!/items
# POST /v1/collections/1/items
def add_object
render nothing: true, status: :unprocessable_entity if params.nil?
items = params[:items]
return render nothing: true, status: :unprocessable_entity if extra_params.blank? || extra_params[:items].blank?
errors = @collection.add_items(extra_params[:items])
items.each do |item|
order = item[:order]
item = item[:type].constantize.find(item[:id])
collection_item = { collection: @collection, collectionable: item, order: order }
collection_item = CollectionItem.new(collection_item)
collection_item.save
end
render json: {collection: CollectionSerializer.new(@collection, {scope: current_user, scope_name: :current_user}).serializable_hash, errors: errors}, status: :ok
end
# DELETE /v1/collections/1/items
def delete_object
return render nothing: true, status: :unprocessable_entity if extra_params.blank? || extra_params[:items].blank?
@collection.really_delete_items(extra_params[:items])
render json: @collection, status: :ok
end
private
def deleted_resource; Collection; end
......@@ -80,14 +109,44 @@ class V1::CollectionsController < ApplicationController
def followable; set_collection; end
def taggable; set_collection; end
def sociable; set_collection; end
def downloadable; set_collection; end
def subjectable; set_collection; end
def stageable; set_collection; end
def set_collection
@collection ||= Collection.find(params[:id])
@collection ||= Collection.where(id: params[:id]).first
render status: :not_found if @collection.blank?
@collection
end
def set_new_collection
@collection ||= Collection.new
end
# Never trust parameters from the scary internet, only allow the white list through.
def collection_params
params.require(:collection).permit(:name, :description, :owner_id, :owner_type, :privacy, tags: [], items: [])
params.require(:collection).permit(:name, :curator, :description, :owner_id, :owner_type, :privacy, tags: [])
end
def extra_params
return {} if params[:collection].nil?
params[:collection].permit(subjects: [], educational_stages: [], items: [:id, :type, :position], tags: [:name])
end
def collection_associations(collection)
if extra_params[:tags] == []
current_user.untag(collection, with: @collection.tags.map { |t| t['name'] })
elsif !extra_params[:tags].nil?
current_user.tag(collection, with: extra_params[:tags].map { |t| t['name'] })
end
collection.add_subjects(ids: extra_params[:subjects]) unless extra_params[:subjects].nil?
collection.add_educational_stages(ids: extra_params[:educational_stages]) unless extra_params[:educational_stages].nil?
collection.add_items(extra_params[:items]) unless extra_params[:items].nil?
end
def authorize!
authorize @collection
end
end
app/controllers/v1/complaint_reasons_controller.rb 0 → 100644
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::ComplaintReasonsController < ApplicationController
before_action :set_complaint_reason, only:[:show, :update, :destroy]
before_action :authenticate_user!, only: [:create, :update]
# GET v1/complaint_reasons
# GET v1/complaint_reasons.json
def index
complaint_reasons = ComplaintReason.all
render json: complaint_reasons
end
# GET /v1/complaint_reasons/1
# GET /v1/complaint_reasons/1.json
def show
render :json => @complaint_reason
end
# POST v1/complaint_reasons
# POST v1/complaint_reasons.json
def create
@complaint_reason = ComplaintReason.new(complaint_reason_params)
if @complaint_reason.save
render json: @complaint_reason, status: :created, description: @complaint_reason
else
render json: @complaint_reason.errors, status: :unprocessable_entity
end
end
# PATCH/PUT /questions/1
def update
if @complaint_reason.update_attribute(:status, complaint_reason_params[:status])
render json: @complaint_reason
else
render json: @complaint_reason.errors, status: :unprocessable_entity
end
end
# DELETE /questions/1
def destroy
@complaint_reason.destroy
end
private
def complaint_reason_params
params.require(:complaint_reason).permit(:reason, :status)
end
def set_complaint_reason
@complaint_reason = ComplaintReason.where(id: params[:id]).first
render status: :not_found if @complaint_reason.blank?
