Streamline of rest api (added missing destroy backends).

This commit is contained in:
Martin Edenhofer 2016-06-06 08:34:15 +02:00
parent 19c3335d10
commit 65af185847
12 changed files with 95 additions and 51 deletions

View file

@ -457,8 +457,13 @@ class ApplicationController < ActionController::Base
render json: generic_object.attributes_with_associations, status: :ok
end
def model_index_render (object, _params)
def model_index_render(object, params)
if params[:page] && params[:per_page]
offset = (params[:page].to_i - 1) * params[:per_page].to_i
generic_objects = object.limit(params[:per_page]).offset(offset)
else
generic_objects = object.all
end
if params[:full]
assets = {}
@ -499,6 +504,25 @@ class ApplicationController < ActionController::Base
data
end
def model_references_check(object, params)
generic_object = object.find(params[:id])
result = Models.references(object, generic_object.id)
return false if result.empty?
render json: { error: 'Can\'t delete, object has references.' }, status: :unprocessable_entity
true
rescue => e
logger.error e.message
logger.error e.backtrace.inspect
render json: model_match_error(e.message), status: :unprocessable_entity
end
def not_found(e)
respond_to do |format|
format.json { render json: { error: e.message }, status: :not_found }
format.any { render text: "Error: #{e.message}", status: :not_found }
end
end
# check maintenance mode
def check_maintenance_only(user)
return false if Setting.get('maintenance_mode') != true

View file

@ -27,7 +27,7 @@ Example:
=begin
Resource:
GET /api/v1/groups.json
GET /api/v1/groups
Response:
[
@ -44,7 +44,7 @@ Response:
]
Test:
curl http://localhost/api/v1/groups.json -v -u #{login}:#{password}
curl http://localhost/api/v1/groups -v -u #{login}:#{password}
=end
@ -55,7 +55,7 @@ curl http://localhost/api/v1/groups.json -v -u #{login}:#{password}
=begin
Resource:
GET /api/v1/groups/#{id}.json
GET /api/v1/groups/#{id}
Response:
{
@ -65,7 +65,7 @@ Response:
}
Test:
curl http://localhost/api/v1/groups/#{id}.json -v -u #{login}:#{password}
curl http://localhost/api/v1/groups/#{id} -v -u #{login}:#{password}
=end
@ -76,7 +76,7 @@ curl http://localhost/api/v1/groups/#{id}.json -v -u #{login}:#{password}
=begin
Resource:
POST /api/v1/groups.json
POST /api/v1/groups
Payload:
{
@ -96,7 +96,7 @@ Response:
}
Test:
curl http://localhost/api/v1/groups.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"name": "some_name","active": true, "note": "some note"}'
curl http://localhost/api/v1/groups -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"name": "some_name","active": true, "note": "some note"}'
=end
@ -108,7 +108,7 @@ curl http://localhost/api/v1/groups.json -v -u #{login}:#{password} -H "Content-
=begin
Resource:
PUT /api/v1/groups/{id}.json
PUT /api/v1/groups/{id}
Payload:
{
@ -128,7 +128,7 @@ Response:
}
Test:
curl http://localhost/api/v1/groups.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"name": "some_name","active": true, "note": "some note"}'
curl http://localhost/api/v1/groups -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"name": "some_name","active": true, "note": "some note"}'
=end
@ -140,10 +140,13 @@ curl http://localhost/api/v1/groups.json -v -u #{login}:#{password} -H "Content-
=begin
Resource:
DELETE /api/v1/groups/{id}
Response:
{}
Test:
curl http://localhost/api/v1/groups/{id} -v -u #{login}:#{password} -H "Content-Type: application/json" -X DELETE -d '{}'
=end

View file

@ -25,7 +25,7 @@ Example:
=begin
Resource:
GET /api/v1/organizations.json
GET /api/v1/organizations
Response:
[
@ -42,7 +42,7 @@ Response:
]
Test:
curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password}
curl http://localhost/api/v1/organizations -v -u #{login}:#{password}
=end
@ -63,7 +63,7 @@ curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password}
=begin
Resource:
GET /api/v1/organizations/#{id}.json
GET /api/v1/organizations/#{id}
Response:
{
@ -73,7 +73,7 @@ Response:
}
Test:
curl http://localhost/api/v1/organizations/#{id}.json -v -u #{login}:#{password}
curl http://localhost/api/v1/organizations/#{id} -v -u #{login}:#{password}
=end
@ -101,7 +101,7 @@ curl http://localhost/api/v1/organizations/#{id}.json -v -u #{login}:#{password}
=begin
Resource:
POST /api/v1/organizations.json
POST /api/v1/organizations
Payload:
{
@ -119,7 +119,7 @@ Response:
}
Test:
curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"name": "some_name","active": true,"shared": true,"note": "some note"}'
curl http://localhost/api/v1/organizations -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"name": "some_name","active": true,"shared": true,"note": "some note"}'
=end
@ -131,7 +131,7 @@ curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password} -H "C
=begin
Resource:
PUT /api/v1/organizations/{id}.json
PUT /api/v1/organizations/{id}
Payload:
{
@ -150,7 +150,7 @@ Response:
}
Test:
curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"id": 1,"name": "some_name","active": true,"shared": true,"note": "some note"}'
curl http://localhost/api/v1/organizations -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"id": 1,"name": "some_name","active": true,"shared": true,"note": "some note"}'
=end
@ -162,15 +162,19 @@ curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password} -H "C
=begin
Resource:
DELETE /api/v1/organization/{id}
Response:
{}
Test:
curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Content-Type: application/json" -X DELETE -d '{}'
=end
def destroy
return if deny_if_not_role('Agent')
return if deny_if_not_role(Z_ROLENAME_AGENT)
return if model_references_check(Organization, params)
model_destory_render(Organization, params)
end

