openproject/lib/api/v3/queries/queries_api.rb

#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++

require 'securerandom'
require 'api/v3/queries/query_representer'

module API
  module V3
    module Queries
      class QueriesAPI < ::API::OpenProjectAPI
        resources :queries do
          params do
            requires :id, desc: 'Query id'
          end
          route_param :id do
            before do
              @query = Query.find(params[:id])
              @representer = QueryRepresenter.new(@query)
            end

            helpers do
              def authorize_by_policy(action)
                authorize_by_with_raise do
                  QueryPolicy.new(current_user).allowed?(@query, action)
                end
              end
            end

            patch :star do
              authorize_by_policy(:star)

              # Query name is not user-visible, but apparently used as CSS class. WTF.
              # Normalizing the query name can result in conflicts and empty names in case all
              # characters are filtered out. A random name doesn't have these problems.
              query_menu_item = MenuItems::QueryMenuItem.find_or_initialize_by(
                navigatable_id: @query.id) { |item|
                  item.name  = SecureRandom.uuid
                  item.title = @query.name
                }
              query_menu_item.save!
              @representer
            end

            patch :unstar do
              authorize_by_policy(:unstar)

              query_menu_item = @query.query_menu_item
              return @representer if @query.query_menu_item.nil?
              query_menu_item.destroy
              @query.reload
              @representer
            end
          end
        end
      end
    end
  end
end
Add missing Copyright headers in lib (API) code [ci skip] Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`#-- copyright`
			`# OpenProject is a project management system.`
Update year in copyright header to 2015 [ci skip] 10 years ago			`# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)`
Add missing Copyright headers in lib (API) code [ci skip] Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License version 3.`
			`#`
			`# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:`
			`# Copyright (C) 2006-2013 Jean-Philippe Lang`
			`# Copyright (C) 2010-2013 the ChiliProject Team`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License`
			`# as published by the Free Software Foundation; either version 2`
			`# of the License, or (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
			`# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`#`
			`# See doc/COPYRIGHT.rdoc for more details.`
			`#++`

API v3: Query: Fix empty name on starring When a query only has special characters as a name (which is not user- visible), normalization previously would remove all of them so the name could be empty. Using a random name fixes this. 10 years ago			`require 'securerandom'`
specify classes explicitly rather than implicitly This is a new try for the APIv3 classes, we either: - FULLY qualify a class and let the autoloader do the rest - don't qualify at all, but require the class explicitly Thus we do not (yet) completely give up on the rails autoloader, but we circumvent a fair amount of its magic (and problems). The hope is to eliminate the following problems in development mode: - NameErrors because the autoloader infers the wrong prefix - "object is not missing constant" errors occuring more rarely Let's see how that turns out to work... 10 years ago			`require 'api/v3/queries/query_representer'`
API v3: Query: Fix empty name on starring When a query only has special characters as a name (which is not user- visible), normalization previously would remove all of them so the name could be empty. Using a random name fixes this. 10 years ago
Created basic queries API endpoint & disabled experimental queries API endpoints 11 years ago			`module API`
			`module V3`
			`module Queries`
allow to patch existing API endpoints 10 years ago			`class QueriesAPI < ::API::OpenProjectAPI`
Created basic queries API endpoint & disabled experimental queries API endpoints 11 years ago			`resources :queries do`
			`params do`
			`requires :id, desc: 'Query id'`
			`end`
more consequently use route_param this seems to be the GRAPE-iest way possible 10 years ago			`route_param :id do`
Created unstar action for queries 11 years ago			`before do`
			`@query = Query.find(params[:id])`
style 10 years ago			`@representer = QueryRepresenter.new(@query)`
Created basic queries API endpoint & disabled experimental queries API endpoints 11 years ago			`end`

Refactor API authorize method 11 years ago			`helpers do`
Fix authorize usage 10 years ago			`def authorize_by_policy(action)`
			`authorize_by_with_raise do`
			`QueryPolicy.new(current_user).allowed?(@query, action)`
			`end`
Added some tests and handled permissions for #star and #unstar methods 11 years ago			`end`
Refactor API authorize method 11 years ago			`end`

			`patch :star do`
Fix authorize usage 10 years ago			`authorize_by_policy(:star)`

API v3: Query: Fix empty name on starring When a query only has special characters as a name (which is not user- visible), normalization previously would remove all of them so the name could be empty. Using a random name fixes this. 10 years ago			`# Query name is not user-visible, but apparently used as CSS class. WTF.`
			`# Normalizing the query name can result in conflicts and empty names in case all`
			`# characters are filtered out. A random name doesn't have these problems.`
Replace dynamic finder usages with #find_by, etc. This patch replaces all dynamic finders, for the sake of consistency, although only some methods are deprecated. See: https://github.com/rails/activerecord-deprecated_finders#active-record-deprecated-finders * Revert some `User#find_by_login` usages in cuke steps accidentally removed in 74228b59. User Story # 20325 Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`query_menu_item = MenuItems::QueryMenuItem.find_or_initialize_by(`
Fix syntax (w/Rubocop) in lib code Signed-off-by: Alex Coles <alex@alexbcoles.com> 9 years ago			`navigatable_id: @query.id) { \|item\|`
Replace dynamic finder usages with #find_by, etc. This patch replaces all dynamic finders, for the sake of consistency, although only some methods are deprecated. See: https://github.com/rails/activerecord-deprecated_finders#active-record-deprecated-finders * Revert some `User#find_by_login` usages in cuke steps accidentally removed in 74228b59. User Story # 20325 Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`item.name = SecureRandom.uuid`
			`item.title = @query.name`
Fix syntax (w/Rubocop) in lib code Signed-off-by: Alex Coles <alex@alexbcoles.com> 9 years ago			`}`
Simplified #star endpoint 11 years ago			`query_menu_item.save!`
Specify a custom Formatter for hal+json This avoids having to explicitly call #to_json: https://github.com/intridea/grape#api-formats Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`@representer`
Created unstar action for queries 11 years ago			`end`

			`patch :unstar do`
Fix authorize usage 10 years ago			`authorize_by_policy(:unstar)`

Created unstar action for queries 11 years ago			`query_menu_item = @query.query_menu_item`
Specify a custom Formatter for hal+json This avoids having to explicitly call #to_json: https://github.com/intridea/grape#api-formats Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`return @representer if @query.query_menu_item.nil?`
Created unstar action for queries 11 years ago			`query_menu_item.destroy`
Added some tests and handled permissions for #star and #unstar methods 11 years ago			`@query.reload`
Specify a custom Formatter for hal+json This avoids having to explicitly call #to_json: https://github.com/intridea/grape#api-formats Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`@representer`
Created unstar action for queries 11 years ago			`end`
Created basic queries API endpoint & disabled experimental queries API endpoints 11 years ago			`end`
			`end`
			`end`
			`end`
			`end`
			`end`