@complaint_reason
end
end
app/controllers/v1/complaints_controller.rb
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::ComplaintsController < ApplicationController
include ::DeletedObjectsController
include ::Paginator
before_action :authenticate_user!, only: [:create]
# GET v1/complaint
# GET v1/complaint.json
before_action :set_complaint, only: [:show, :show_related , :reject, :accept]
before_action :authenticate_user!, only: [:index, :show, :show_related, :create, :reject, :accept, :treat_related]
# GET v1/complaints
# GET v1/complaints.json
def index
complaints = paginate Complaint
render json: complaints
end
# GET v1/complaint
# GET v1/complaint.json
def create
complaint = Complaint.new(complaint_params)
# GET /v1/complaints/1
# GET /v1/complaints/1.json
def show
render :json => @complaint, :include => {:complaint_reason => {:except => [:updated_at, :created_at]}}
end
if complaint.save
render json: complaint, status: :created
# GET /v1/complaints/1/show_related
# GET /v1/complaints/1/show_related.json
def show_related
response = Complaint.where(complainable: @complaint.complainable, state: "complained")
render status: :ok, json: response , :include => {:complaint_reason => {:except => [:updated_at, :created_at]}}
end
# POST v1/complaints
# POST v1/complaints.json
def create
@complaint = Complaint.new(complaint_creation_params)
if @complaint.save
ComplaintsMailer.new_complaint_received(@complaint, @current_user).deliver_now
@complaint.complainable.treat_complaintment
render json: @complaint, status: :created
else
render json: complaint.errors, status: :unprocessable_entity
render json: @complaint.errors, status: :unprocessable_entity
end
end
# POST v1/complaints/1/reject
# POST v1/complaints/1/reject.json
def reject
@complaint.rejected!
@complaint.complainable.complaint_reject(complaint_answer_params[:option])
response = { 'status': 'complaint rejected' }
render status: :ok, json: response
end
# POST v1/complaints/1/accept
# POST v1/complaints/1/accept.json
def accept
@complaint.accepted!
@complaint.complainable.complaint_accept(complaint_answer_params[:option])
response = { 'status': 'complaint accepted' }
render status: :ok, json: response
end
# POST /v1/complaints/1/treat_related
# POST /v1/complaints/1/treat_related.json
def treat_related
parameters = complaint_answer_params
user = User.find(params[:id])
parameters[:complaints].each do | complaints_item |
complaint = Complaint.find(complaints_item[:id])
if user != complaint.complainable
response = {'error': I18n.t("error.wrong_arguments", param: "id #{complaint.complainable_id}")}
render status: :bad_request, json: response
end
if complaints_item[:state] == "accept"
complaint.accepted!
elsif complaints_item[:state] == "reject"
complaint.rejected!
else
response = {'error': I18n.t("error.wrong_arguments", param: "state")}
render status: :bad_request, json: response
end
end
if parameters[:option] != nil
user.complaint_accept(parameters[:option])
end
render status: :ok
end
private
......@@ -29,8 +116,19 @@ class V1::ComplaintsController < ApplicationController
Complaint
end
def complaint_params
params.require(:complaint).permit(:user_id, :description,:complaintable_id, :complaint_reason_id, :complaintable_type)
def complaint_creation_params
params.require(:complaint).permit(:user_id, :description,:complainable_id, :complaint_reason_id, :complainable_type)
end
def complaint_answer_params
params.permit(:id, :option, :complaints=> [:id, :state])
end
def set_complaint
@complaint ||= Complaint.where(id: params[:id]).first
render status: :not_found if @complaint.blank?
@complaint
end
end
app/controllers/v1/contacts_controller.rb 0 → 100644
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::ContactsController < ApplicationController
include ::Paginator
before_action :authenticate_user!, except: [:create]
before_action :set_contact, only: [:show, :update, :destroy]
before_action :set_new_contact, only: :index
before_action :authorize!, except: [:create]
# GET v1/contacts
def index
contacts = paginate policy_scope(Contact)
render json: contacts
end
# GET v1/contacts/1
def show
render json: @contact
end
# POST v1/contacts
def create
@contact = Contact.new(contact_params)
if @contact.save
ContactsMailer.new_contact_received(@contact).deliver_now
render json: @contact, status: :created
else
render json: @contact.errors, status: :unprocessable_entity
end
end
# PATCH/PUT v1/contacts/1
def update
if @contact.update(contact_params)
ContactsMailer.contact_updated(@contact).deliver_now
render json: @contact
else
render json: @contact.errors, status: :unprocessable_entity
end
end
# DELETE v1/contacts/1
def destroy
@contact.destroy
response = { 'status': 'deleted' }
render status: :ok, json: response
end
private
# Use callbacks to share common setup or constraints between actions.
def set_contact
@contact = Contact.where(id: params[:id]).first
render status: :not_found if @contact.blank?
