diff --git a/app/api/api.rb b/app/api/api.rb index f07baa398..8c46b2964 100644 --- a/app/api/api.rb +++ b/app/api/api.rb @@ -4,6 +4,7 @@ class API < Grape::API rack_response({message: 'Validation failed', errors: errors}.to_json, 422) end - include Oauth + include ::V1::Auth + helpers ::V1::APIHelper mount ::V1::API end diff --git a/app/api/api_helper.rb b/app/api/api_helper.rb new file mode 100644 index 000000000..e6113a3a0 --- /dev/null +++ b/app/api/api_helper.rb @@ -0,0 +1,30 @@ +module APIHelper + def logger + ::API.logger + end + + def current_tenant + current_user.tenant + end + + # API Errors + def bad_request! + render_api_error!('(400) Bad Request', 400) + end + + def forbidden! + render_api_error!('(403) Forbidden', 403) + end + + def not_found! + render_api_error!('(404) Not found', 404) + end + + def unauthorized! + render_api_error!('(401) Unauthorized', 401) + end + + def render_api_error!(message, status) + error!({message: message}, status) + end +end diff --git a/app/api/oauth.rb b/app/api/auth.rb similarity index 58% rename from app/api/oauth.rb rename to app/api/auth.rb index 65c496d65..07b24ac9d 100644 --- a/app/api/oauth.rb +++ b/app/api/auth.rb @@ -1,10 +1,8 @@ -#require 'doorkeeper/grape/authorization_decorator' +require 'doorkeeper/grape/authorization_decorator' -module Oauth +module Auth extend ActiveSupport::Concern - #helpers Doorkeeper::Grape::Helpers - included do use Rack::OAuth2::Server::Resource::Bearer, 'OAuth2' do |request| # Yield access token to store it in the env @@ -27,8 +25,39 @@ def find_access_token @access_token ||= Doorkeeper.authenticate(doorkeeper_request, Doorkeeper.configuration.access_token_methods) end + def authenticate! + unauthorized! unless current_user + end + + def authorize!(action, subject) + unless abilities.allowed?(current_user, action, subject) + forbidden! + end + end + + def require_scope!(scopes) + return unless find_access_token + scopes = [scopes] unless scopes.kind_of? Array + + unless (find_access_token.scopes.to_a & scopes) == scopes + forbidden! + end + end + + def can?(object, action, subject) + abilities.allowed?(object, action, subject) + end + private + def abilities + @abilities ||= begin + abilities = Six.new + abilities << Abilities::Ability + abilities + end + end + def find_current_user if find_access_token lookup_owner @@ -48,9 +77,7 @@ def lookup_owner end def doorkeeper_request - @doorkeeper_request ||= ActionDispatch::Request.new(env) - # TODO: Determine which is fastest/best to wrap env with at a later date - # @doorkeeper_request ||= Doorkeeper::Grape::AuthorizationDecorator.new(request) + @doorkeeper_request ||= Doorkeeper::Grape::AuthorizationDecorator.new(request) end def warden diff --git a/app/api/v1/api.rb b/app/api/v1/api.rb index f0409d136..ac83500a4 100644 --- a/app/api/v1/api.rb +++ b/app/api/v1/api.rb @@ -6,8 +6,6 @@ class API < Grape::API content_type :json, 'application/json' version 'v1', using: :path - helpers ::V1::Helpers::APIHelper - mount ::V1::Resources::Categories mount ::V1::Resources::Posts mount ::V1::Resources::Media diff --git a/app/api/v1/helpers/api_helper.rb b/app/api/v1/helpers/api_helper.rb deleted file mode 100644 index 6de78c578..000000000 --- a/app/api/v1/helpers/api_helper.rb +++ /dev/null @@ -1,70 +0,0 @@ -module V1 - module Helpers - module APIHelper - def logger - ::API.logger - end - - # Authentication and Authorization - def authenticate! - unauthorized! unless current_user - end - - def authorize!(action, subject) - unless abilities.allowed?(current_user, action, subject) - forbidden! - end - end - - def require_scope!(scopes) - return unless find_access_token - scopes = [scopes] unless scopes.kind_of? Array - - unless (find_access_token.scopes.to_a & scopes) == scopes - # TODO: Scopes are historically completely broken in Cortex. This is quite the security issue: fix! - puts 'SCOPES are currently being IGNORED' - # forbidden! - end - end - - def current_tenant - current_user.tenant - end - - def can?