Skip to content
Permalink
Browse files

Merge branch 'development'

  • Loading branch information...
mjy committed Jun 16, 2019
2 parents bc2dcbb + a405b6c commit 0ee428e56b6d3f1d9e5b20555efa3380f8898ab0
@@ -24,9 +24,12 @@ module Intercept
# then it must pass here.
def intercept_api
@api_request = true
res = true

res = intercept_user if params[:authenticate_user]
res = intercept_project if res && params[:authenticate_project]
res = intercept_user_or_project if res && params[:authenticate_user_or_project]

res = set_project_from_params if res && params[:project_id]

res
@@ -35,10 +35,9 @@ def project_token_authenticate
@sessions_current_project = Project.find_by_api_access_token(t) if t

if @sessions_current_project
# check for agreement between provided values
# check for agreement between provided values
return false if params[:project_id] && @sessions_current_project.id != params[:project_id]&.to_i
return false if request.headers['project_id'] && @sessions_current_project.id != request.headers['project_id']&.to_i

@sessions_current_project
else
false
@@ -51,4 +50,11 @@ def intercept_project
end
true
end

def intercept_user_or_project
if not (project_token_authenticate or token_authenticate)
render(json: {success: false}, status: :unauthorized) && return
end
true
end
end
@@ -76,7 +76,11 @@ def sessions_current_project_id=(project_id)
end

def sessions_current_project_id
@api_request ? @sessions_current_project.id : session[:project_id]
if @api_request
return @sessions_current_project.id if @sessions_current_project
else
session[:project_id]
end
end

def sessions_current_project
@@ -139,7 +143,7 @@ def require_project_selection

def require_sign_in_and_project_selection
# TODO: account for permitted token based projects
unless sessions_signed_in? && sessions_project_selected?
unless (sessions_signed_in? or @api_request) && sessions_project_selected?
respond_to do |format|
format.html { redirect_to root_url, notice: 'Whoa there, sign in and select a project first.' }
format.json { render(json: {success: false}, status: :unauthorized) && return } # TODO: bad request, not unauthorized
@@ -62,7 +62,7 @@ class Combination < TaxonName
series subseries species subspecies variety subvariety form subform}.freeze

before_validation :set_parent

validate :validate_absence_of_subject_relationships

# TODO: make access private
attr_accessor :disable_combination_relationship_check
@@ -381,6 +381,12 @@ def protonyms_by_association

protected

def validate_absence_of_subject_relationships
if TaxonNameRelationship.where(subject_taxon_name_id: self.id).any?
errors.add(:base, 'This combination could not be used as a Subject in any TaxonNameRelationships.')
end
end

# TODO: this is a TaxonName level validation, it doesn't belong here
def sv_year_of_publication_matches_source
source_year = source.nomenclature_year if source
@@ -14,13 +14,13 @@ module Shared::IsData::Pinnable
# @return [Boolean]
# whether the object is pinned by the user
def pinned?(user, project_id)
user.pinboard_items.where(project_id: project_id).for_object(self.metamorphosize).any?
user && user.pinboard_items.where(project_id: project_id).for_object(self.metamorphosize).any?
end

# @return [PinboardItem, nil]
# the pinboard item corresponding to the object, if present
def pinboard_item_for(user)
user.pinboard_items.for_object(self.metamorphosize).first
user && user.pinboard_items.for_object(self.metamorphosize).first
end

# @return [Boolean]
@@ -116,7 +116,7 @@ def sv_species_gender_agreement
s = part_of_speech_name
if !s.nil? && is_available?
if %w{adjective participle}.include?(s)
if !feminine_name.blank? && !masculine_name.blank? && !neuter_name.blank? && (name == masculine_name || name == feminine_name || name == neuter_name)
if !feminine_name.blank? && !masculine_name.blank? && !neuter_name.blank? && name != masculine_name && name != feminine_name && name != neuter_name
soft_validations.add(:base, 'Species name does not match with either of three alternative forms')
else
if feminine_name.blank?
@@ -19,13 +19,14 @@


# !@ may not be many things here, doesn't make a lot of sense?!

end

defaults authenticate_user: true, authenticate_project: true do
# authenticated by user and project
get '/both_authenticated', to: 'base#index'
end

defaults authenticate_user_or_project: true do
get '/otus', to: '/otus#index'

get '/taxon_names', to: '/taxon_names#api_index'
@@ -2185,7 +2185,7 @@ byebug if row['TaxonCode'] == 'IhambrA' && row['Code'] == 'IhrambA'

if !notes[row['Status']].nil? && !taxon.nil?
nt = notes[row['Status']]
nt += ' ' + taxon1.cached_html + ' ' + taxon1.cached_author_year if taxon1
nt += ' ' + taxon1.cached_html.to_s + ' ' + taxon1.cached_author_year.to_s if taxon1
c = taxon.data_attributes.create(type: 'InternalAttribute', predicate: keywords['status'], value: nt)

