openproject/lib/api/v3/queries/queries_api.rb

#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) 2012-2021 the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#
# See docs/COPYRIGHT.rdoc for more details.
#++

require 'securerandom'
require 'api/v3/queries/query_representer'

module API
  module V3
    module Queries
      class QueriesAPI < ::API::OpenProjectAPI
        resources :queries do
          mount API::V3::Queries::Columns::QueryColumnsAPI
          mount API::V3::Queries::GroupBys::QueryGroupBysAPI
          mount API::V3::Queries::SortBys::QuerySortBysAPI
          mount API::V3::Queries::Filters::QueryFiltersAPI
          mount API::V3::Queries::Operators::QueryOperatorsAPI
          mount API::V3::Queries::Schemas::QuerySchemaAPI
          mount API::V3::Queries::Schemas::QueryFilterInstanceSchemaAPI
          mount API::V3::Queries::CreateFormAPI

          helpers ::API::V3::Queries::Helpers::QueryRepresenterResponse
          helpers ::API::V3::Queries::QueryHelper

          helpers do
            def authorize_by_policy(action, &block)
              authorize_by_with_raise(-> { allowed_to?(action) }, &block)
            end

            def allowed_to?(action)
              QueryPolicy.new(current_user).allowed?(@query, action)
            end
          end

          get do
            authorize_any %i(view_work_packages manage_public_queries), global: true

            queries_scope = Query.all.includes(QueryRepresenter.to_eager_load)

            ::API::V3::Utilities::ParamsToQuery.collection_response(queries_scope,
                                                                    current_user,
                                                                    params)
          end

          namespace 'available_projects' do
            after_validation do
              authorize(:view_work_packages, global: true, user: current_user)
            end

            get do
              available_projects = Project.allowed_to(current_user, :view_work_packages)
              self_link = api_v3_paths.query_available_projects

              ::API::V3::Projects::ProjectCollectionRepresenter.new(available_projects,
                                                                    self_link: self_link,
                                                                    current_user: current_user)
            end
          end

          namespace 'default' do
            params do
              optional :valid_subset, type: Boolean
            end

            get do
              @query = Query.new_default(name: 'default',
                                         user: current_user)

              authorize_by_policy(:show)

              query_representer_response(@query, params, params.delete(:valid_subset))
            end
          end

          post do
            create_query request_body, current_user
          end

          route_param :id, type: Integer, desc: 'Query ID' do
            after_validation do
              @query = Query.find(params[:id])

              authorize_by_policy(:show) do
                raise API::Errors::NotFound
              end
            end

            mount API::V3::Queries::UpdateFormAPI

            patch do
              update_query @query, request_body, current_user
            end

            params do
              optional :valid_subset, type: Boolean
            end

            get do
              # We try to ignore invalid aspects of the query as the user
              # might not even be able to fix them (public  query)
              # and because they might only be invalid in his context
              # but not for somebody having more permissions, e.g. subproject
              # filter for admin vs for anonymous.
              # Permissions are enforced nevertheless.
              @query.valid_subset!

              # We do not ignore invalid params provided by the client
              # unless explicily required by valid_subset
              query_representer_response(@query, params, params.delete(:valid_subset))
            end

            delete do
              authorize_by_policy(:destroy)

              @query.destroy

              status 204
            end

            patch :star do
              authorize_by_policy(:star)

              # Query name is not user-visible, but apparently used as CSS class. WTF.
              # Normalizing the query name can result in conflicts and empty names in case all
              # characters are filtered out. A random name doesn't have these problems.
              query_menu_item = MenuItems::QueryMenuItem
                                .find_or_initialize_by(navigatable_id: @query.id) do |item|
                item.name  = SecureRandom.uuid
                item.title = @query.name
              end
              query_menu_item.save!

              @query.valid_subset!
              query_representer_response(@query, {})
            end

            patch :unstar do
              authorize_by_policy(:unstar)

              @query.valid_subset!
              representer = query_representer_response(@query, {})

              query_menu_item = @query.query_menu_item
              return representer if @query.query_menu_item.nil?

              query_menu_item.destroy

              @query.reload

              representer
            end

            mount API::V3::Queries::Order::QueryOrderAPI
          end
        end
      end
    end
  end
end
Add missing Copyright headers in lib (API) code [ci skip] Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`#-- copyright`
Update copyright notice 5 years ago			`# OpenProject is an open source project management software.`
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013 4 years ago			`# Copyright (C) 2012-2021 the OpenProject GmbH`
Add missing Copyright headers in lib (API) code [ci skip] Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License version 3.`
			`#`
			`# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:`
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013 4 years ago			`# Copyright (C) 2006-2013 Jean-Philippe Lang`
Add missing Copyright headers in lib (API) code [ci skip] Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`# Copyright (C) 2010-2013 the ChiliProject Team`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License`
			`# as published by the Free Software Foundation; either version 2`
			`# of the License, or (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
			`# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`#`
Bump copyright to 2018 (#6171) [ci skip] 7 years ago			`# See docs/COPYRIGHT.rdoc for more details.`
Add missing Copyright headers in lib (API) code [ci skip] Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`#++`

