Streamline of rest api (added missing destroy backends).

This commit is contained in:
Martin Edenhofer 2016-06-06 08:34:15 +02:00
parent 19c3335d10
commit 65af185847
12 changed files with 95 additions and 51 deletions

View file

@ -379,7 +379,7 @@ class ApplicationController < ActionController::Base
end end
# model helper # model helper
def model_create_render (object, params) def model_create_render(object, params)
# create object # create object
generic_object = object.new(object.param_cleanup(params[object.to_app_model_url], true )) generic_object = object.new(object.param_cleanup(params[object.to_app_model_url], true ))
@ -397,11 +397,11 @@ class ApplicationController < ActionController::Base
render json: model_match_error(e.message), status: :unprocessable_entity render json: model_match_error(e.message), status: :unprocessable_entity
end end
def model_create_render_item (generic_object) def model_create_render_item(generic_object)
render json: generic_object.attributes_with_associations, status: :created render json: generic_object.attributes_with_associations, status: :created
end end
def model_update_render (object, params) def model_update_render(object, params)
# find object # find object
generic_object = object.find(params[:id]) generic_object = object.find(params[:id])
@ -419,11 +419,11 @@ class ApplicationController < ActionController::Base
render json: model_match_error(e.message), status: :unprocessable_entity render json: model_match_error(e.message), status: :unprocessable_entity
end end
def model_update_render_item (generic_object) def model_update_render_item(generic_object)
render json: generic_object.attributes_with_associations, status: :ok render json: generic_object.attributes_with_associations, status: :ok
end end
def model_destory_render (object, params) def model_destory_render(object, params)
generic_object = object.find(params[:id]) generic_object = object.find(params[:id])
generic_object.destroy generic_object.destroy
model_destory_render_item() model_destory_render_item()
@ -453,12 +453,17 @@ class ApplicationController < ActionController::Base
render json: model_match_error(e.message), status: :unprocessable_entity render json: model_match_error(e.message), status: :unprocessable_entity
end end
def model_show_render_item (generic_object) def model_show_render_item(generic_object)
render json: generic_object.attributes_with_associations, status: :ok render json: generic_object.attributes_with_associations, status: :ok
end end
def model_index_render (object, _params) def model_index_render(object, params)
generic_objects = object.all if params[:page] && params[:per_page]
offset = (params[:page].to_i - 1) * params[:per_page].to_i
generic_objects = object.limit(params[:per_page]).offset(offset)
else
generic_objects = object.all
end
if params[:full] if params[:full]
assets = {} assets = {}
@ -485,11 +490,11 @@ class ApplicationController < ActionController::Base
render json: model_match_error(e.message), status: :unprocessable_entity render json: model_match_error(e.message), status: :unprocessable_entity
end end
def model_index_render_result (generic_objects) def model_index_render_result(generic_objects)
render json: generic_objects, status: :ok render json: generic_objects, status: :ok
end end
def model_match_error (error) def model_match_error(error)
data = { data = {
error: error error: error
} }
@ -499,6 +504,25 @@ class ApplicationController < ActionController::Base
data data
end end
def model_references_check(object, params)
generic_object = object.find(params[:id])
result = Models.references(object, generic_object.id)
return false if result.empty?
render json: { error: 'Can\'t delete, object has references.' }, status: :unprocessable_entity
true
rescue => e
logger.error e.message
logger.error e.backtrace.inspect
render json: model_match_error(e.message), status: :unprocessable_entity
end
def not_found(e)
respond_to do |format|
format.json { render json: { error: e.message }, status: :not_found }
format.any { render text: "Error: #{e.message}", status: :not_found }
end
end
# check maintenance mode # check maintenance mode
def check_maintenance_only(user) def check_maintenance_only(user)
return false if Setting.get('maintenance_mode') != true return false if Setting.get('maintenance_mode') != true