(object, action, subject) - abilities.allowed?(object, action, subject) - end - - # API Errors - def bad_request! - render_api_error!('(400) Bad Request', 400) - end - - def forbidden! - render_api_error!('(403) Forbidden', 403) - end - - def not_found! - render_api_error!('(404) Not found', 404) - end - - def unauthorized! - render_api_error!('(401) Unauthorized', 401) - end - - def render_api_error!(message, status) - error!({message: message}, status) - end - - private - - def abilities - @abilities ||= begin - abilities = Six.new - abilities << Abilities::Ability - abilities - end - end - end - end -end diff --git a/app/api/v1/resources/applications.rb b/app/api/v1/resources/applications.rb index 6ff226ecc..14c8e175b 100644 --- a/app/api/v1/resources/applications.rb +++ b/app/api/v1/resources/applications.rb @@ -1,17 +1,17 @@ module V1 module Resources class Applications < Grape::API - helpers Helpers::ParamsHelper + helpers ::V1::Helpers::ParamsHelper resource :applications do include Grape::Kaminari - helpers Helpers::ApplicationsHelper + helpers ::V1::Helpers::ApplicationsHelper paginate per_page: 25 desc 'Show all applications', { entity: ::V1::Entities::Application, nickname: 'showAllApplications' } get do - require_scope! :'view:applications' + require_scope! 'view:applications' authorize! :view, ::Application @applications = ::Application.where(tenant: current_tenant) @@ -21,7 +21,7 @@ class Applications < Grape::API desc 'Show an application', { entity: ::V1::Entities::Application, nickname: "showApplication" } get ':id' do - require_scope! :'view:applications' + require_scope! 'view:applications' present application!, with: ::V1::Entities::Application end @@ -30,7 +30,7 @@ class Applications < Grape::API requires :name, type: String, desc: "Application Name" end post do - require_scope! :'modify:applications' + require_scope! 'modify:applications' authorize! :create, Application allowed_params = remove_params(::V1::Entities::Application.documentation.keys, :children) @@ -43,7 +43,7 @@ class Applications < Grape::API desc 'Update an application', { entity: ::V1::Entities::Application, params: ::V1::Entities::Application.documentation, nickname: "updateApplication" } put ':id' do - require_scope! :'modify:applications' + require_scope! 'modify:applications' authorize! :update, application! allowed_params = remove_params(::V1::Entities::Application.documentation.keys, :children) @@ -54,7 +54,7 @@ class Applications < Grape::API desc 'Delete an application', { nickname: "deleteApplication" } delete ':id' do - require_scope! :'modify:applications' + require_scope! 'modify:applications' authorize! :delete, application! application.destroy diff --git a/app/api/v1/resources/bulk_jobs.rb b/app/api/v1/resources/bulk_jobs.rb index ef768cecd..8d4d4a7e2 100644 --- a/app/api/v1/resources/bulk_jobs.rb +++ b/app/api/v1/resources/bulk_jobs.rb @@ -3,14 +3,14 @@ module Resources class BulkJobs < Grape::API resource :bulk_jobs do include Grape::Kaminari - helpers Helpers::BulkJobsHelper + helpers ::V1::Helpers::BulkJobsHelper paginate per_page: 25 desc 'Show all bulk jobs', { entity: ::V1::Entities::BulkJob, nickname: 'showAllBulkJobs' } get do authorize! :view, ::BulkJob - require_scope! :'view:bulk_jobs' + require_scope! 'view:bulk_jobs' @bulk_job = ::BulkJob.order(created_at: :desc) @@ -19,7 +19,7 @@ class BulkJobs < Grape::API desc 'Get bulk job', { entity: ::V1::Entities::BulkJob, nickname: 'showBulkJob' } get ':id' do - require_scope! :'view:bulk_jobs' + require_scope! 