@contact
end
# Only allow a trusted parameter "white list" through.
def contact_params
params.require(:contact).permit(:name, :email, :message)
end
def authorize!
authorize @contact
end
def set_new_contact
@contact ||= Contact.new
end
end
app/controllers/v1/educational_stages_controller.rb 0 → 100644
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::EducationalStagesController < ApplicationController
include ::Paginator
# GET /educational_stages
# GET /educational_stages.json
def index
educational_stages = EducationalStage.all
render json: educational_stages
end
end
app/controllers/v1/email_controller.rb 0 → 100644
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::EmailController < ApplicationController
before_action :authenticate, only: [:create]
before_action -> { authorize current_user }, only: [:create]
def create
email = Email.new(email_params)
email.role_ids = roles_params[:roles]
email.user = current_user
if email.save
email.emails.each do |address|
EmailMailer.new_email(email, address).deliver_now
end
render status: :ok
else
render status: :unprocessable_entity
end
end
protected
def email_params
return nil if params[:email].nil?
params[:email].permit(:all_users, :subject, :body, emails: [])
end
def roles_params
params[:email].permit(roles: [])
end
def authenticate
authenticate_user!
end
end
app/controllers/v1/feed_controller.rb
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::FeedController < ApplicationController
include ::Paginator
include ActivitiesFilterService
before_action :authenticate_user!
# GET v1/feed
......@@ -12,20 +32,38 @@ class V1::FeedController < ApplicationController
private
#TODO: Tests
def activities_followed
activities = []
types.each do |type|
model = type.classify.constantize
current_user.watching(type).each do |follow|
followed = model.find(follow.followable_id)
activities.push(*followed.activities.to_a)
query = ""
values = [""]
# builds a query string to find all relevant activities
current_user.watching.each do |watching|
if !watching.respond_to?(:state) || watching.state == "published"
if (watching.class == Submission || watching.class == CuratorAssignment)
query += " ((trackable_type = ? and trackable_id = ?) and (owner_type = 'User' and owner_id = #{current_user.id})"
values << watching.class.to_s
values << watching.id
if watching.class == CuratorAssignment
query += " and (parameters is null or parameters not like '%ignored%')"
end
query += ")"
else
query += " (((trackable_type = ? and trackable_id = ?) or (owner_type = ? and owner_id = ?) or (recipient_type = ? and recipient_id = ?)) and (owner_type <> 'User' or (owner_type = 'User' and owner_id <> #{current_user.id})) and privacy = 'public')"
3.times do
values << watching.class.to_s
values << watching.id
end
end
query += " or"
# Activities that are made by, owned by, or change the object you follow should be found
end
end
activities
if query[-1] == "r"
values[0] = query[0..-3] # remove trailing "or" on the query
end
return [] if query.blank?
return PublicActivity::Activity.where(key: activities_filter).where(values).order(created_at: :desc)
end
def types
['User', 'Collection']
end
end
app/controllers/v1/institutions_controller.rb
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::InstitutionsController < ApplicationController
include ::DeletedObjectsController
include ::Paginator
......@@ -5,6 +24,7 @@ class V1::InstitutionsController < ApplicationController
before_action :set_institution, only: [:show, :update, :destroy, :users]
before_action :authenticate_user!, only: [:create, :update, :destroy]
before_action :authorize!, only: [:update, :destroy]
# GET v1/institutions
# GET v1/institutions.json
......@@ -23,6 +43,7 @@ class V1::InstitutionsController < ApplicationController
# POST v1/institutions.json
def create
institution = Institution.new(institution_params)
authorize institution
if institution.save
render json: institution, status: :created
......@@ -45,7 +66,8 @@ class V1::InstitutionsController < ApplicationController
# DELETE v1/institutions/1.json
def destroy
@institution.destroy
render status: :ok
response = { 'status': 'deleted' }
render status: :ok, json: response
end
def users
......@@ -60,11 +82,19 @@ class V1::InstitutionsController < ApplicationController
end
def set_institution
@institution = Institution.find(params[:id])
@institution = Institution.where(id: params[:id]).first
render status: :not_found if @institution.blank?