View file

@ -27,7 +27,7 @@ Example:
=begin =begin
Resource: Resource:
GET /api/v1/groups.json GET /api/v1/groups
Response: Response:
[ [
@ -44,7 +44,7 @@ Response:
] ]
Test: Test:
curl http://localhost/api/v1/groups.json -v -u #{login}:#{password} curl http://localhost/api/v1/groups -v -u #{login}:#{password}
=end =end
@ -55,7 +55,7 @@ curl http://localhost/api/v1/groups.json -v -u #{login}:#{password}
=begin =begin
Resource: Resource:
GET /api/v1/groups/#{id}.json GET /api/v1/groups/#{id}
Response: Response:
{ {
@ -65,7 +65,7 @@ Response:
} }
Test: Test:
curl http://localhost/api/v1/groups/#{id}.json -v -u #{login}:#{password} curl http://localhost/api/v1/groups/#{id} -v -u #{login}:#{password}
=end =end
@ -76,7 +76,7 @@ curl http://localhost/api/v1/groups/#{id}.json -v -u #{login}:#{password}
=begin =begin
Resource: Resource:
POST /api/v1/groups.json POST /api/v1/groups
Payload: Payload:
{ {
@ -96,7 +96,7 @@ Response:
} }
Test: Test:
curl http://localhost/api/v1/groups.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"name": "some_name","active": true, "note": "some note"}' curl http://localhost/api/v1/groups -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"name": "some_name","active": true, "note": "some note"}'
=end =end
@ -108,7 +108,7 @@ curl http://localhost/api/v1/groups.json -v -u #{login}:#{password} -H "Content-
=begin =begin
Resource: Resource:
PUT /api/v1/groups/{id}.json PUT /api/v1/groups/{id}
Payload: Payload:
{ {
@ -128,7 +128,7 @@ Response:
} }
Test: Test:
curl http://localhost/api/v1/groups.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"name": "some_name","active": true, "note": "some note"}' curl http://localhost/api/v1/groups -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"name": "some_name","active": true, "note": "some note"}'
=end =end
@ -140,10 +140,13 @@ curl http://localhost/api/v1/groups.json -v -u #{login}:#{password} -H "Content-
=begin =begin
Resource: Resource:
DELETE /api/v1/groups/{id}
Response: Response:
{}
Test: Test:
curl http://localhost/api/v1/groups/{id} -v -u #{login}:#{password} -H "Content-Type: application/json" -X DELETE -d '{}'
=end =end

View file

@ -25,7 +25,7 @@ Example:
=begin =begin
Resource: Resource:
GET /api/v1/organizations.json GET /api/v1/organizations
Response: Response:
[ [
@ -42,7 +42,7 @@ Response:
] ]
Test: Test:
curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password} curl http://localhost/api/v1/organizations -v -u #{login}:#{password}
=end =end
@ -63,7 +63,7 @@ curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password}
=begin =begin
Resource: Resource:
GET /api/v1/organizations/#{id}.json GET /api/v1/organizations/#{id}
Response: Response:
{ {
@ -73,7 +73,7 @@ Response:
} }
Test: Test:
curl http://localhost/api/v1/organizations/#{id}.json -v -u #{login}:#{password} curl http://localhost/api/v1/organizations/#{id} -v -u #{login}:#{password}
=end =end
@ -101,7 +101,7 @@ curl http://localhost/api/v1/organizations/#{id}.json -v -u #{login}:#{password}
=begin =begin
Resource: Resource:
POST /api/v1/organizations.json POST /api/v1/organizations
Payload: Payload:
{ {
@ -119,7 +119,7 @@ Response:
} }
Test: Test:
curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"name": "some_name","active": true,"shared": true,"note": "some note"}' curl http://localhost/api/v1/organizations -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"name": "some_name","active": true,"shared": true,"note": "some note"}'
=end =end
@ -131,7 +131,7 @@ curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password} -H "C
=begin =begin
Resource: Resource:
PUT /api/v1/organizations/{id}.json PUT /api/v1/organizations/{id}
Payload: Payload:
{ {
@ -150,7 +150,7 @@ Response:
} }
Test: Test:
curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"id": 1,"name": "some_name","active": true,"shared": true,"note": "some note"}' curl http://localhost/api/v1/organizations -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"id": 1,"name": "some_name","active": true,"shared": true,"note": "some note"}'
=end =end
@ -162,15 +162,19 @@ curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password} -H "C
=begin =begin
Resource: Resource:
DELETE /api/v1/organization/{id}
Response: Response:
{}
Test: Test:
curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Content-Type: application/json" -X DELETE -d '{}'
=end =end
def destroy def destroy
return if deny_if_not_role('Agent') return if deny_if_not_role(Z_ROLENAME_AGENT)
return if model_references_check(Organization, params)
model_destory_render(Organization, params) model_destory_render(Organization, params)
end end
@ -184,7 +188,7 @@ Test:
end end
# get organization data # get organization data
organization = Organization.find( params[:id] ) organization = Organization.find(params[:id])
# get history of organization # get history of organization
history = organization.history_get(true) history = organization.history_get(true)