'view:bulk_jobs' authorize! :view, bulk_job! present bulk_job, with: ::V1::Entities::BulkJob diff --git a/app/api/v1/resources/credentials.rb b/app/api/v1/resources/credentials.rb index 4f6a2fb35..f1ebc8738 100644 --- a/app/api/v1/resources/credentials.rb +++ b/app/api/v1/resources/credentials.rb @@ -1,19 +1,19 @@ module V1 module Resources class Credentials < Grape::API - helpers Helpers::ParamsHelper + helpers ::V1::Helpers::ParamsHelper resource :applications do segment '/:id' do resource :credentials do include Grape::Kaminari - helpers Helpers::ApplicationsHelper + helpers ::V1::Helpers::ApplicationsHelper paginate per_page: 25 desc 'Show all credentials', {entity: ::V1::Entities::Credential, nickname: 'showAllCredentials'} get do - require_scope! :'view:application' + require_scope! 'view:application' authorize! :view, ::Application @credentials = application!.credentials @@ -23,7 +23,7 @@ class Credentials < Grape::API desc 'Get credential', {entity: ::V1::Entities::Credential, nickname: 'showCredential'} get ':credential_id' do - require_scope! :'view:application' + require_scope! 'view:application' authorize! :view, application! @credential = application!.credentials.find(params[:credential_id]) @@ -33,7 +33,7 @@ class Credentials < Grape::API desc 'Delete credential', {nickname: 'deleteCredential'} delete ':credential_id' do - require_scope! :'modify:application' + require_scope! 'modify:application' authorize! :delete, application! @credential = application!.credentials.find(params[:credential_id]).delete @@ -43,7 +43,7 @@ class Credentials < Grape::API desc 'Create a credential', {entity: ::V1::Entities::Credential, params: ::V1::Entities::Credential.documentation, nickname: 'createCredential'} post do - require_scope! :'modify:application' + require_scope! 'modify:application' authorize! :create, ::Application allowed_params = remove_params(::V1::Entities::Credential.documentation.keys, :id, :created_at, :updated_at) @@ -56,7 +56,7 @@ class Credentials < Grape::API desc 'Update a credential', {entity: ::V1::Entities::Credential, params: ::V1::Entities::Credential.documentation, nickname: 'updateCredential'} put ':credential_id' do - require_scope! :'modify:application' + require_scope! 'modify:application' authorize! :update, application! allowed_params = remove_params(::V1::Entities::Credential.documentation.keys, :id, :created_at, :updated_at) diff --git a/app/api/v1/resources/documents.rb b/app/api/v1/resources/documents.rb index 7482ba444..9bca9fa1c 100644 --- a/app/api/v1/resources/documents.rb +++ b/app/api/v1/resources/documents.rb @@ -3,14 +3,14 @@ module Resources class Documents < Grape::API resource :documents do include Grape::Kaminari - helpers Helpers::DocumentsHelper + helpers ::V1::Helpers::DocumentsHelper paginate per_page: 25 desc 'Show all documents', { entity: ::V1::Entities::Document, nickname: 'showAllDocument' } get do authorize! :view, ::Document - require_scope! :'view:documents' + require_scope! 'view:documents' @document = ::Document.order(created_at: :desc) ::V1::Entities::Document.represent paginate(@document) @@ -18,7 +18,7 @@ class Documents < Grape::API desc 'Get document', { entity: ::V1::Entities::Document, nickname: 'showDocument' } get ':id' do - require_scope! :'view:documents' + require_scope! 'view:documents' authorize! :view, document! present document, with: ::V1::Entities::Document @@ -26,7 +26,7 @@ class Documents < Grape::API desc 'Create document', { entity: ::V1::Entities::Document, params: ::V1::Entities::Document.documentation, nickname: 'createDocument' } post do - require_scope! :'modify:documents' + require_scope! 'modify:documents' authorize! :create, ::Document document_params = params[:document] || params @@ -40,7 +40,7 @@ class Documents < Grape::API desc 'Update document', { entity: ::V1::Entities::Document, params: ::V1::Entities::Document.documentation, nickname: 'updateDocument' } put ':id' do - require_scope! :'modify:documents' + require_scope! 