Merge pull request #4 from kristianmandrup/menu_api

expose `Menu` api

Gemfile

@@ -14,3 +14,4 @@ gemspec
 # gem 'byebug', group: [:development, :test]
 gem 'carrierwave_backgrounder', '~> 0.4.2'
 gem "cms-models", path: '../cms-models'
+gem 'json_token_authentication', github: 'kuldeepaggarwal/json_token_authentication'

Gemfile.lock

@@ -1,3 +1,11 @@
+GIT
+  remote: git://github.com/kuldeepaggarwal/json_token_authentication.git
+  revision: 82cc42f0ac2f6a612cc17c49f0d5f9d80dc90e9a
+  specs:
+    json_token_authentication (0.1.0)
+      activesupport (>= 3, <= 5)
+      jwt
+
 PATH
   remote: .
   specs:
@@ -419,6 +427,7 @@ DEPENDENCIES
   database_cleaner
   factory_girl_rails
   faker
+  json_token_authentication!
   mandricore_cms!
   rspec-rails
 

app/controllers/api/v1/auth.rb

@@ -1,3 +1,5 @@
+require File.expand_path('../../../../lib/user/authorizer', __dir__)
+
 module Api
   module V1
     class Auth < Grape::API

app/controllers/api/v1/blocks.rb

@@ -8,7 +8,7 @@ class Blocks < Grape::API
         def block_params
           ActionController::Parameters.new(params).permit( :title, :prototype, :summary, :content, :description, :generic_attributes_attributes => [:name, :caption,:type, :filters, :input, :output,:value], :categories => [], :tags => [], :templete => [], :title_translations => I18n.available_locales )
         end
-        
+
         def auto_translate?
           params[:auto_translate] == "true"
         end
@@ -26,17 +26,17 @@ def auto_translate?
         get ':id' do
           Cms::Models::Block.find(params[:id])
         end
-        
+
         desc "render a block"
         params do
           requires :title, type: String
         end
         get 'render/:title' do
           block = Cms::Models::Block.find_by(:title => params[:title])
-          render_layout = block.get_template(params[:template], params[:layout]) 
+          render_layout = block.get_template(params[:template], params[:layout])
           {:status => 200, :template => render_layout}
         end
-        
+
         before do
           valid_token?
         end
@@ -46,7 +46,7 @@ def auto_translate?
           #requires :title, type: String
         end
         post  do
-          if load_and_authorize(current_api_user, :create, Cms::Models::Block) 
+          if load_and_authorize(:create, Cms::Models::Block)
             block = Cms::Models::Block.new(block_params)
             block.submit!
             block.save!
@@ -56,39 +56,39 @@ def auto_translate?
             {error_message: 'Access denied, you are not authorize to create block'}
           end
         end
-        
+
         desc "update a block"
         params do
           requires :id, type: String
           #requires :title, type: String
         end
         put ':id' do
-          if load_and_authorize(current_api_user, :update, Cms::Models::Block)
+          if load_and_authorize(:update, Cms::Models::Block)
             Cms::Models::Block.find(params[:id]).update(block_params)
             {:success => true, :message => "Block has been updated!"}
           else
             {error_message: 'Access denied, you are not authorize to edit block'}
           end
         end
-        
+
         desc "delete a block"
         params do
           requires :id, type: String
         end
         delete ':id' do
-          if load_and_authorize(current_api_user, :destroy, Cms::Models::Block)
+          if load_and_authorize(:destroy, Cms::Models::Block)
             Cms::Models::Block.find(params[:id]).destroy!
           else
             {error_message: 'Access denied, you are not authorize to delete block'}
           end
         end
-        
+
         desc "submit for review"
         params do
           requires :id, type: String
         end
         get ':id/review' do
-          if load_and_authorize(current_api_user, :stage, Cms::Models::Block)
+          if load_and_authorize(:stage, Cms::Models::Block)
             block = Cms::Models::Block.find(params[:id])
             block.review!
             block.save!
@@ -97,27 +97,27 @@ def auto_translate?
             {error_message: 'Access denied, you are not authorize to complete this action'}
           end
         end
-       
-        
+
+
         desc "publish a block"
         params do
           requires :id, type: String
         end
         get ':id/approve' do
-          if load_and_authorize(current_api_user, :accept, Cms::Models::Block)
+          if load_and_authorize(:accept, Cms::Models::Block)
             ::PublishJob.new(params[:id]).enqueue(wait_until: Time.now + 2.minutes) #TODO will pass future date once tested
             {:success => true, :message => "Block has been published."}
           else
             {error_message: 'Access denied, you are not authorize to complete this action'}
           end
         end
-        
+
         desc "reject a block"
         params do
           requires :id, type: String
         end
         get ':id/reject' do
-          if load_and_authorize(current_api_user, :reject, Cms::Models::Block)
+          if load_and_authorize(:reject, Cms::Models::Block)
             block = Cms::Models::Block.find(params[:id])
             block.reject!
             block.save!
@@ -126,7 +126,7 @@ def auto_translate?
             {error_message: 'Access denied, you are not authorize to complete this action'}
           end
         end
-        
+
       end
     end
   end