API v3: Query: Fix empty name on starring When a query only has special characters as a name (which is not user- visible), normalization previously would remove all of them so the name could be empty. Using a random name fixes this. 10 years ago			`require 'securerandom'`
specify classes explicitly rather than implicitly This is a new try for the APIv3 classes, we either: - FULLY qualify a class and let the autoloader do the rest - don't qualify at all, but require the class explicitly Thus we do not (yet) completely give up on the rails autoloader, but we circumvent a fair amount of its magic (and problems). The hope is to eliminate the following problems in development mode: - NameErrors because the autoloader infers the wrong prefix - "object is not missing constant" errors occuring more rarely Let's see how that turns out to work... 10 years ago			`require 'api/v3/queries/query_representer'`
API v3: Query: Fix empty name on starring When a query only has special characters as a name (which is not user- visible), normalization previously would remove all of them so the name could be empty. Using a random name fixes this. 10 years ago
Created basic queries API endpoint & disabled experimental queries API endpoints 11 years ago			`module API`
			`module V3`
			`module Queries`
allow to patch existing API endpoints 10 years ago			`class QueriesAPI < ::API::OpenProjectAPI`
Created basic queries API endpoint & disabled experimental queries API endpoints 11 years ago			`resources :queries do`
link to column names 8 years ago			`mount API::V3::Queries::Columns::QueryColumnsAPI`
link to group_by 8 years ago			`mount API::V3::Queries::GroupBys::QueryGroupBysAPI`
link to sort_bys 8 years ago			`mount API::V3::Queries::SortBys::QuerySortBysAPI`
embed filters as objects 8 years ago			`mount API::V3::Queries::Filters::QueryFiltersAPI`
			`mount API::V3::Queries::Operators::QueryOperatorsAPI`
adding query schema - global query 8 years ago			`mount API::V3::Queries::Schemas::QuerySchemaAPI`
adding filter instance schemas 8 years ago			`mount API::V3::Queries::Schemas::QueryFilterInstanceSchemaAPI`
queries create and create form api endpoints 8 years ago			`mount API::V3::Queries::CreateFormAPI`
link to column names 8 years ago
add default query endpoint for project 8 years ago			`helpers ::API::V3::Queries::Helpers::QueryRepresenterResponse`
DRY'd queries create/update form api endpoints 8 years ago			`helpers ::API::V3::Queries::QueryHelper`
add default query endpoint for project 8 years ago
add default query endpoint globally 8 years ago			`helpers do`
			`def authorize_by_policy(action, &block)`
remove textile 6 years ago			`authorize_by_with_raise(-> { allowed_to?(action) }, &block)`
add default query endpoint globally 8 years ago			`end`

			`def allowed_to?(action)`
			`QueryPolicy.new(current_user).allowed?(@query, action)`
			`end`
			`end`

Add list actions for queries 9 years ago			`get do`
simple code prettifications 8 years ago			`authorize_any %i(view_work_packages manage_public_queries), global: true`
Add list actions for queries 9 years ago
rely on query representer to determine collection eager loading 8 years ago			`queries_scope = Query.all.includes(QueryRepresenter.to_eager_load)`

			`::API::V3::Utilities::ParamsToQuery.collection_response(queries_scope,`
reduce duplication 8 years ago			`current_user,`
			`params)`
Add list actions for queries 9 years ago			`end`

linking to available projects when embedding a query schema 8 years ago			`namespace 'available_projects' do`
Avoid before blocks and raw params access for IDs Grape's validation runs after a `before` block so we should avoid using raw params there and instead using `declared(params)` which returns only the validated whitelisted params, much like a permitted params hash. 6 years ago			`after_validation do`
linking to available projects when embedding a query schema 8 years ago			`authorize(:view_work_packages, global: true, user: current_user)`
			`end`