if !c.id.blank? # valid?
@@ -374,6 +374,19 @@
c1.destroy
end

specify 'missmatching alternative spellings for species participle' do
c1 = FactoryBot.create(:taxon_name_classification, taxon_name: @species, type: 'TaxonNameClassification::Latinized::PartOfSpeech::Participle')
@species.masculine_name = 'foo'
@species.feminine_name = 'foo'
@species.neuter_name = 'foo'
@species.soft_validate(:species_gender_agreement)
expect(@species.soft_validations.messages_on(:base)).to include('Species name does not match with either of three alternative forms')
@species.masculine_name = @species.name
@species.soft_validate(:species_gender_agreement)
expect(@species.soft_validations.messages_on(:base).empty?).to be_truthy
c1.destroy
end

specify 'unnecessary alternative spellings for species noun' do
s = FactoryBot.create(:relationship_species, parent: @genus, masculine_name: 'foo', feminine_name: 'foo', neuter_name: 'foo')
c1 = FactoryBot.create(:taxon_name_classification, taxon_name: s, type: 'TaxonNameClassification::Latinized::PartOfSpeech::NounInGenitiveCase')
@@ -384,7 +397,7 @@
end

specify 'unproper noun names (endings incorrect)' do
s = FactoryBot.create(:relationship_species, parent: @genus, masculine_name: 'vita', feminine_name: 'vitus', neuter_name: 'viter')
s = FactoryBot.create(:relationship_species, parent: @genus, masculine_name: 'vita', feminine_name: 'vitus', neuter_name: 'vitis')
c1 = FactoryBot.create(:taxon_name_classification, taxon_name: s, type: 'TaxonNameClassification::Latinized::PartOfSpeech::Adjective')
s.soft_validate(:species_gender_agreement)
expect(s.soft_validations.messages_on(:masculine_name).size).to eq(1)
@@ -10,13 +10,6 @@
# let(:headers) { { "Authorization": 'Token token=' + user.api_access_token, project_id: otu.project_id } }
# let(:path) { '/api/v1/otus/' }

it_behaves_like 'secured by both user and project token', :valid_otu, '/api/v1/otus/'

# project token-only for now
xcontext 'with a valid user token and project_id' do
before { get path, headers: headers, params: { project_id: otu.project_id } }
it_behaves_like 'a successful response'
end

it_behaves_like 'secured by user and project token', :valid_otu, '/api/v1/otus/'
end
end
@@ -8,18 +8,11 @@
# let(:headers) { { "Authorization": 'Token token=' + user.api_access_token, project_id: taxon_name.project_id } }
# let(:path) { '/api/v1/taxon_names/' }

it_behaves_like 'secured by both user and project token', :valid_taxon_name, '/api/v1/taxon_names/'

# project token-only for now
xcontext 'with a valid user token and project_id' do
before { get path, headers: headers, params: { project_id: taxon_name.project_id } }
it_behaves_like 'a successful response'
end
it_behaves_like 'secured by user and project token', :valid_taxon_name, '/api/v1/taxon_names/'
end

context 'taxon_names/autocomplete' do

it_behaves_like 'secured by both user and project token', :valid_taxon_name, '/api/v1/taxon_names/autocomplete'

it_behaves_like 'secured by user and project token', :valid_taxon_name, '/api/v1/taxon_names/autocomplete'
end
end
@@ -20,10 +20,10 @@
# end
end

shared_examples_for 'secured by both user and project token' do | factory, path |
shared_examples_for 'secured by user and project token' do | factory, path |
let(:user) { FactoryBot.create(:valid_user, :user_valid_token) }
let(:model) { FactoryBot.create(factory) }
let(:headers) { { "Authorization": 'Token ' + user.api_access_token, project_id: model.project_id } }
let(:headers) { { "Authorization": 'Token ' + user.api_access_token } }

context 'without a user token' do
before { get path }
@@ -35,9 +35,14 @@
it_behaves_like 'unauthorized response'
end

context 'with a valid user token and valid project token (project set by proxy)' do
context 'with a valid user token and project_id' do
before { get path, headers: headers, params: { project_id: model.project_id } }
it_behaves_like 'a successful response'
end

context 'with a valid project token' do
before { model.project.update(set_new_api_access_token: true) }
before { get path, headers: headers, params: { project_token: model.project.api_access_token } }
before { get path, params: { project_token: model.project.api_access_token } }
it_behaves_like 'a successful response'
end
end
end

0 comments on commit 0ee428e

Please sign in to comment.
You can’t perform that action at this time.