app/controllers/api/v1/images.rb

@@ -21,7 +21,7 @@ def image_params
         get ':id' do
           Cms::Models::Image.find(params[:id])
         end
-        
+
         before do
           valid_token?
         end
@@ -32,7 +32,7 @@ def image_params
           #TODO requires :content, type: String
         end
         post  do
-          if load_and_authorize(current_api_user, :create, Cms::Image)
+          if load_and_authorize(:create, Cms::Image)
             image = Cms::Models::Image.new(image_params)
             image.content = ActionDispatch::Http::UploadedFile.new(params[:content]) if params[:content]
             image.submit!
@@ -42,27 +42,27 @@ def image_params
             {error_message: 'Access denied, you are not authorize to create Image'}
           end
         end
-        
+
         desc "update a image"
         params do
           requires :id, type: String
           #requires :title, type: String
         end
         put ':id' do
-          if load_and_authorize(current_api_user, :update, Cms::Models::Image)
+          if load_and_authorize(:update, Cms::Models::Image)
             Cms::Models::Image.find(params[:id]).update(image_params)
             {:success => true, :message => "image has been updated!"}
           else
             {error_message: 'Access denied, you are not authorize to edit image'}
           end
         end
-        
+
         desc "delete a image"
         params do
           requires :id, type: String
         end
         delete ':id' do
-          if load_and_authorize(current_api_user, :destroy, Cms::Models::Image)
+          if load_and_authorize(:destroy, Cms::Models::Image)
             Cms::Models::Image.find(params[:id]).destroy!
             {:success => true, :message => "image has been deleted!"}
           else
@@ -75,7 +75,7 @@ def image_params
           requires :id, type: String
         end
         get ':id/review' do
-          if load_and_authorize(current_api_user, :stage, Cms::Models::Image)
+          if load_and_authorize(:stage, Cms::Models::Image)
             image = Cms::Models::Image.find(params[:id])
             image.review!
             image.save!
@@ -84,13 +84,13 @@ def image_params
             {error_message: 'Access denied, you are not authorize to complete this action'}
           end
         end
-        
+
         desc "publish a image"
         params do
           requires :id, type: String
         end
         get ':id/approve' do
-          if load_and_authorize(current_api_user, :accept, Cms::Models::Image )
+          if load_and_authorize(:accept, Cms::Models::Image )
             block = Cms::Models::Image.find(params[:id])
             block.accept!
             block.save!
@@ -99,13 +99,13 @@ def image_params
             {error_message: 'Access denied, you are not authorize to complete this action'}
           end
         end
-        
+
         desc "reject a image"
         params do
           requires :id, type: String
         end
         get ':id/reject' do
-          if load_and_authorize(current_api_user, :reject, Cms::Models::Image)
+          if load_and_authorize(:reject, Cms::Models::Image)
             block = Cms::Models::Image.find(params[:id])
             block.reject!
             block.save!

app/controllers/api/v1/layouts.rb

@@ -22,7 +22,7 @@ def layout_params
         get ':id' do
           Cms::Models::Template.find(params[:id])
         end
-        
+
         before do
           valid_token?
         end
@@ -32,7 +32,7 @@ def layout_params
           requires :type, type: String
         end
         post  do
-          if load_and_authorize(current_api_user, :create, Cms::Models::Template) 
+          if load_and_authorize(:create, Cms::Models::Template)
             layout = Cms::Models::Template.new(layout_params)
             layout.submit!
             layout.save!
@@ -41,39 +41,39 @@ def layout_params
             {error_message: 'Access denied, you are not authorize to create Layout'}
           end
         end
-        
+
         desc "update a layout"
         params do
           requires :id, type: String
           requires :title, type: String
         end
         put ':id' do
-          if load_and_authorize(current_api_user, :update, Cms::Models::Template)
+          if load_and_authorize(:update, Cms::Models::Template)
             Cms::Models::Template.find(params[:id]).update(layout_params)
             {:success => true, :message => "layout has been updated!"}
           else
             {error_message: 'Access denied, you are not authorize to edit layout'}
           end
         end
-        
+
         desc "delete a layout"
         params do
           requires :id, type: String
         end
         delete ':id' do
-          if load_and_authorize(current_api_user, :destroy, Cms::Models::Template)
+          if load_and_authorize(:destroy, Cms::Models::Template)
             Cms::Models::Template.find(params[:id]).destroy!
           else
             {error_message: 'Access denied, you are not authorize to delete layout'}
           end
         end
-        
+
         desc "submit for review"
         params do
           requires :id, type: String
         end
         get ':id/review' do
-          if load_and_authorize(current_api_user, :stage, Cms::Models::Template)
+          if load_and_authorize(:stage, Cms::Models::Template)
             layout = Cms::Models::Template.find(params[:id])
             layout.review!
             layout.save!
@@ -82,14 +82,14 @@ def layout_params
             {error_message: 'Access denied, you are not authorize to complete this action'}
           end
         end
-       
-        
+
+
         desc "publish a Layout"
         params do
           requires :id, type: String
         end
         get ':id/approve' do
-          if load_and_authorize(current_api_user, :accept, Cms::Models::Template)
+          if load_and_authorize(:accept, Cms::Models::Template)
             layout = Cms::Models::Template.find(params[:id])
             layout.accept!
             layout.save!
@@ -98,13 +98,13 @@ def layout_params
             {error_message: 'Access denied, you are not authorize to complete this action'}
           end
         end
-        
+
         desc "reject a layout"
         params do
           requires :id, type: String
         end
         get ':id/reject' do
-          if load_and_authorize(current_api_user, :reject, Cms::Models::Template)
+          if load_and_authorize(:reject, Cms::Models::Template)
             layout = Cms::Models::Template.find(params[:id])
             layout.reject!
             layout.save!
@@ -113,7 +113,7 @@ def layout_params
             {error_message: 'Access denied, you are not authorize to complete this action'}
           end
         end
-        
+
       end
     end
   end