@institution
end
def institution_params
params.require(:institution).permit(:name, :description, :address, :city, :country)
end
def authorize!
authorize @institution
end
end
app/controllers/v1/languages_controller.rb
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::LanguagesController < ApplicationController
include ::Paginator
before_action :authenticate_user!, except: [:index, :show]
before_action :set_language, only: [:show, :update, :destroy]
before_action :authorize!, only: [:update, :destroy]
# GET /languages
# GET /languages.json
......@@ -21,6 +41,7 @@ class V1::LanguagesController < ApplicationController
# POST /languages.json
def create
@language = Language.new(language_params)
authorize @language
if @language.save
render json: @language, status: :created
......@@ -43,18 +64,28 @@ class V1::LanguagesController < ApplicationController
# DELETE /languages/1.json
def destroy
@language.destroy
render status: :ok
response = { 'status': 'deleted' }
render status: :ok, json: response
end
private
# Use callbacks to share common setup or constraints between actions.
def set_language
@language = Language.find(params[:id])
@language = Language.where(id: params[:id]).first
render status: :not_found if @language.blank?
@language
end
# Never trust parameters from the scary internet, only allow the white list through.
def language_params
params.require(:language).permit(:name, :code)
end
def authorize!
authorize @language
end
end
app/controllers/v1/learning_objects/attachment_controller.rb 0 → 100644
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::LearningObjects::AttachmentController < ApplicationController
include ::Paginator
before_action :set_objects
before_action :authenticate_user!, only: [:update, :index]
before_action :authorize!, only: :destroy
before_action :authorize_update_attachment!, only: :update
# GET /learning_objects/:learning_object_id/attachment
def index
@attachment = paginate @attachment
render json: @attachment
end
# DELETE /learning_objects/:learning_object_id/attachments/:id
def destroy
return render status: :not_found if @learning_object.nil? || @attachment.nil?
DeleteBitstreamWorker.perform_async(@attachment.id)
@learning_object.attachments.delete(@attachment)
if @learning_object.attachment == @attachment
@learning_object.attachment = nil
@learning_object.save
@attachment.destroy
@learning_object.reload
@learning_object.default_attachment
else
@learning_object.save
@attachment.destroy
end
render status: :ok
end
# PUT /learning_objects/:learning_object_id/attachments/:id
def update
return render status: :not_found if @learning_object.nil? || @attachment.nil?
if @attachment.update(update_params)
render json: @attachment, status: :ok
else
render status: :unprocessable_entity
end
end
private
def attachment_params
params.permit(:learning_object_id, :id)
end
def update_params
params.permit(:learning_object_attachment_id, :learning_object_attachment_id_son, :infohash)
end
def set_objects
if current_user.try(:is_admin?)
@learning_object = LearningObject.unscoped.where(id: attachment_params[:learning_object_id]).first
else
@learning_object = LearningObject.where(id: attachment_params[:learning_object_id]).first
end
render status: :not_found if @learning_object.blank?
if ( attachment_params[:id].blank? )
@attachment = @learning_object.attachments
else
@attachment = LearningObject::Attachment.where(id: attachment_params[:id]).first
end
render status: :not_found if @attachment.blank?
end
def authorize!
return render status: :unauthorized unless @learning_object.attachments.include? @attachment
authorize(@learning_object, :destroy?)
end
def authorize_update_attachment!
return render status: :unauthorized unless @learning_object.attachments.include? @attachment
authorize(@learning_object, :add_infohash?)
authorize(@learning_object, :add_attachment_id?)
end
end
app/controllers/v1/learning_objects/chunks_controller.rb
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::LearningObjects::ChunksController < ApplicationController
before_action :authorize!
before_action :chunk_service
# GET /learning_objects/:learning_object_id/chunk
def show
if @chunk.exist?
post_file
render status: :ok
else
render status: :not_found # chunk doesnt exists and needs to be uploaded
end
# chunk exist?
render status: File.exist?(chunk_file_path) ? 200 : 204
end
# POST /learning_objects/:learning_object_id/chunk
def create
@chunk.save
save_file!
post_file
render status: :ok
if last_chunk?
combine_file!
attachment = post_file!
render json: attachment, status: :ok
else
render status: :ok
end
rescue
render status: :internal_server_error
end
private
def chunk_service
@chunk = ChunksService.new(chunks_params)
return render status: :unsupported_media_type if @chunk.nil?
def authorize!