'modify:documents' authorize! :update, document! document_params = params[:document] || params @@ -52,7 +52,7 @@ class Documents < Grape::API desc 'Delete document', { nickname: 'deleteDocument' } delete ':id' do - require_scope! :'modify:documents' + require_scope! 'modify:documents' authorize! :delete, document! begin diff --git a/app/api/v1/resources/locales.rb b/app/api/v1/resources/locales.rb index f5ee51943..a54b3b750 100644 --- a/app/api/v1/resources/locales.rb +++ b/app/api/v1/resources/locales.rb @@ -1,20 +1,20 @@ module V1 module Resources class Locales < Grape::API - helpers Helpers::ParamsHelper + helpers ::V1::Helpers::ParamsHelper resource :localizations do segment '/:id' do resource :locales do include Grape::Kaminari - helpers Helpers::LocaleHelper - helpers Helpers::LocalizationHelper + helpers ::V1::Helpers::LocaleHelper + helpers ::V1::Helpers::LocalizationHelper paginate per_page: 25 desc 'Show all locales', {entity: ::V1::Entities::Locale, nickname: 'showAllLocales'} get do - require_scope! :'view:locales' + require_scope! 'view:locales' authorize! :view, ::Locale @locales = localization.locales.order(created_at: :desc) @@ -24,7 +24,7 @@ class Locales < Grape::API desc 'Get locale', {entity: ::V1::Entities::Locale, nickname: 'showLocale'} get ':locale_name' do - require_scope! :'view:locales' + require_scope! 'view:locales' authorize! :view, locale! @locale = Locale.find_by_name!(params[:locale_name]) @@ -34,7 +34,7 @@ class Locales < Grape::API desc 'Delete locale', {nickname: 'deleteLocale'} delete ':locale_name' do - require_scope! :'modify:locales' + require_scope! 'modify:locales' authorize! :delete, locale! locale.destroy! @@ -42,7 +42,7 @@ class Locales < Grape::API desc 'Create a locale', {entity: ::V1::Entities::Locale, params: ::V1::Entities::Locale.documentation, nickname: 'createLocale'} post do - require_scope! :'modify:locales' + require_scope! 'modify:locales' authorize! :create, ::Locale allowed_params = remove_params(::V1::Entities::Locale.documentation.keys, :id, :created_at, :updated_at, :available_locales, :locales, :creator) @@ -56,7 +56,7 @@ class Locales < Grape::API desc 'Update a locale', {entity: ::V1::Entities::Locale, params: ::V1::Entities::Locale.documentation, nickname: 'updateLocale'} put ':locale_name' do - require_scope! :'modify:locales' + require_scope! 'modify:locales' authorize! :update, locale! allowed_params = remove_params(::V1::Entities::Locale.documentation.keys, :id, :created_at, :updated_at, :available_locales, :locales, :creator) diff --git a/app/api/v1/resources/localizations.rb b/app/api/v1/resources/localizations.rb index deaebd695..87712e674 100644 --- a/app/api/v1/resources/localizations.rb +++ b/app/api/v1/resources/localizations.rb @@ -1,17 +1,17 @@ module V1 module Resources class Localizations < Grape::API - helpers Helpers::ParamsHelper + helpers ::V1::Helpers::ParamsHelper resource :localizations do include Grape::Kaminari - helpers Helpers::LocalizationHelper + helpers ::V1::Helpers::LocalizationHelper paginate per_page: 25 desc 'Show all localizations', { entity: ::V1::Entities::Localization, nickname: 'showAllLocalizations' } get do - require_scope! :'view:localizations' + require_scope! 'view:localizations' authorize! :view, ::Localization @localizations = ::Localization.order(created_at: :desc) @@ -21,7 +21,7 @@ class Localizations < Grape::API desc 'Get localization', { entity: ::V1::Entities::Localization, nickname: 'showLocalization' } get ':id' do - require_scope! :'view:localizations' + require_scope! 'view:localizations' authorize! :view, localization! present localization, with: ::V1::Entities::Localization @@ -29,7 +29,7 @@ class Localizations < Grape::API desc 'Delete localization', { nickname: 'deleteLocalization' } delete ':id' do - require_scope! :'modify:localizations' + require_scope! 