			`get do`
			`available_projects = Project.allowed_to(current_user, :view_work_packages)`
adding filter instance schemas 8 years ago			`self_link = api_v3_paths.query_available_projects`
linking to available projects when embedding a query schema 8 years ago
			`::API::V3::Projects::ProjectCollectionRepresenter.new(available_projects,`
Fix/update wysiwyg styles (#8844) This is a refactoring of the CSS classes in the WYSIWYG editor. The classes now use proper BEM and are almost completely independent of other CSS. It also includes small style refactorings, like a reduction of heading size in attribute fields, and an increase in heading size in all other instances. * Initial class definitions * Added more classes * Added Table of Contents basics * CkEditor applying custom CSS classes to p, h1, h2, h3, h4, h5, h6, li and blockquote * CKEditorInspector removed * op css class for headings * op css class for paragraphs * op css class for code/code block * adapt specs to altered markdown/html generation * adapt grid/budget representers to altered signature * op css class for lists * op css class for toc * op css class for links * Start working on typography css * op css class for tables * Fixing more typography, trying out larger headers * Applying custom classes to li, a, blockquote, figure, table, tr, td, th, image, codeblock, figcaption and macros * adapt specs to altered link classes * op css class for images * apply user content container class throughout application * CSS alignment custom classes applied to table * op css class for task list checkbox * Added task checkbox class * amend list checkbox class in backend * op css class for table thead element * adapt specs on image html generation * Updated table and typography styles * Update typography and figure styles * Figure overflow handling * Table alignment styles + ckEditor styles removed * rename wiki-anchor to op-uc-link_permalink * wrap table in div as well as figure * Updated code-block * Update permalinks * Fixed a lot about tables * Removed Description header from work-packages page * Fix frontend styles * Add placeholder styling, fix toc * Fixed figure print * working with table aligns * Custom class add to task lists * Custom classes applied to theads * op-uc-container custom class added to container * Codeblocks inside pre elements * Fix: single <code> and <a> tags * explicitly require overwritten gem class Apparently, the gem is not loaded yet when it is registered as a filter when in eager loading mode * adapt spec expectation to altered toc rendering * CkInspector removed * Latest ckeditor changes * remove highlight css class from wiki content * allow html pipleline to handle macros with additional classes * Fixed a lot of print css for tables * Add general print css back in * Update Table of Contents styling * Custom classes on ul, ol, li and task-lists * Revert "Custom classes on ul, ol, li and task-lists" This reverts commit 0d27d281378b324330ea2f25632de898269e2122. * Custom classes on ul, ol, li and task-lists * Custom classes on column's th * remove placeholder class when rendering * WOrking on task lists * Changing task-list classes, changed tests * Updated list styles * Remove unused todo list styles * remove checked in binstubs * Fix table of contents * adapt todo list handing in backend pipeline * adapt specs to altered css classes * Add numbers to table of contents * Better comments in table of contents * Fix: wrap single <table> with a <figure> * Fixes to todo list design * Updated todo list scss to fix nested lists * adapt selectors in table spec * Update table styles * Improve table borders more * Custom classes specs * Fix: no need to remove regular list classes when its type changes * Add modifier for inline headings * Update table editing styles * Remove break-word tests * wrap images just like tables * Update figure content styles * Fix: All tests passing (ul.op-uc-list_task-list) * div.op-uc-figure--content wrapping tables * Specs for figures wrappers div.op-uc-figure--content * Fix: add custom classes to links and codes again * Table wrapper div reverted + specs * Fix inline palceholders * Custom macro type classes * Add basic macro placeholder changes * Move heading permalink after text * Fix word-break spec * Sending figure styles to the backend (width) * extend test to take ckeditor placeholder into account * avoid adding bem classes multiple times * attempt to fix flickering spec * Removing image spinner when uploading finishes * adapt spec expectations Co-authored-by: Aleix Suau <info@macrofonoestudio.es> Co-authored-by: ulferts <jens.ulferts@googlemail.com> 4 years ago			`self_link: self_link,`
linking to available projects when embedding a query schema 8 years ago			`current_user: current_user)`
			`end`
			`end`

add default query endpoint globally 8 years ago			`namespace 'default' do`
[30106] Hide query groups when project filter reduced in valid subset https://community.openproject.com/wp/30106 6 years ago			`params do`
			`optional :valid_subset, type: Boolean`
			`end`

add default query endpoint globally 8 years ago			`get do`
			`@query = Query.new_default(name: 'default',`
			`user: current_user)`

			`authorize_by_policy(:show)`

[30106] Hide query groups when project filter reduced in valid subset https://community.openproject.com/wp/30106 6 years ago			`query_representer_response(@query, params, params.delete(:valid_subset))`
add default query endpoint globally 8 years ago			`end`
			`end`

queries create and create form api endpoints 8 years ago			`post do`
			`create_query request_body, current_user`
			`end`

Avoid before blocks and raw params access for IDs Grape's validation runs after a `before` block so we should avoid using raw params there and instead using `declared(params)` which returns only the validated whitelisted params, much like a permitted params hash. 6 years ago			`route_param :id, type: Integer, desc: 'Query ID' do`
			`after_validation do`
Created unstar action for queries 11 years ago			`@query = Query.find(params[:id])`
embed query results in query representer This is only done when the representer is not embedded itself, e.g. when it is part of a collection. 8 years ago
refactor 404 auth error no separate method needed, let authorize_by_policy behave like well known auth methods (accepting a block) 9 years ago			`authorize_by_policy(:show) do`
			`raise API::Errors::NotFound`
			`end`
Created basic queries API endpoint & disabled experimental queries API endpoints 11 years ago			`end`

fixed update form 8 years ago			`mount API::V3::Queries::UpdateFormAPI`

query update and query update form wip 8 years ago			`patch do`
			`update_query @query, request_body, current_user`
			`end`

[30106] Hide query groups when project filter reduced in valid subset https://community.openproject.com/wp/30106 6 years ago			`params do`
			`optional :valid_subset, type: Boolean`
			`end`

allow to get queries via APIv3 - one of those missing endpoints - adapted resource spec to be closer to other resource specs - specified error behaviour (missing permissions) -> change: not being allowed to see a query results in 404 9 years ago			`get do`
prepare the query before reading results (#5547) * prepare the query before reading results * use string for list cf filter value because all other list filter also use a string * handle invalid group, columns, sort on query read [ci skip] 8 years ago			`# We try to ignore invalid aspects of the query as the user`
			`# might not even be able to fix them (public query)`
			`# and because they might only be invalid in his context`
			`# but not for somebody having more permissions, e.g. subproject`
			`# filter for admin vs for anonymous.`
			`# Permissions are enforced nevertheless.`
			`@query.valid_subset!`

[30106] Hide query groups when project filter reduced in valid subset https://community.openproject.com/wp/30106 6 years ago			`# We do not ignore invalid params provided by the client`
			`# unless explicily required by valid_subset`
			`query_representer_response(@query, params, params.delete(:valid_subset))`
Refactor API authorize method 11 years ago			`end`
Allow deletion of queries via APIv3 9 years ago
			`delete do`
			`authorize_by_policy(:destroy)`

			`@query.destroy`

			`status 204`
			`end`
Refactor API authorize method 11 years ago
			`patch :star do`
Fix authorize usage 10 years ago			`authorize_by_policy(:star)`

API v3: Query: Fix empty name on starring When a query only has special characters as a name (which is not user- visible), normalization previously would remove all of them so the name could be empty. Using a random name fixes this. 10 years ago			`# Query name is not user-visible, but apparently used as CSS class. WTF.`
			`# Normalizing the query name can result in conflicts and empty names in case all`
			`# characters are filtered out. A random name doesn't have these problems.`
grant access to API v3 GET queries also for manage_public_queries 8 years ago			`query_menu_item = MenuItems::QueryMenuItem`
			`.find_or_initialize_by(navigatable_id: @query.id) do \|item\|`
			`item.name = SecureRandom.uuid`
			`item.title = @query.name`
			`end`
Simplified #star endpoint 11 years ago			`query_menu_item.save!`
add default query endpoint globally 8 years ago
[26141] Use valid subset of query to save it (#5859) https://community.openproject.com/wp/26141 [ci skip] 7 years ago			`@query.valid_subset!`
add default query endpoint for project 8 years ago			`query_representer_response(@query, {})`
Created unstar action for queries 11 years ago			`end`

			`patch :unstar do`
Fix authorize usage 10 years ago			`authorize_by_policy(:unstar)`

[26141] Use valid subset of query to save it (#5859) https://community.openproject.com/wp/26141 [ci skip] 7 years ago			`@query.valid_subset!`
add default query endpoint for project 8 years ago			`representer = query_representer_response(@query, {})`
add default query endpoint globally 8 years ago
Created unstar action for queries 11 years ago			`query_menu_item = @query.query_menu_item`
add default query endpoint globally 8 years ago			`return representer if @query.query_menu_item.nil?`
safe automatic fixes by rubocop (#8994) 4 years ago
Created unstar action for queries 11 years ago			`query_menu_item.destroy`
add default query endpoint globally 8 years ago
Added some tests and handled permissions for #star and #unstar methods 11 years ago			`@query.reload`
add default query endpoint globally 8 years ago
			`representer`
Created unstar action for queries 11 years ago			`end`
Save integer relative positions by computing spaces between 5 years ago
			`mount API::V3::Queries::Order::QueryOrderAPI`
Created basic queries API endpoint & disabled experimental queries API endpoints 11 years ago			`end`
			`end`
			`end`
			`end`
			`end`
			`end`