@learning_object = LearningObject.where(id: chunks_params[:id]).first
render status: :not_found if @learning_object.blank?
authorize(@learning_object, :update?)
end
def post_file
return false unless @chunk.last?
# Never trust parameters from the scary internet, only allow the white list through.
def chunks_params
params.permit(:id, :file, :_chunkNumber, :_totalChunks, :_chunkFilename, :_chunkIdentifier, :_chunkSize, :_currentChunkSize, :_totalSize)
end
def post_file!
attachment = @learning_object.attachments.create(name: File.basename(final_file_path), retrieve_link: final_file_path, bundle_name: "TEMP")
publisher = LearningObjectPublisher.new(DspaceService.create_client)
publisher.post @chunk.learning_object, @chunk.resumable_filename
publisher.upload @learning_object, final_file_path, attachment
end
def authorize!
learning_object = LearningObject.find chunks_params[:learning_object_id]
authorize(learning_object || LearningObject.new, :update?)
##
# Move the temporary Sinatra upload to the chunk file location
def save_file!
return nil unless chunks_params[:file].try(:tempfile).is_a? Tempfile
# Ensure required paths exist
FileUtils.mkpath(chunk_file_directory)
# Move the temporary file upload to the temporary chunk file path
FileUtils.mv(chunks_params[:file].tempfile, chunk_file_path, force: true)
end
# Never trust parameters from the scary internet, only allow the white list through.
def chunks_params
params.permit(:file, :learning_object_id, :resumableIdentifier, :resumableFilename, :resumableChunkNumber, :resumableTotalChunks, :resumableChunkSize)
##
# Build final file
def combine_file!
# Ensure required paths exist
FileUtils.mkpath(final_file_directory)
# Open final file in append mode
File.open(final_file_path, 'a') do |f|
file_chunks.each do |file_chunk_path|
# Write each chunk to the permanent file
f.write File.read(file_chunk_path)
end
end
FileUtils.chown_R 'portalmec', 'portalmec', final_file_path
FileUtils.chmod 0644, final_file_path
# Cleanup chunk file directory and all chunk files
FileUtils.rm_rf(chunk_file_directory)
end
def valid_mime_type?
mime_types = @learning_object.object_type.mime_types.map(&:extension)
return true if mime_types.empty?
mime_types.include? chunks_params[:_chunkFilename].split('.').last
end
##
# Determine if this is the last chunk based in parts count.
def last_chunk?
Dir["#{chunk_file_directory}/#{chunks_params[:_chunkFilename]}.part*"].count == chunks_params[:_totalChunks].to_i
end
##
# ./tmp/file-chunks/abc-123/upload.txt.part1
def chunk_file_path
File.join(chunk_file_directory, "#{chunks_params[:_chunkFilename]}.part#{chunks_params[:_chunkNumber]}")
end
##
# ./tmp/file-chunks/abc-123
def chunk_file_directory
File.join('tmp', 'file-chunks', chunks_params[:_chunkIdentifier])
end
##
# /tmp/file-chunks/upload.txt
def final_file_path
File.join(final_file_directory, chunks_params[:_chunkFilename])
end
##
# /tmp/file-chunks
def final_file_directory
File.join('public', 'uploads', chunks_params[:_chunkIdentifier])
end
##
# Get all file chunks sorted by cardinality of their part number
def file_chunks
Dir["#{chunk_file_directory}/*.part*"].sort_by { |f| f.split('.part')[1].to_i }
end
end
app/controllers/v1/learning_objects/publishes_controller.rb 0 → 100644
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::LearningObjects::PublishesController < ApplicationController
before_action :set_learning_object
before_action :authorize!
# POST /learning_objects/:id/publish
def create
return render status: :ok if @learning_object.published?
publisher = LearningObjectPublisher.new(DspaceService.create_client)
publisher.publish @learning_object
render status: :ok
end
private
# Use callbacks to share common setup or constraints between actions.
def set_learning_object
@learning_object = LearningObject.where(id: params[:id]).first
render status: :not_found if @learning_object.blank?
@learning_object
end
def authorize!
authorize(@learning_object, :publish?)
end
# Never trust parameters from the scary internet, only allow the white list through.
def publish_params
params.permit(:id)
end
end
app/controllers/v1/learning_objects/uploads_controller.rb
View file @ db00bc14
#
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::LearningObjects::UploadsController < ApplicationController
before_action :set_learning_object
before_action :authorize!