'modify:localizations' authorize! :delete, localization! localization.destroy @@ -37,7 +37,7 @@ class Localizations < Grape::API desc 'Create a localization', { entity: ::V1::Entities::Localization, params: ::V1::Entities::Localization.documentation, nickname: 'createLocalization' } post do - require_scope! :'modify:localizations' + require_scope! 'modify:localizations' authorize! :create, ::Localization allowed_params = remove_params(::V1::Entities::Localization.documentation.keys, :id, :created_at, :updated_at, :available_locales, :creator) @@ -51,7 +51,7 @@ class Localizations < Grape::API desc 'Update a localization', { entity: ::V1::Entities::Localization, params: ::V1::Entities::Localization.documentation, nickname: 'updateLocalization' } put ':id' do - require_scope! :'modify:localizations' + require_scope! 'modify:localizations' authorize! :update, localization! allowed_params = remove_params(::V1::Entities::Localization.documentation.keys, :created_at, :updated_at, :available_locales, :creator) diff --git a/app/api/v1/resources/media.rb b/app/api/v1/resources/media.rb index c00356e5b..0663e5111 100644 --- a/app/api/v1/resources/media.rb +++ b/app/api/v1/resources/media.rb @@ -1,13 +1,13 @@ module V1 module Resources class Media < Grape::API - helpers Helpers::SharedParamsHelper - helpers Helpers::ParamsHelper + helpers ::V1::Helpers::SharedParamsHelper + helpers ::V1::Helpers::ParamsHelper resource :media do include Grape::Kaminari - helpers Helpers::MediaHelper - helpers Helpers::BulkJobsHelper + helpers ::V1::Helpers::MediaHelper + helpers ::V1::Helpers::BulkJobsHelper paginate per_page: 25 @@ -17,7 +17,7 @@ class Media < Grape::API end get do authorize! :view, ::Media - require_scope! :'view:media' + require_scope! 'view:media' @media = ::GetMultipleMedia.call(params: declared(clean_params(params), include_missing: false), tenant: current_tenant).media ::V1::Entities::Media.represent set_paginate_headers(@media) @@ -28,7 +28,7 @@ class Media < Grape::API optional :s end get 'tags' do - require_scope! :'view:media' + require_scope! 'view:media' authorize! :view, ::Media tags = params[:s] \ @@ -44,7 +44,7 @@ class Media < Grape::API desc 'Get media', { entity: ::V1::Entities::Media, nickname: 'showMedia' } get ':id' do - require_scope! :'view:media' + require_scope! 'view:media' authorize! :view, media! present media, with: ::V1::Entities::Media, full: true @@ -55,7 +55,7 @@ class Media < Grape::API optional :attachment end post do - require_scope! :'modify:media' + require_scope! 'modify:media' authorize! :create, ::Media media_params = params[:media] || params @@ -75,7 +75,7 @@ class Media < Grape::API optional :attachment end put ':id' do - require_scope! :'modify:media' + require_scope! 'modify:media' authorize! :update, media! media_params = params[:media] || params @@ -92,7 +92,7 @@ class Media < Grape::API desc 'Delete media', { nickname: 'deleteMedia' } delete ':id' do - require_scope! :'modify:media' + require_scope! 'modify:media' authorize! :delete, media! begin @@ -114,8 +114,8 @@ class Media < Grape::API end end post :bulk_job do - require_scope! :'modify:media' - require_scope! :'modify:bulk_jobs' + require_scope! 'modify:media' + require_scope! 'modify:bulk_jobs' authorize! :create, ::Media authorize! :create, ::BulkJob diff --git a/app/api/v1/resources/posts.rb b/app/api/v1/resources/posts.rb index ac2bf71ea..46832cfe7 100644 --- a/app/api/v1/resources/posts.rb +++ b/app/api/v1/resources/posts.rb @@ -1,12 +1,12 @@ module V1 module Resources class Posts < Grape::API - helpers Helpers::SharedParamsHelper - helpers Helpers::ParamsHelper + helpers ::V1::Helpers::SharedParamsHelper + helpers ::V1::Helpers::ParamsHelper resource :posts do include Grape::Kaminari - helpers Helpers::PostsHelper + helpers ::V1::Helpers::PostsHelper paginate per_page: 25 @@ -17,7 +17,7 @@ class Posts < Grape::API use :pagination end get do - require_scope! :'view:posts' + require_scope! 