View file

@ -28,6 +28,7 @@ class TicketPrioritiesController < ApplicationController
# DELETE /ticket_priorities/1 # DELETE /ticket_priorities/1
def destroy def destroy
return if deny_if_not_role(Z_ROLENAME_ADMIN) return if deny_if_not_role(Z_ROLENAME_ADMIN)
return if model_references_check(Ticket::Priority, params)
model_destory_render(Ticket::Priority, params) model_destory_render(Ticket::Priority, params)
end end
end end

View file

@ -28,6 +28,7 @@ class TicketStatesController < ApplicationController
# DELETE /ticket_states/1 # DELETE /ticket_states/1
def destroy def destroy
return if deny_if_not_role(Z_ROLENAME_ADMIN) return if deny_if_not_role(Z_ROLENAME_ADMIN)
return if model_references_check(Ticket::State, params)
model_destory_render(Ticket::State, params) model_destory_render(Ticket::State, params)
end end
end end

View file

@ -65,7 +65,11 @@ class UsersController < ApplicationController
# @response_message 200 [User] Created User record. # @response_message 200 [User] Created User record.
# @response_message 401 Invalid session. # @response_message 401 Invalid session.
def create def create
user = User.new( User.param_cleanup(params, true) )
# in case of authentication, set current_user to access later
authentication_check_only({})
user = User.new(User.param_cleanup(params, true))
begin begin
# check if it's first user # check if it's first user
@ -76,13 +80,13 @@ class UsersController < ApplicationController
# check if feature is enabled # check if feature is enabled
if !Setting.get('user_create_account') if !Setting.get('user_create_account')
render json: { error_human: 'Feature not enabled!' }, status: :unprocessable_entity render json: { error: 'Feature not enabled!' }, status: :unprocessable_entity
return return
end end
# check signup option only after admin account is created # check signup option only after admin account is created
if count > 2 && !params[:signup] if count > 2 && !params[:signup]
render json: { error_human: 'Only signup is possible!' }, status: :unprocessable_entity render json: { error: 'Only signup with not authenticate user possible!' }, status: :unprocessable_entity
return return
end end
user.updated_by_id = 1 user.updated_by_id = 1
@ -127,7 +131,7 @@ class UsersController < ApplicationController
if user.email if user.email
exists = User.where(email: user.email.downcase).first exists = User.where(email: user.email.downcase).first
if exists if exists
render json: { error_human: 'User already exists!' }, status: :unprocessable_entity render json: { error: 'User already exists!' }, status: :unprocessable_entity
return return
end end
end end
@ -233,6 +237,7 @@ class UsersController < ApplicationController
# @response_message 401 Invalid session. # @response_message 401 Invalid session.
def destroy def destroy
return if deny_if_not_role(Z_ROLENAME_ADMIN) return if deny_if_not_role(Z_ROLENAME_ADMIN)
return if model_references_check(User, params)
model_destory_render(User, params) model_destory_render(User, params)
end end
@ -462,12 +467,12 @@ curl http://localhost/api/v1/users/email_verify_send.json -v -u #{login}:#{passw
# check is verify is possible to send # check is verify is possible to send
user = User.find_by(email: params[:email].downcase) user = User.find_by(email: params[:email].downcase)
if !user if !user
render json: { error_human: 'No such user!' }, status: :unprocessable_entity render json: { error: 'No such user!' }, status: :unprocessable_entity
return return
end end
#if user.verified == true #if user.verified == true
# render json: { error_human: 'Already verified!' }, status: :unprocessable_entity # render json: { error: 'Already verified!' }, status: :unprocessable_entity
# return # return
#end #end
@ -917,13 +922,13 @@ curl http://localhost/api/v1/users/avatar -v -u #{login}:#{password} -H "Content
params[:role_ids].each {|role_id| params[:role_ids].each {|role_id|
role_local = Role.lookup(id: role_id) role_local = Role.lookup(id: role_id)
if !role_local if !role_local
render json: { error_human: 'Invalid role_ids!' }, status: :unauthorized render json: { error: 'Invalid role_ids!' }, status: :unauthorized
logger.info "Invalid role_ids for current_user_id: #{current_user.id} role_ids #{role_id}" logger.info "Invalid role_ids for current_user_id: #{current_user.id} role_ids #{role_id}"
return false return false
end end
role_name = role_local.name role_name = role_local.name
next if role_name != 'Admin' && role_name != 'Agent' next if role_name != 'Admin' && role_name != 'Agent'
render json: { error_human: 'This role assignment is only allowed by admin!' }, status: :unauthorized render json: { error: 'This role assignment is only allowed by admin!' }, status: :unauthorized
logger.info "This role assignment is only allowed by admin! current_user_id: #{current_user.id} assigned to #{role_name}" logger.info "This role assignment is only allowed by admin! current_user_id: #{current_user.id} assigned to #{role_name}"
return false return false
} }
@ -934,7 +939,7 @@ curl http://localhost/api/v1/users/avatar -v -u #{login}:#{password} -H "Content
params[:group_ids] = [params[:group_ids]] params[:group_ids] = [params[:group_ids]]
end end
if !params[:group_ids].empty? if !params[:group_ids].empty?
render json: { error_human: 'Group relation is only allowed by admin!' }, status: :unauthorized render json: { error: 'Group relation is only allowed by admin!' }, status: :unauthorized
logger.info "Group relation is only allowed by admin! current_user_id: #{current_user.id} group_ids #{params[:group_ids].inspect}" logger.info "Group relation is only allowed by admin! current_user_id: #{current_user.id} group_ids #{params[:group_ids].inspect}"
return false return false
end end