......@@ -5,9 +25,10 @@ class V1::LearningObjects::UploadsController < ApplicationController
# POST /learning_objects/:learning_object_id/upload
def create
return render status: :bad_request unless valid_file?
publisher = LearningObjectPublisher.new(DspaceService.create_client)
publisher.post @learning_object, saved_file
path = saved_file
attachment = @learning_object.attachments.create(name: File.basename(path), retrieve_link: path, bundle_name: "TEMP")
publisher.upload @learning_object, path, attachment
render status: :ok
end
......@@ -16,7 +37,11 @@ class V1::LearningObjects::UploadsController < ApplicationController
# Use callbacks to share common setup or constraints between actions.
def set_learning_object
@learning_object = LearningObject.find(params[:id])
@learning_object = LearningObject.where(id: params[:id]).first
render status: :not_found if @learning_object.blank?
@learning_object
end
def authorize!
......@@ -28,12 +53,13 @@ class V1::LearningObjects::UploadsController < ApplicationController
end
def saved_file
dir = "/tmp/#{@learning_object.id}"
FileUtils.mkdir(dir, mode: 0700) unless File.directory?(dir)
path = "#{dir}/#{upload_params[:file].original_filename}"
FileUtils.mv upload_params[:file].tempfile.path, path
dir = File.join('public', 'uploads', @learning_object.id.to_s)
FileUtils.mkpath(dir)
path = File.join(dir, upload_params[:file].original_filename)
FileUtils.mv(upload_params[:file].tempfile.path, path, force: true)
FileUtils.chown_R 'portalmec', 'portalmec', path
FileUtils.chmod 0644, path
path
end
......
app/controllers/v1/learning_objects_controller.rb
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
require 'uri'
class V1::LearningObjectsController < ApplicationController
include ::SociableController
include ::DownloadableController
include ::TaggableController
include ::Paginator
include ::DeletedObjectsController
include ::HighlightsController
include ::SubjectableController
include ::StageableController
before_action :authenticate_user!, except: [:index, :show]
before_action :set_learning_object, only: [:show, :update, :destroy]
before_action :authorize!, only: [:update, :destroy]
before_action :authenticate_user!, only: [:create, :update, :destroy, :tagging, :untagging, :submit, :submission, :show_submission]
before_action :set_learning_object, only: [:show, :update, :destroy, :subjecting, :unsubjecting, :add_stages, :remove_stages]
before_action :set_new_learning_object, only: [:index, :submissions]
before_action :set_new_submission, only: :submit
before_action :set_submission, only: :show_submission
before_action :authorize!, except: [:create, :tagging, :untagging, :download, :magnetlink, :validate]
before_action :set_paper_trail_whodunnit, except: [:index, :show]
def index
learning_objects = paginate LearningObject.includes(:tags, :publisher, :language, :license)
# learning_objects = policy_scope(LearningObject).includes(:tags, :publisher, :language, :license, :subjects, :educational_stages, :reviews)
learning_objects = LearningObject.published.includes(:tags, :publisher, :language, :license, :subjects, :educational_stages, :reviews)
learning_objects = learning_objects.order(score: :desc) if params[:sort].blank?
learning_objects = paginate learning_objects
serializer = params[:obaa].nil? ? LearningObjectSerializer : LearningObjectObaaSerializer
render json: learning_objects , each_serializer: serializer
http_cache_forever do
render json: learning_objects, each_serializer: serializer
end
end
# GET /learning_objects/1
# GET /learning_objects/1.json
def show
render json: params[:obaa].nil? ? @learning_object : LearningObjectObaaSerializer.new(@learning_object)
serializer = params[:obaa].nil? ? LearningObjectSerializer : LearningObjectObaaSerializer
render json: @learning_object, serializer: serializer
end
# POST /learning_objects
# POST /learning_objects.json
def create
@learning_object = ::LearningObject::DraftBuilder.build current_user, learning_object_params
learning_object = LearningObject.new(learning_object_params)
authorize learning_object
publisher = LearningObjectPublisher.new(DspaceService.create_client)
if publisher.create_draft @learning_object
render json: @learning_object, status: :created
learning_object = publisher.create_draft(learning_object, current_user)
if learning_object.errors.errors.blank?