'view:posts' authorize! :view, ::Post @posts = ::GetPosts.call(params: declared(clean_params(params), include_missing: false), tenant: current_tenant).posts @@ -31,7 +31,7 @@ class Posts < Grape::API use :pagination end get 'feed' do - require_scope! :'view:posts' + require_scope! 'view:posts' authorize! :view, ::Post last_updated_at = Post.last_updated_at params_hash = Digest::MD5.hexdigest(declared(params).to_s) @@ -53,7 +53,7 @@ class Posts < Grape::API desc 'Show related published posts', { entity: ::V1::Entities::Post, nickname: "relatedPosts" } paginate per_page: 5 get 'feed/:id/related' do - require_scope! :'view:posts' + require_scope! 'view:posts' post = GetPost.call(id: params[:id], published: true).post not_found! unless post authorize! :view, post @@ -75,7 +75,7 @@ class Posts < Grape::API optional :s end get 'tags' do - require_scope! :'view:posts' + require_scope! 'view:posts' authorize! :view, Post tags = params[:s] \ @@ -94,7 +94,7 @@ class Posts < Grape::API optional :depth, default: 1, desc: "Minimum depth of filters" end get 'filters' do - require_scope! :'view:posts' + require_scope! 'view:posts' authorize! :view, Post present :industries, ::Onet::Occupation.industries, with: ::V1::Entities::Occupation present :categories, ::Category.where('depth >= ?', params[:depth]), with: ::V1::Entities::Category @@ -103,7 +103,7 @@ class Posts < Grape::API desc 'Show a post', { entity: ::V1::Entities::Post, nickname: "showPost" } get ':id' do - require_scope! :'view:posts' + require_scope! 'view:posts' @post = ::GetPost.call(id: params[:id], tenant: current_tenant.id).post not_found! unless @post authorize! :view, @post @@ -115,7 +115,7 @@ class Posts < Grape::API use :post_associations end post do - require_scope! :'modify:posts' + require_scope! 'modify:posts' authorize! :create, Post allowed_params = remove_params(::V1::Entities::Post.documentation.keys, :featured_media, :tile_media, :media, :industries, :categories) + [:category_ids, :industry_ids, :author_id] @@ -131,7 +131,7 @@ class Posts < Grape::API use :post_associations end put ':id' do - require_scope! :'modify:posts' + require_scope! 'modify:posts' authorize! :update, post! allowed_params = remove_params(::V1::Entities::Post.documentation.keys, :featured_media, :tile_media, :media, :industries, :categories) + [:category_ids, :industry_ids, :author_id] @@ -150,7 +150,7 @@ class Posts < Grape::API desc 'Delete a post', { nickname: "deletePost" } delete ':id' do - require_scope! :'modify:posts' + require_scope! 'modify:posts' authorize! :delete, post! post.destroy diff --git a/app/api/v1/resources/snippets.rb b/app/api/v1/resources/snippets.rb index 8308ba4f0..32443dbc9 100644 --- a/app/api/v1/resources/snippets.rb +++ b/app/api/v1/resources/snippets.rb @@ -3,14 +3,14 @@ module Resources class Snippets < Grape::API resource :snippets do include Grape::Kaminari - helpers Helpers::SnippetsHelper + helpers ::V1::Helpers::SnippetsHelper paginate per_page: 25 desc 'Show all snippets', { entity: ::V1::Entities::Snippet, nickname: 'showAllSnippet' } get do authorize! :view, ::Snippet - require_scope! :'view:snippets' + require_scope! 'view:snippets' @snippet = ::Snippet.order(created_at: :desc) ::V1::Entities::Snippet.represent paginate(@snippet) @@ -18,7 +18,7 @@ class Snippets < Grape::API desc 'Get snippet', { entity: ::V1::Entities::Snippet, nickname: 'showSnippet' } get ':id' do - require_scope! :'view:snippets' + require_scope! 'view:snippets' authorize! :view, snippet! present snippet, with: ::V1::Entities::Snippet @@ -26,7 +26,7 @@ class Snippets < Grape::API desc 'Create snippet', { entity: ::V1::Entities::Snippet, params: ::V1::Entities::Snippet.documentation, nickname: 'createSnippet' } post do - require_scope! :'modify:snippets' + require_scope! 