Class: Underworld::APIController

Inherits:

Object
ActionController::Base
ApplicationController
Underworld::APIController

show all

Defined in:: app/controllers/underworld/api_controller.rb

Overview

This class is the base class of all API controllers in any Underworld host applications. Each host Rails application should have an ‘APIController` which inherit from this class.

Direct Known Subclasses

APIController

Class Method Summary collapse

.allow_query_on(*args) ⇒ Object

Using this query you can activate the query loading system and specify fields which you want to use in query loading.

Instance Method Summary collapse

#allowed_fields ⇒ Object

This attribute holds the allowed fileds which we will allow for making query.
#authenticate_filter ⇒ Object

User authentication for API services take place here.
#load_resource_by_query ⇒ Object

Load resource by using parameters specified in querystring.
#set_csrf_cookie_for_ng ⇒ Object

Rescue from any access denied exception raised from cancan and returns a useful error message in json rescue_from CanCan::AccessDenied do |exception| render :status => 403, :json => { :error => t(‘You don't have access to this page’), :orig_msg => exception.message, :action => exception.action } end.

Methods inherited from ApplicationController

#set_locale

Class Method Details

.allow_query_on(*args) ⇒ `Object`

Using this query you can activate the query loading system and specify fields which you want to use in query loading

# File 'app/controllers/underworld/api_controller.rb', line 110

def self.allow_query_on(*args)
  #instance_variable_set(:@allowed_fields, args.to_a.collect { |x| x.to_s })
  define_method :allowed_query_on do
    args.to_a.collect { |x| x.to_s }
  end
  private :allowed_query_on
end

Instance Method Details

#allowed_fields ⇒ `Object`

This attribute holds the allowed fileds which we will allow for making query

# File 'app/controllers/underworld/api_controller.rb', line 103

def allowed_fields
  return allowed_query_on if self.respond_to?(:allowed_query_on, true)
  @allowed_fields || []
end

#authenticate_filter ⇒ `Object`

User authentication for API services take place here. By default Underworld uses the authentication method of Devise to authenticate access to API service.

If you want to change authentication method ? just override this method in you APIController



45
46
47

# File 'app/controllers/underworld/api_controller.rb', line 45

def authenticate_filter
  authenticate_user!
end

#load_resource_by_query ⇒ `Object`

Load resource by using parameters specified in querystring.

# File 'app/controllers/underworld/api_controller.rb', line 50

def load_resource_by_query
  # If any query string parameter provided and allow fields specified
  if !request.query_parameters.empty? && !allowed_fields.empty?

    logger.info ('Load resource by query parameters')
    # Iterate over parameters in query string
    request.query_parameters.each do |key, value|
      # each key can be like filename[__querytype]=value
      # which `querytype` is string that specify the query type scope
      # to use in model. For example these is a query type scope called
      # `gt` which mean the mentioned field should be greater than the
      # value
      field, query_type = key.split('__')

      if allowed_fields.include? field
        # If field name is in the allowed list
        # If no query type specified we will use assignment scope.
        query_type = 'assignment' if query_type.nil?

        # If model have an scope with the "#{query_type}_query" name.
        # Otherwise skip
        if model_class.respond_to? "#{query_type}_query"

          # If resource already loaded. If there was a instnace variable
          # with the plural name of the resource exists then resource
          # already loaded and we should chain new conditions
          if instance_variable_defined? "@#{controller_name}"
            var = instance_variable_get("@#{controller_name}")
            var.send("#{query_type}_query".to_sym, field, value)
          else
            # Resource did not loaded we make first query
            # (without touching database) and set the corresponding
            # instance variables
            relation_object = model_class.send("#{query_type}_query".to_sym,
                                               field, value)
            instance_variable_set("@#{controller_name}", relation_object)
          end

        else
          logger.info "There is no `#{query_type}_query` in `#{model_class.to_s}` model."
        end
      else
        logger.warn "`#{field}` in not in allowed list for `#{self.class.to_s}`."
      end
    end
  else
    logger.info('Load resource using `load_resource`')
    #self.class.load_resource
  end
end

#set_csrf_cookie_for_ng ⇒ `Object`

Rescue from any access denied exception raised from cancan and returns a useful error message in json

rescue_from CanCan::AccessDenied do |exception|
  render :status => 403, :json => {
    :error => t('You don\'t have access to this page'),
    :orig_msg => exception.message,
    :action => exception.action
  }
end



35
36
37

# File 'app/controllers/underworld/api_controller.rb', line 35

def set_csrf_cookie_for_ng
  cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?
end