View file

@ -2,9 +2,10 @@ Zammad::Application.routes.draw do
api_path = Rails.configuration.api_path api_path = Rails.configuration.api_path
# groups # groups
match api_path + '/groups', to: 'groups#index', via: :get match api_path + '/groups', to: 'groups#index', via: :get
match api_path + '/groups/:id', to: 'groups#show', via: :get match api_path + '/groups/:id', to: 'groups#show', via: :get
match api_path + '/groups', to: 'groups#create', via: :post match api_path + '/groups', to: 'groups#create', via: :post
match api_path + '/groups/:id', to: 'groups#update', via: :put match api_path + '/groups/:id', to: 'groups#update', via: :put
match api_path + '/groups/:id', to: 'groups#destroy', via: :delete
end end

View file

@ -2,10 +2,11 @@ Zammad::Application.routes.draw do
api_path = Rails.configuration.api_path api_path = Rails.configuration.api_path
# organizations # organizations
match api_path + '/organizations', to: 'organizations#index', via: :get match api_path + '/organizations', to: 'organizations#index', via: :get
match api_path + '/organizations/:id', to: 'organizations#show', via: :get match api_path + '/organizations/:id', to: 'organizations#show', via: :get
match api_path + '/organizations', to: 'organizations#create', via: :post match api_path + '/organizations', to: 'organizations#create', via: :post
match api_path + '/organizations/:id', to: 'organizations#update', via: :put match api_path + '/organizations/:id', to: 'organizations#update', via: :put
match api_path + '/organizations/:id', to: 'organizations#destroy', via: :delete
match api_path + '/organizations/history/:id', to: 'organizations#history', via: :get match api_path + '/organizations/history/:id', to: 'organizations#history', via: :get
end end