'modify:snippets' authorize! :create, ::Snippet snippet_params = params[:snippet] || params @@ -40,7 +40,7 @@ class Snippets < Grape::API desc 'Update snippet', { entity: ::V1::Entities::Snippet, params: ::V1::Entities::Snippet.documentation, nickname: 'updateSnippet' } put ':id' do - require_scope! :'modify:snippets' + require_scope! 'modify:snippets' authorize! :update, snippet! snippet_params = params[:snippet] || params @@ -52,7 +52,7 @@ class Snippets < Grape::API desc 'Delete snippet', { nickname: 'deleteSnippet' } delete ':id' do - require_scope! :'modify:snippets' + require_scope! 'modify:snippets' authorize! :delete, snippet! begin diff --git a/app/api/v1/resources/tenants.rb b/app/api/v1/resources/tenants.rb index fccbebded..99ba63f3d 100644 --- a/app/api/v1/resources/tenants.rb +++ b/app/api/v1/resources/tenants.rb @@ -1,18 +1,18 @@ module V1 module Resources class Tenants < Grape::API - helpers Helpers::SharedParamsHelper - helpers Helpers::ParamsHelper + helpers ::V1::Helpers::SharedParamsHelper + helpers ::V1::Helpers::ParamsHelper resource :tenants do include Grape::Kaminari - helpers Helpers::TenantsHelper + helpers ::V1::Helpers::TenantsHelper paginate per_page: 25 desc 'Show all tenants', { entity: ::V1::Entities::Tenant, nickname: "showAllTenants" } get do - require_scope! :'view:tenants' + require_scope! 'view:tenants' authorize! :view, Tenant ::V1::Entities::Tenant.represent paginate(Tenant.all), children: params[:include_children] @@ -20,7 +20,7 @@ class Tenants < Grape::API desc 'Show tenant hierarchy', { entity: ::V1::Entities::Tenant, nickname: "showTenantHierarchy" } get :hierarchy do - require_scope! :'view:tenants' + require_scope! 'view:tenants' authorize! :view, Tenant present Tenant.roots, using: ::V1::Entities::Tenant, children: true @@ -36,7 +36,7 @@ class Tenants < Grape::API optional :name, type: String, desc: "Tenant Name" end post do - require_scope! :'modify:tenants' + require_scope! 'modify:tenants' authorize! :create, Tenant allowed_params = remove_params(::V1::Entities::Tenant.documentation.keys, :children) @@ -49,7 +49,7 @@ class Tenants < Grape::API desc 'Update a tenant', { entity: ::V1::Entities::Tenant, params: ::V1::Entities::Tenant.documentation, nickname: "updateTenant" } put ':id' do - require_scope! :'modify:tenants' + require_scope! 'modify:tenants' authorize! :update, tenant! allowed_params = remove_params(::V1::Entities::Tenant.documentation.keys, :children) @@ -60,7 +60,7 @@ class Tenants < Grape::API desc 'Delete a tenant', { nickname: "deleteTenant" } delete ':id' do - require_scope! :'modify:tenants' + require_scope! 'modify:tenants' authorize! :delete, tenant! tenant.destroy @@ -69,7 +69,7 @@ class Tenants < Grape::API segment '/:id' do resource :users do include Grape::Kaminari - helpers Helpers::UsersHelper + helpers ::V1::Helpers::UsersHelper paginate per_page: 25 @@ -79,7 +79,7 @@ class Tenants < Grape::API end get do authorize! :view, User - require_scope! :'view:users' + require_scope! 'view:users' @users = ::GetUsers.call(params: declared(clean_params(params), include_missing: false), tenant_id: params[:id]).users ::V1::Entities::User.represent set_paginate_headers(@users), full: true diff --git a/app/api/v1/resources/users.rb b/app/api/v1/resources/users.rb index 06a0c395b..e6bca1fab 100644 --- a/app/api/v1/resources/users.rb +++ b/app/api/v1/resources/users.rb @@ -2,8 +2,8 @@ module V1 module Resources class Users < Grape::API resource :users do - helpers Helpers::UsersHelper - helpers Helpers::BulkJobsHelper + helpers ::V1::Helpers::UsersHelper + helpers ::V1::Helpers::BulkJobsHelper desc 'Get the current user', { entity: ::V1::Entities::User, nickname: 'currentUser' } get :me do @@ -13,7 +13,7 @@ class Users < Grape::API desc "Fetch a user's author info" get ':user_id/author' do - require_scope! :'view:users' + require_scope! 'view:users' authorize! :view, user! present user.author || not_found!, with: ::V1::Entities::Author @@ -31,7 +31,7 @@ class Users < Grape::API optional :bio end put ':user_id/author' do - require_scope! :'modify:users' + require_scope! 