Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch 'master' of github.com:plainblack/Wing

  • Loading branch information...
commit 102d5d051acaa6e85d9ff849c299e03e1358ded6 2 parents 36810a6 + 3570304
@rizen rizen authored
View
28 lib/Wing/Dancer.pm
@@ -12,6 +12,7 @@ These subroutines get included into L<Wing::Rest> and L<Wing::Web>. These subs a
use Wing;
use POSIX qw/ceil/;
+use Data::GUID;
=head1 SUBROUTINES
@@ -286,7 +287,7 @@ register get_tracer => sub {
return undef;
};
-=head2 expanded_params()
+=head2 expanded_params($current_user)
Does the same thing as Dancer C<params> but also added a few new automatic keys: C<tracer>, C<ipaddress>, C<useragent>
@@ -295,11 +296,36 @@ Registered as a Dancer keyword.
=cut
register expanded_params => sub {
+ my $current_user = shift;
my %params = params;
$params{tracer} = get_tracer();
$params{ipaddress} = request->env->{HTTP_X_REAL_IP} || request->remote_address;
$params{useragent} = request->user_agent;
+ if ($current_user && ! exists $params{user_id}) {
+ $params{user_id} = $current_user->id;
+ }
return \%params
};
+=head2 track_user()
+
+Attempt to track users by setting a cookie, without requiring the user to log in.
+
+=cut
+
+register track_user => sub {
+ my $cookie = cookies->{tracer};
+ my $tracer;
+ if (defined $cookie) {
+ $tracer = $cookie->value;
+ }
+ else {
+ $tracer = Data::GUID->new->as_string;
+ set_cookie tracer => $tracer,
+ expires => '+5y',
+ http_only => 0,
+ path => '/';
+ }
+ return ($tracer, eval{get_user_by_session_id()});
+};
View
23 lib/Wing/Rest.pm
@@ -51,7 +51,8 @@ register generate_delete => sub {
my $object_url = lc($wing_object_type);
del '/api/'.$object_url.'/:id' => sub {
my $object = fetch_object($wing_object_type);
- $object->can_edit(get_user_by_session_id(permissions => $options{permissions}));
+ my $current_user = eval { get_user_by_session_id(permissions => $options{permissions}); };
+ $object->can_edit($current_user, get_tracer());
$object->delete;
return { success => 1 };
};
@@ -61,10 +62,10 @@ register generate_update => sub {
my ($wing_object_type, %options) = @_;
my $object_url = lc($wing_object_type);
put '/api/'.$object_url.'/:id' => sub {
- my $current_user = get_user_by_session_id(permissions => $options{permissions});
+ my $current_user = eval { get_user_by_session_id(permissions => $options{permissions}); };
my $object = fetch_object($wing_object_type);
- $object->can_edit($current_user);
- $object->verify_posted_params(expanded_params(), $current_user);
+ $object->can_edit($current_user, get_tracer());
+ $object->verify_posted_params(expanded_params($current_user), $current_user);
if (exists $options{extra_processing}) {
$options{extra_processing}->($object, $current_user);
}
@@ -78,14 +79,14 @@ register generate_create => sub {
my $object_url = lc($wing_object_type);
post '/api/'.$object_url => sub {
my $object = site_db()->resultset($wing_object_type)->new({});
- my $params = expanded_params();
my $current_user = eval { get_user_by_session_id(permissions => $options{permissions}); };
+ my $params = expanded_params($current_user);
$object->verify_creation_params($params, $current_user);
$object->verify_posted_params($params, $current_user);
if (defined $options{extra_processing}) {
$options{extra_processing}->($object, $current_user);
}
- $object->can_edit($current_user);
+ $object->can_edit($current_user, get_tracer());
$object->insert;
return describe($object, current_user => $current_user);
};
@@ -96,7 +97,9 @@ register generate_read => sub {
my $object_url = lc($wing_object_type);
get '/api/'.$object_url.'/:id' => sub {
my $current_user = eval{ get_user_by_session_id(permissions => $options{permissions}) };
- return describe(fetch_object($wing_object_type), current_user => $current_user);
+ my $object = fetch_object($wing_object_type);
+ $object->can_view($current_user, get_tracer());
+ return describe($object, current_user => $current_user);
};
};
@@ -140,10 +143,10 @@ register generate_all_relationships => sub {
}
};
-hook after => sub {
+hook before_serializer => sub {
my $response = shift;
- $response->content(to_json({ result => from_json($response->content) }));
- debug $response->content;
+ my $content = $response->{content};
+ $response->{content} = { result => $content, };
return $response;
};
View
3  lib/Wing/Role/Result/AnybodyControlled.pm
@@ -89,6 +89,9 @@ around can_edit => sub {
if ($self->user_id) {
return 1 if $self->user->can_edit($user);
}
+ elsif ($self->tracer && $tracer) {
+ return 1 if $self->tracer eq $tracer;
+ }
return $orig->($self, $user);
};
Please sign in to comment.
Something went wrong with that request. Please try again.