Class: Faalis::APIController

Inherits:
ApplicationController show all
Defined in:
app/controllers/faalis/api_controller.rb

Overview

This class is the base class of all API controllers in any *Faalis* host applications. Each host Rails application should have an `APIController` which inherit from this class.

Direct Known Subclasses

APIController

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from ApplicationController

#set_locale

Class Method Details

.allow_query_on(*args) ⇒ Object

Using this query you can activate the query loading system and specify fields which you want to use in query loading


128
129
130
131
132
133
134
# File 'app/controllers/faalis/api_controller.rb', line 128

def self.allow_query_on(*args)
  #instance_variable_set(:@allowed_fields, args.to_a.collect { |x| x.to_s })
  define_method :allowed_query_on do
    args.to_a.collect { |x| x.to_s }
  end
  private :allowed_query_on
end

Instance Method Details

#allowed_fieldsObject

This attribute holds the allowed fileds which we will allow for making query


121
122
123
124
# File 'app/controllers/faalis/api_controller.rb', line 121

def allowed_fields
  return allowed_query_on if self.respond_to?(:allowed_query_on, true)
  @allowed_fields || []
end

#authenticate_filterObject

User authentication for API services take place here. By default *Faalis* uses the authentication method of *Devise* to authenticate access to API service.

If you want to change authentication method ? just override this method in you *APIController*


63
64
65
# File 'app/controllers/faalis/api_controller.rb', line 63

def authenticate_filter
  authenticate_user!
end

#load_resource_by_queryObject

Load resource by using parameters specified in querystring.


68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# File 'app/controllers/faalis/api_controller.rb', line 68

def load_resource_by_query
  # If any query string parameter provided and allow fields specified
  if !request.query_parameters.empty? && !allowed_fields.empty?

    logger.info ('Load resource by query parameters')
    # Iterate over parameters in query string
    request.query_parameters.each do |key, value|
      # each key can be like filename[__querytype]=value
      # which `querytype` is string that specify the query type scope
      # to use in model. For example these is a query type scope called
      # `gt` which mean the mentioned field should be greater than the
      # value
      field, query_type = key.split('__')

      if allowed_fields.include? field
        # If field name is in the allowed list
        # If no query type specified we will use assignment scope.
        query_type = 'assignment' if query_type.nil?

        # If model have an scope with the "#{query_type}_query" name.
        # Otherwise skip
        if model_class.respond_to? "#{query_type}_query"

          # If resource already loaded. If there was a instnace variable
          # with the plural name of the resource exists then resource
          # already loaded and we should chain new conditions
          if instance_variable_defined? "@#{controller_name}"
            var = instance_variable_get("@#{controller_name}")
            var.send("#{query_type}_query".to_sym, field, value)
          else
            # Resource did not loaded we make first query
            # (without touching database) and set the corresponding
            # instance variables
            relation_object = model_class.send("#{query_type}_query".to_sym,
                                               field, value)
            instance_variable_set("@#{controller_name}", relation_object)
          end

        else
          logger.info "There is no `#{query_type}_query` in `#{model_class.to_s}` model."
        end
      else
        logger.warn "`#{field}` in not in allowed list for `#{self.class.to_s}`."
      end
    end
  else
    logger.info('Load resource using `load_resource`')
    #self.class.load_resource
  end
end

Rescue from any access denied exception raised from cancan and returns a useful error message in json

rescue_from CanCan::AccessDenied do |exception|
  render :status => 403, :json => {
    :error => t('You don\'t have access to this page'),
    :orig_msg => exception.message,
    :action => exception.action
  }
end

53
54
55
# File 'app/controllers/faalis/api_controller.rb', line 53

def set_csrf_cookie_for_ng
  cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?
end