learning_object_associations(learning_object, false)
render json: learning_object, status: :created
else
render json: @learning_object.errors, status: :unprocessable_entity
render json: learning_object.errors, status: :unprocessable_entity
end
end
# PATCH/PUT /learning_objects/1
# PATCH/PUT /learning_objects/1.json
def update
if LearningObject.update(learning_object_params)
lo_params = learning_object_params
if !lo_params[:object_type_id].blank? && lo_params[:object_type_id] != @learning_object.object_type_id && lo_params[:link].blank?
change_object_type_id = true
end
if lo_params[:thumbnail] == "null"
@learning_object.thumbnail.clear
lo_params.delete(:thumbnail)
end
if @learning_object.update(lo_params)
update_learning_object_associations(@learning_object, change_object_type_id)
publisher = LearningObjectPublisher.new(DspaceService.create_client)
publisher.update_dspace(@learning_object)
render json: @learning_object, status: :ok
else
render json: @learning_object.errors, status: :unprocessable_entity
......@@ -49,8 +98,24 @@ class V1::LearningObjectsController < ApplicationController
# DELETE /learning_objects/1
# DELETE /learning_objects/1.json
def destroy
LearningObject.destroy @learning_object
render status: :ok
@learning_object.destroy
response = { 'status': 'deleted' }
render status: :ok, json: response
end
# GET /v1/learning_objects/magnetlink/:magnetlink
def magnetlink
render json: LearningObject.where(magnetlink: params[:magnetlink])
end
# GET /learning_objects/validate?infohash=""
def validate
infohash = LearningObject::Attachment.find_by_infohash(params["infohash"])
if infohash
render json: infohash, status: :ok
else
render status: :not_found
end
end
private
......@@ -58,21 +123,64 @@ class V1::LearningObjectsController < ApplicationController
def deleted_resource; LearningObject; end
def highlights_resource; LearningObject; end
def sociable; set_learning_object; end
def downloadable; set_learning_object; end
def taggable; set_learning_object; end
def subjectable; set_learning_object; end
def stageable; set_learning_object; end
# Use callbacks to share common setup or constraints between actions.
def set_learning_object
@learning_object ||= LearningObject.unscoped.find(params[:id])
#check if user is admin to show destroyed object
if current_user.try(:is_admin?)
@learning_object ||= LearningObject.unscoped.where(id: params[:id]).first
else
@learning_object ||= LearningObject.where(id: params[:id]).first
end
render status: :not_found if @learning_object.blank?
@learning_object
end
def set_new_learning_object
@learning_object ||= LearningObject.new
end
# Never trust parameters from the scary internet, only allow the white list through.
def learning_object_params
params[:learning_object].permit(:author, :name, :object_type_id, :description, :school_level, :language, :link, tags: [:name] )
return nil if params[:learning_object].nil?
params[:learning_object].permit(:author, :name, :curator, :object_type_id, :description, :license_id, :terms_of_service, :thumbnail, :software, :link, :magnetlink, language_ids: [])
end
def extra_params
return {} if params[:learning_object].nil?
params[:learning_object].permit(subjects: [], educational_stages: [], tags: [:name])
end
def learning_object_associations(learning_object, change_object_type_id=false)
if extra_params[:tags] == []
current_user.untag(learning_object, with: @learning_object.tags.map { |t| t['name'] })
elsif !extra_params[:tags].nil?
current_user.tag(learning_object, with: extra_params[:tags].map { |t| t['name'] })
end
learning_object.add_subjects(ids: extra_params[:subjects]) unless extra_params[:subjects].nil?
learning_object.add_educational_stages(ids: extra_params[:educational_stages]) unless extra_params[:educational_stages].nil?
if change_object_type_id
learning_object.link = nil
end
end
def update_learning_object_associations(learning_object, change_object_type_id=false)
current_user.update_tags(learning_object, with: extra_params[:tags].map { |t| t['name'] }) unless extra_params[:tags].nil?
learning_object.update_subjects(ids: extra_params[:subjects].map {|s| s.to_i}) unless extra_params[:subjects].nil?
learning_object.update_educational_stages(ids: extra_params[:educational_stages].map {|es| es.to_i}) unless extra_params[:educational_stages].nil?
if change_object_type_id
learning_object.link = nil
end
end
def authorize!
@learning_object ||= LearningObject.new
authorize @learning_object
end
end
app/controllers/v1/licenses_controller.rb
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::LicensesController < ApplicationController
before_action :authenticate_user!, only: [:create, :update, :destroy]
before_action :set_license, only: [:show, :update, :destroy]
before_action :authorize!, only: [:update, :destroy]
# GET /licenses
# GET /licenses.json
......@@ -18,6 +38,7 @@ class V1::LicensesController < ApplicationController
# POST /licenses.json
def create
@license = License.new(license_params)
authorize @license
if @license.save
render json: @license, status: :created
......@@ -29,8 +50,6 @@ class V1::LicensesController < ApplicationController
# PATCH/PUT /licenses/1
# PATCH/PUT /licenses/1.json
def update
@license = License.find(params[:id])
if @license.update(license_params)
head :no_content
else
......@@ -49,10 +68,18 @@ class V1::LicensesController < ApplicationController
private
def set_license
@license = License.find(params[:id])
@license = License.where(id: params[:id]).first
render status: :not_found if @license.blank?
@license
end
def license_params
params.require(:license).permit(:name, :description, :url, :image_url)
end
def authorize!
authorize @license
end
end
app/controllers/v1/mime_types_controller.rb
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::MimeTypesController < ApplicationController
include ::Paginator
before_action :authenticate_user!, except: [:index, :show]
before_action :set_mime_type, only: [:show, :update, :destroy]
before_action :authorize!, only: [:update, :destroy]
# GET /mime_types
# GET /mime_types.json
......@@ -21,6 +41,7 @@ class V1::MimeTypesController < ApplicationController
# POST /mime_types.json
def create
@mime_type = MimeType.new(mime_type_params)
authorize @mime_type
if @mime_type.save
render json: @mime_type, status: :created
......@@ -43,18 +64,27 @@ class V1::MimeTypesController < ApplicationController
# DELETE /mime_types/1.json
def destroy
@mime_type.destroy
render status: :ok
response = { 'status': 'deleted' }
render status: :ok, json: response
end
private
# Use callbacks to share common setup or constraints between actions.
def set_mime_type
@mime_type = MimeType.find(params[:id])
@mime_type = MimeType.where(id: params[:id]).first
render status: :not_found if @mime_type.blank?
@mime_type
end
# Never trust parameters from the scary internet, only allow the white list through.
def mime_type_params
params.require(:mime_type).permit(:extension, :mime_type)
end
def authorize!
authorize @mime_type
end
end
app/controllers/v1/object_types_controller.rb
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
class V1::ObjectTypesController < ApplicationController
include ::Paginator
before_action :authenticate_user!, except: [:index, :show]
before_action :set_object_type, only: [:show, :update, :destroy]
before_action :authorize!, only: [:update, :destroy]
# GET /object_types
# GET /object_types.json
def index
object_types = paginate ObjectType.includes(:mime_types)
object_types = ObjectType.includes(:mime_types)
render json: object_types
end
......@@ -22,6 +42,7 @@ class V1::ObjectTypesController < ApplicationController
# POST /object_types.json
def create
@object_type = ObjectType.new(sanitazed_params)
authorize @object_type
if @object_type.save
render json: @object_type, status: :created
......@@ -51,7 +72,11 @@ class V1::ObjectTypesController < ApplicationController
# Use callbacks to share common setup or constraints between actions.
def set_object_type
@object_type = ObjectType.find(params[:id])
@object_type = ObjectType.where(id: params[:id]).first
render status: :not_found if @object_type.blank?
@object_type
end
# Never trust parameters from the scary internet, only allow the white list through.
......@@ -70,4 +95,8 @@ class V1::ObjectTypesController < ApplicationController
end
mime_params
end
def authorize!
authorize @object_type
end
end
app/controllers/v1/omniauth_callbacks_controller.rb 0 → 100644
View file @ db00bc14
# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec. If not, see <http://www.gnu.org/licenses/>.
require 'open-uri'
class V1::OmniauthCallbacksController < DeviseTokenAuth::OmniauthCallbacksController
protected
# break out provider attribute assignment for easy method extension
def assign_provider_attrs(user, auth_hash)
avatar = URI.parse(auth_hash['info']['image']).open
user.assign_attributes({
nickname: auth_hash['info']['nickname'],
name: auth_hash['info']['name'],
avatar: avatar,
email: auth_hash['info']['email']
})
end
end