View file

@ -24,12 +24,14 @@ Zammad::Application.routes.draw do
match api_path + '/ticket_priorities/:id', to: 'ticket_priorities#show', via: :get match api_path + '/ticket_priorities/:id', to: 'ticket_priorities#show', via: :get
match api_path + '/ticket_priorities', to: 'ticket_priorities#create', via: :post match api_path + '/ticket_priorities', to: 'ticket_priorities#create', via: :post
match api_path + '/ticket_priorities/:id', to: 'ticket_priorities#update', via: :put match api_path + '/ticket_priorities/:id', to: 'ticket_priorities#update', via: :put
match api_path + '/ticket_priorities/:id', to: 'ticket_priorities#destroy', via: :delete
# ticket state # ticket state
match api_path + '/ticket_states', to: 'ticket_states#index', via: :get match api_path + '/ticket_states', to: 'ticket_states#index', via: :get
match api_path + '/ticket_states/:id', to: 'ticket_states#show', via: :get match api_path + '/ticket_states/:id', to: 'ticket_states#show', via: :get
match api_path + '/ticket_states', to: 'ticket_states#create', via: :post match api_path + '/ticket_states', to: 'ticket_states#create', via: :post
match api_path + '/ticket_states/:id', to: 'ticket_states#update', via: :put match api_path + '/ticket_states/:id', to: 'ticket_states#update', via: :put
match api_path + '/ticket_states/:id', to: 'ticket_states#destroy', via: :delete
# ticket articles # ticket articles
match api_path + '/ticket_articles', to: 'ticket_articles#index', via: :get match api_path + '/ticket_articles', to: 'ticket_articles#index', via: :get

View file

@ -20,6 +20,7 @@ Zammad::Application.routes.draw do
match api_path + '/users/history/:id', to: 'users#history', via: :get match api_path + '/users/history/:id', to: 'users#history', via: :get
match api_path + '/users', to: 'users#create', via: :post match api_path + '/users', to: 'users#create', via: :post
match api_path + '/users/:id', to: 'users#update', via: :put match api_path + '/users/:id', to: 'users#update', via: :put
match api_path + '/users/:id', to: 'users#destroy', via: :delete
match api_path + '/users/image/:hash', to: 'users#image', via: :get match api_path + '/users/image/:hash', to: 'users#image', via: :get
match api_path + '/users/email_verify', to: 'users#email_verify', via: :post match api_path + '/users/email_verify', to: 'users#email_verify', via: :post

View file

@ -97,6 +97,7 @@ returns
=end =end
def self.references(object_name, object_id) def self.references(object_name, object_id)
object_name = object_name.to_s
# check if model exists # check if model exists
object_model = load_adapter(object_name) object_model = load_adapter(object_name)

View file

@ -81,8 +81,8 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
post '/api/v1/users', params.to_json, @headers post '/api/v1/users', params.to_json, @headers
assert_response(422) assert_response(422)
result = JSON.parse(@response.body) result = JSON.parse(@response.body)
assert(result['error_human']) assert(result['error'])
assert_equal('Feature not enabled!', result['error_human']) assert_equal('Feature not enabled!', result['error'])
Setting.set('user_create_account', true) Setting.set('user_create_account', true)
@ -91,16 +91,16 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
post '/api/v1/users', params.to_json, @headers post '/api/v1/users', params.to_json, @headers
assert_response(422) assert_response(422)
result = JSON.parse(@response.body) result = JSON.parse(@response.body)
assert(result['error_human']) assert(result['error'])
assert_equal('Only signup is possible!', result['error_human']) assert_equal('Only signup with not authenticate user possible!', result['error'])
# already existing user with enabled feature # already existing user with enabled feature
params = { email: 'rest-customer1@example.com', signup: true } params = { email: 'rest-customer1@example.com', signup: true }
post '/api/v1/users', params.to_json, @headers post '/api/v1/users', params.to_json, @headers
assert_response(422) assert_response(422)
result = JSON.parse(@response.body) result = JSON.parse(@response.body)
assert(result['error_human']) assert(result['error'])
assert_equal('User already exists!', result['error_human']) assert_equal('User already exists!', result['error'])
# create user with enabled feature # create user with enabled feature
params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true } params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }