refactor controllers into base and admin namespaces

app/controllers/v1/archive_formats_controller.rb → app/controllers/admin/archive_formats_controller.rb

@@ -1,12 +1,12 @@
-module V1
+module Admin
   class ArchiveFormatsController < CrudController
 
-    before_action :require_admin
+    include Admin::Authenticatable
 
     self.permitted_attrs = [:codec, :initial_bitrate, :initial_channels, :max_public_bitrate]
 
-    crud_swagger_paths(route_prefix: '/v1/profiles/{profile_id}',
-                       data_class: 'V1::ArchiveFormat',
+    crud_swagger_paths(route_prefix: '/admin/profiles/{profile_id}',
+                       data_class: 'Admin::ArchiveFormat',
                        tags: [:admin],
                        prefix_parameters: [
                          { name: :profile_id,
@@ -25,7 +25,7 @@ def model_scope
     end
 
     def entry_url
-      v1_profile_archive_format_url(profile, entry)
+      admin_profile_archive_format_url(profile, entry)
     end
 
     def profile

app/controllers/v1/audio_encodings_controller.rb → app/controllers/admin/audio_encodings_controller.rb

@@ -1,14 +1,14 @@
-module V1
+module Admin
   class AudioEncodingsController < ApplicationController
 
-    before_action :require_admin
+    include Admin::Authenticatable
 
-    swagger_path '/v1/audio_encodings' do
+    swagger_path '/admin/audio_encodings' do
       operation :get do
         key :description, 'Returns a list of available audio encodings.'
         key :tags, [:audio_encoding, :admin]
 
-        response_entities('V1::AudioEncoding')
+        response_entities('Admin::AudioEncoding')
 
         security http_token: []
         security api_token: []
@@ -17,7 +17,7 @@ class AudioEncodingsController < ApplicationController
 
     def index
       render json: AudioEncoding.list.sort_by(&:codec),
-             each_serializer: V1::AudioEncodingSerializer
+             each_serializer: Admin::AudioEncodingSerializer
     end
 
   end

app/controllers/admin/authenticatable.rb

@@ -0,0 +1,25 @@
+module Admin
+  module Authenticatable
+
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :require_admin
+    end
+
+    private
+
+    def require_admin
+      require_authentication
+      if current_user && !current_user.admin?
+        render json: { errors: 'Forbidden' }, status: :forbidden
+      end
+    end
+
+    # In admin section, a user MUST be authenticated by a REMOTE_USER header
+    def fetch_current_user
+      User.from_remote(*remote_user_params)
+    end
+
+  end
+end

app/controllers/v1/downgrade_actions_controller.rb → app/controllers/admin/downgrade_actions_controller.rb

@@ -1,13 +1,13 @@
-module V1
+module Admin
   class DowngradeActionsController < CrudController
 
-    before_action :require_admin
+    include Admin::Authenticatable
 
     self.permitted_attrs = [:months, :bitrate, :channels]
 
-    crud_swagger_paths(route_prefix: '/v1/profiles/{profile_id}/archive_formats/' \
+    crud_swagger_paths(route_prefix: '/admin/profiles/{profile_id}/archive_formats/' \
                                      '{archive_format_id}',
-                       data_class: 'V1::DowngradeAction',
+                       data_class: 'Admin::DowngradeAction',
                        tags: [:admin],
                        prefix_parameters: [
                          { name: :profile_id,
@@ -30,7 +30,7 @@ def model_scope
     end
 
     def entry_url
-      v1_profile_archive_format_downgrade_action_url(profile, archive_format, entry)
+      admin_profile_archive_format_downgrade_action_url(profile, archive_format, entry)
     end
 
     def archive_format

app/controllers/v1/playback_formats_controller.rb → app/controllers/admin/playback_formats_controller.rb

@@ -1,14 +1,14 @@
-module V1
+module Admin
   class PlaybackFormatsController < CrudController
 
+    include Admin::Authenticatable
+
     self.permitted_attrs = [:name, :description, :codec, :bitrate, :channels]
 
     self.search_columns = %w(name description codec bitrate)
 
-    before_action :require_admin
-
-    crud_swagger_paths(route_prefix: '/v1',
-                       data_class: 'V1::PlaybackFormat',
+    crud_swagger_paths(route_prefix: '/admin',
+                       data_class: 'Admin::PlaybackFormat',
                        tags: [:admin],
                        query_params: [:q])
 

app/controllers/v1/profiles_controller.rb → app/controllers/admin/profiles_controller.rb

@@ -1,14 +1,14 @@
-module V1
+module Admin
   class ProfilesController < CrudController
 
+    include Admin::Authenticatable
+
     self.permitted_attrs = [:name, :description, :default]
 
     self.search_columns = %w(name description)
 
-    before_action :require_admin
-
-    crud_swagger_paths(route_prefix: '/v1',
-                       data_class: 'V1::Profile',
+    crud_swagger_paths(route_prefix: '/admin',
+                       data_class: 'Admin::Profile',
                        tags: [:admin],
                        query_params: [:q])
 

app/controllers/admin/shows_controller.rb

@@ -0,0 +1,33 @@
+module Admin
+  class ShowsController < CrudController
+
+    include Admin::Authenticatable
+
+    self.search_columns = %w(name details)
+
+    crud_swagger_paths(route_prefix: '/admin',
+                       data_class: 'Admin::Show',
+                       tags: [:admin])
+
+    private
+
+    def fetch_entries
+      super.includes(:profile)
+    end
+
+    # Only allow a trusted parameter "white list" through.
+    def model_params
+      attrs = nested_param(:data, :attributes) || ActionController::Parameters.new
+      profile_id = nested_param(:data, :relationships, :profile, :data, :id)
+      attrs[:profile_id] = profile_id if profile_id
+      attrs.permit(:name, :details, :profile_id)
+    end
+
+    def nested_param(*keys)
+      value = params
+      keys.each { |key| value = value[key] if value }
+      value
+    end
+
+  end
+end

app/controllers/admin/users_controller.rb

@@ -0,0 +1,16 @@
+module Admin
+  class UsersController < CrudController
+
+    include Admin::Authenticatable
+
+    self.permitted_attrs = [:username, :first_name, :last_name, :groups]
+
+    self.search_columns = %w(username first_name last_name)
+
+    crud_swagger_paths(route_prefix: '/admin',
+                       data_class: 'Admin::User',
+                       tags: [:admin],
+                       query_params: [:q])
+
+  end
+end

app/controllers/apidocs_controller.rb

@@ -0,0 +1,121 @@
+class ApidocsController < ApplicationController
+
+  # A list of all classes that have swagger_* declarations.
+  SWAGGERED_CLASSES = [
+    # paths
+    self,
+    AudioFilesController,
+    BroadcastsController,
+    LoginController,
+    ShowsController,
+    Admin::ArchiveFormatsController,
+    Admin::AudioEncodingsController,
+    Admin::DowngradeActionsController,
+    Admin::PlaybackFormatsController,
+    Admin::ProfilesController,
+    Admin::ShowsController,
+    Admin::UsersController,
+    # entities
+    AudioFileSerializer,
+    BroadcastSerializer,
+    ShowSerializer,
+    UnprocessableEntitySerializer,
+    UserSerializer,
+    Admin::ArchiveFormatSerializer,
+    Admin::AudioEncodingSerializer,
+    Admin::DowngradeActionSerializer,
+    Admin::PlaybackFormatSerializer,
+    Admin::ProfileSerializer,
+    Admin::ShowSerializer,
+    Admin::UserSerializer
+  ].freeze
+
+  swagger_root do
+    key :swagger, '2.0'
+    info do
+      key :version, '1.0'
+      key :title, 'RAAR Radio Archive API'
+      key :description,
+          'RAAR Radio Archive API. ' \
+          'Some endpoints are public, other are restricted to admins.'
+      license name: 'AGPL'
+    end
+    key :consumes, ['application/vnd.api+json']
+    key :produces, ['application/vnd.api+json']
+
+    security_definition :http_token do
+      key :type, :basic
+      key :description,
+          'API token is passed as HTTP token authentication header: ' \
+          '`Authorization: Token token="abc"`'
+    end
+    security_definition :api_token do
+      key :type, :apiKey
+      key :name, :api_token
+      key :in, :query
+      key :description, 'API token is passed as a query parameter'
+    end
+
+    response :unprocessable_entity do
+      key :description, 'unprocessable entity'
+      schema do
+        property :errors, type: :array do
+          items '$ref' => 'UnprocessableEntity'
+        end
+      end
+    end
+
+    parameter :page_number do
+      key :name, 'page[number]'
+      key :in, :query
+      key :description, 'The page number of the list.'
+      key :required, false
+      key :type, :integer
+    end
+
+    parameter :page_size do
+      key :name, 'page[size]'
+      key :in, :query
+      key :description,
+          'Maximum number of entries that are returned per page. Defaults to 50, maximum is 500.'
+      key :required, false
+      key :type, :integer
+    end
+
+    parameter :sort do
+      key :name, 'sort'
+      key :in, :query
+      key :description,
+          'Name of the sort field, optionally prefixed with a `-` for descending order.'
+      key :required, false
+      key :type, :string
+    end
+
+    parameter :q do
+      key :name, :q
+      key :in, :query
+      key :description, 'Query string to search for.'
+      key :required, false
+      key :type, :string
+    end
+  end
+
+  def index
+    render json: root_json
+  end
+
+  private
+
+  def root_json
+    Swagger::Blocks.build_root_json(SWAGGERED_CLASSES).merge(host_info)
+  end
+
+  def host_info
+    secrets = Rails.application.secrets
+    {}.tap do |hash|
+      hash['host'] = secrets.host_name if secrets.host_name.present?
+      hash['basePath'] = secrets.base_path if secrets.base_path.present?
+    end
+  end
+
+end