'modify:users' authorize! :update, user! author = Author.find_or_create_by(user_id: params[:user_id]) @@ -51,7 +51,7 @@ class Users < Grape::API optional :password_confirmation end post do - require_scope! :'modify:users' + require_scope! 'modify:users' authorize! :create, User allowed_params = [:password, :password_confirmation, :firstname, :lastname, :email, :tenant_id, :admin] @@ -72,7 +72,7 @@ class Users < Grape::API optional :admin end put ':user_id' do - require_scope! :'modify:users' + require_scope! 'modify:users' authorize! :update, user! allowed_params = [:firstname, :lastname] @@ -92,7 +92,7 @@ class Users < Grape::API desc 'Show a user', {nickname: 'showUser'} get ':user_id' do - require_scope! :'view:users' + require_scope! 'view:users' authorize! :view, user! present user, with: ::V1::Entities::User, full: true @@ -100,7 +100,7 @@ class Users < Grape::API desc 'Delete a user', {nickname: 'deleteUser'} delete ':user_id' do - require_scope! :'modify:users' + require_scope! 'modify:users' authorize! :delete, user! begin @@ -116,8 +116,8 @@ class Users < Grape::API desc 'Bulk create users', { entity: ::V1::Entities::BulkJob, nickname: 'bulkCreateUsers' } post :bulk_job do - require_scope! :'modify:users' - require_scope! :'modify:bulk_jobs' + require_scope! 'modify:users' + require_scope! 'modify:bulk_jobs' authorize! :create, ::User authorize! :create, ::BulkJob diff --git a/app/api/v1/resources/webpages.rb b/app/api/v1/resources/webpages.rb index 6702cb02e..7254d611c 100644 --- a/app/api/v1/resources/webpages.rb +++ b/app/api/v1/resources/webpages.rb @@ -1,11 +1,11 @@ module V1 module Resources class Webpages < Grape::API - helpers Helpers::ParamsHelper + helpers ::V1::Helpers::ParamsHelper resource :webpages do include Grape::Kaminari - helpers Helpers::WebpagesHelper + helpers ::V1::Helpers::WebpagesHelper paginate per_page: 25 desc 'Show all webpages', { entity: ::V1::Entities::Webpage, nickname: 'showAllWebpages' } @@ -14,7 +14,7 @@ class Webpages < Grape::API end get do authorize! :view, ::Webpage - require_scope! :'view:webpages' + require_scope! 'view:webpages' @webpages = ::GetWebpages.call(params: declared(clean_params(params), include_missing: false), tenant: current_tenant).webpages ::V1::Entities::Webpage.represent set_paginate_headers(@webpages), full: true @@ -25,7 +25,7 @@ class Webpages < Grape::API requires :url, type: String end get 'feed' do - require_scope! :'view:webpages' + require_scope! 'view:webpages' @webpage ||= Webpage.find_by_url(params[:url]) not_found! unless @webpage authorize! :view, @webpage @@ -34,7 +34,7 @@ class Webpages < Grape::API desc 'Get webpage', { entity: ::V1::Entities::Webpage, nickname: 'showWebpage' } get ':id' do - require_scope! :'view:webpages' + require_scope! 'view:webpages' authorize! :view, webpage! present webpage, with: ::V1::Entities::Webpage, full: true @@ -42,7 +42,7 @@ class Webpages < Grape::API desc 'Create webpage', { entity: ::V1::Entities::Webpage, params: ::V1::Entities::Webpage.documentation, nickname: 'createWebpage' } post do - require_scope! :'modify:webpages' + require_scope! 'modify:webpages' authorize! :create, ::Webpage webpage_params = params[:webpage] || params @@ -56,7 +56,7 @@ class Webpages < Grape::API desc 'Update webpage', { entity: ::V1::Entities::Webpage, params: ::V1::Entities::Webpage.documentation, nickname: 'updateWebpage' } put ':id' do - require_scope! :'modify:webpages' + require_scope! 'modify:webpages' authorize! :update, webpage! webpage_params = params[:webpage] || params @@ -75,7 +75,7 @@ class Webpages < Grape::API desc 'Delete webpage', { nickname: 'deleteWebpage' } delete ':id' do - require_scope! :'modify:webpages' + require_scope! 'modify:webpages' authorize! :delete, webpage! begin