#-- copyright # OpenProject is a project management system. # Copyright (C) 2012-2017 the OpenProject Foundation (OPF) # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License version 3. # # OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: # Copyright (C) 2006-2017 Jean-Philippe Lang # Copyright (C) 2010-2013 the ChiliProject Team # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # See doc/COPYRIGHT.rdoc for more details. #++ require 'securerandom' require 'api/v3/queries/query_representer' module API module V3 module Queries class QueriesAPI < ::API::OpenProjectAPI resources :queries do mount API::V3::Queries::Columns::QueryColumnsAPI mount API::V3::Queries::GroupBys::QueryGroupBysAPI mount API::V3::Queries::SortBys::QuerySortBysAPI mount API::V3::Queries::Filters::QueryFiltersAPI mount API::V3::Queries::Operators::QueryOperatorsAPI mount API::V3::Queries::Schemas::QuerySchemaAPI mount API::V3::Queries::Schemas::QueryFilterInstanceSchemaAPI mount API::V3::Queries::CreateFormAPI helpers ::API::V3::Queries::Helpers::QueryRepresenterResponse helpers ::API::V3::Queries::QueryHelper helpers do def authorize_by_policy(action, &block) authorize_by_with_raise(-> () { allowed_to?(action) }, &block) end def allowed_to?(action) QueryPolicy.new(current_user).allowed?(@query, action) end end get do authorize_any [:view_work_packages, :manage_public_queries], global: true queries_scope = Query.all.includes(QueryRepresenter.to_eager_load) ::API::V3::Utilities::ParamsToQuery.collection_response(queries_scope, current_user, params) end namespace 'available_projects' do before do authorize(:view_work_packages, global: true, user: current_user) end get do available_projects = Project.allowed_to(current_user, :view_work_packages) self_link = api_v3_paths.query_available_projects ::API::V3::Projects::ProjectCollectionRepresenter.new(available_projects, self_link, current_user: current_user) end end namespace 'default' do get do @query = Query.new_default(name: 'default', user: current_user) authorize_by_policy(:show) query_representer_response(@query, params) end end post do create_query request_body, current_user end params do requires :id, desc: 'Query id' end route_param :id do before do @query = Query.find(params[:id]) authorize_by_policy(:show) do raise API::Errors::NotFound end end mount API::V3::Queries::UpdateFormAPI patch do update_query @query, request_body, current_user end get do query_representer_response(@query, params) end delete do authorize_by_policy(:destroy) @query.destroy status 204 end patch :star do authorize_by_policy(:star) # Query name is not user-visible, but apparently used as CSS class. WTF. # Normalizing the query name can result in conflicts and empty names in case all # characters are filtered out. A random name doesn't have these problems. query_menu_item = MenuItems::QueryMenuItem .find_or_initialize_by(navigatable_id: @query.id) do |item| item.name = SecureRandom.uuid item.title = @query.name end query_menu_item.save! query_representer_response(@query, {}) end patch :unstar do authorize_by_policy(:unstar) representer = query_representer_response(@query, {}) query_menu_item = @query.query_menu_item return representer if @query.query_menu_item.nil? query_menu_item.destroy @query.reload representer end end end end end end end