Skip to content
A Rails application using Permitters from Adam Hawkin's post: http://www.broadcastingadam.com/2012/07/parameter_authorization_in_rails_apis/
Ruby JavaScript
Find file
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
app
config
db
doc
lib
log
public
script
test
vendor
.gitignore
Gemfile
Gemfile.lock
README.md
Rakefile
config.ru

README.md

twinturbo_parameter_authorization_via_cancan-example

Under construction! Does not work yet.

A simple sample application that shows how you can use Adam Hawkins's example to provide JSON APIs in your controllers with two example models: Company and Employee. Assumes you will use curl or similar to test and provides sample commands.

Uses Devise, CanCan, and code from Adam Hawkins.

Setup

After installing Ruby 1.9.3 and Rails 3.2.x:

git clone https://github.com/garysweaver/twinturbo_parameter_authorization_via_cancan-example.git
cd twinturbo_parameter_authorization_via_cancan-example
bundle install
rake db:migrate
rails s

Then browse to: http://localhost:3000/

Parameter wrapping

Default Rails 3 way to handle is to change defaults in config/initializers/wrap_parameters.rb.

Note in the rails-api README it talks a little about wrap_parameters, if you are using ActionController::API.

Testing with curl

Either login as the example admin user:

# remove existing cookie jar
rm cookie.file
# login as example admin user
curl -v -b cookie.file -c cookie.file -H "Content-Type: application/json" -H "Accept: application/json" -X POST -d '{"user":{"email":"admin@example.com","password":"password"}}' http://localhost:3000/users/sign_in.json

or login as the example guest user:

# remove existing cookie jar
rm cookie.file
# login as example admin user
curl -v -b cookie.file -c cookie.file -H "Content-Type: application/json" -H "Accept: application/json" -X POST -d '{"user":{"email":"guest@example.com","password":"password"}}' http://localhost:3000/users/sign_in.json

Then use the following to test:

# create
curl -v -b cookie.file -c cookie.file -H "Content-Type: application/json" -H "Accept: application/json" -X POST -d '{"name":"testing"}' http://localhost:3000/companies
curl -v -b cookie.file -c cookie.file -H "Content-Type: application/json" -H "Accept: application/json" -X POST -d '{"name":"testing","company_id":1}' http://localhost:3000/employees
# index
curl -v -b cookie.file -c cookie.file -H "Content-Type: application/json" -H "Accept: application/json" -X GET http://localhost:3000/companies
curl -v -b cookie.file -c cookie.file -H "Content-Type: application/json" -H "Accept: application/json" -X GET http://localhost:3000/employees
# show
curl -v -b cookie.file -c cookie.file -H "Content-Type: application/json" -H "Accept: application/json" -X GET http://localhost:3000/companies/1
curl -v -b cookie.file -c cookie.file -H "Content-Type: application/json" -H "Accept: application/json" -X GET http://localhost:3000/employees/1
# update
curl -v -b cookie.file -c cookie.file -H "Content-Type: application/json" -H "Accept: application/json" -X PUT -d '{"name":"testing update"}' http://localhost:3000/companies/1
curl -v -b cookie.file -c cookie.file -H "Content-Type: application/json" -H "Accept: application/json" -X PUT -d '{"name":"testing update"}' http://localhost:3000/employees/1
# destroy
curl -v -b cookie.file -c cookie.file -H "Content-Type: application/json" -H "Accept: application/json" -X DELETE http://localhost:3000/companies/1
curl -v -b cookie.file -c cookie.file -H "Content-Type: application/json" -H "Accept: application/json" -X DELETE http://localhost:3000/employees/1

Resetting data

At your own risk, drop the sqlite db so that sequences and data are reset, otherwise the test curl commands may fail on some ids.

License

Copyright (c) 2012 Gary S. Weaver, released under the MIT license.

Something went wrong with that request. Please try again.