View file

@ -28,6 +28,7 @@ class TicketPrioritiesController < ApplicationController
# DELETE /ticket_priorities/1
def destroy
return if deny_if_not_role(Z_ROLENAME_ADMIN)
return if model_references_check(Ticket::Priority, params)
model_destory_render(Ticket::Priority, params)
end
end

View file

@ -28,6 +28,7 @@ class TicketStatesController < ApplicationController
# DELETE /ticket_states/1
def destroy
return if deny_if_not_role(Z_ROLENAME_ADMIN)
return if model_references_check(Ticket::State, params)
model_destory_render(Ticket::State, params)
end
end

View file

@ -65,6 +65,10 @@ class UsersController < ApplicationController
# @response_message 200 [User] Created User record.
# @response_message 401 Invalid session.
def create
# in case of authentication, set current_user to access later
authentication_check_only({})
user = User.new(User.param_cleanup(params, true))
begin
@ -76,13 +80,13 @@ class UsersController < ApplicationController
# check if feature is enabled
if !Setting.get('user_create_account')
render json: { error_human: 'Feature not enabled!' }, status: :unprocessable_entity
render json: { error: 'Feature not enabled!' }, status: :unprocessable_entity
return
end
# check signup option only after admin account is created
if count > 2 && !params[:signup]
render json: { error_human: 'Only signup is possible!' }, status: :unprocessable_entity
render json: { error: 'Only signup with not authenticate user possible!' }, status: :unprocessable_entity
return
end
user.updated_by_id = 1
@ -127,7 +131,7 @@ class UsersController < ApplicationController
if user.email
exists = User.where(email: user.email.downcase).first
if exists
render json: { error_human: 'User already exists!' }, status: :unprocessable_entity
render json: { error: 'User already exists!' }, status: :unprocessable_entity
return
end
end
@ -233,6 +237,7 @@ class UsersController < ApplicationController
# @response_message 401 Invalid session.
def destroy
return if deny_if_not_role(Z_ROLENAME_ADMIN)
return if model_references_check(User, params)
model_destory_render(User, params)
end
@ -462,12 +467,12 @@ curl http://localhost/api/v1/users/email_verify_send.json -v -u #{login}:#{passw
# check is verify is possible to send
user = User.find_by(email: params[:email].downcase)
if !user
render json: { error_human: 'No such user!' }, status: :unprocessable_entity
render json: { error: 'No such user!' }, status: :unprocessable_entity
return
end
#if user.verified == true
# render json: { error_human: 'Already verified!' }, status: :unprocessable_entity
# render json: { error: 'Already verified!' }, status: :unprocessable_entity
# return
#end
@ -917,13 +922,13 @@ curl http://localhost/api/v1/users/avatar -v -u #{login}:#{password} -H "Content
params[:role_ids].each {|role_id|
role_local = Role.lookup(id: role_id)
if !role_local
render json: { error_human: 'Invalid role_ids!' }, status: :unauthorized
render json: { error: 'Invalid role_ids!' }, status: :unauthorized
logger.info "Invalid role_ids for current_user_id: #{current_user.id} role_ids #{role_id}"
return false
end
role_name = role_local.name
next if role_name != 'Admin' && role_name != 'Agent'
render json: { error_human: 'This role assignment is only allowed by admin!' }, status: :unauthorized
render json: { error: 'This role assignment is only allowed by admin!' }, status: :unauthorized
logger.info "This role assignment is only allowed by admin! current_user_id: #{current_user.id} assigned to #{role_name}"
return false
}
@ -934,7 +939,7 @@ curl http://localhost/api/v1/users/avatar -v -u #{login}:#{password} -H "Content
params[:group_ids] = [params[:group_ids]]
end
if !params[:group_ids].empty?
render json: { error_human: 'Group relation is only allowed by admin!' }, status: :unauthorized
render json: { error: 'Group relation is only allowed by admin!' }, status: :unauthorized
logger.info "Group relation is only allowed by admin! current_user_id: #{current_user.id} group_ids #{params[:group_ids].inspect}"
return false
end

View file

@ -6,5 +6,6 @@ Zammad::Application.routes.draw do
match api_path + '/groups/:id', to: 'groups#show', via: :get
match api_path + '/groups', to: 'groups#create', via: :post
match api_path + '/groups/:id', to: 'groups#update', via: :put
match api_path + '/groups/:id', to: 'groups#destroy', via: :delete
end

View file

@ -6,6 +6,7 @@ Zammad::Application.routes.draw do
match api_path + '/organizations/:id', to: 'organizations#show', via: :get
match api_path + '/organizations', to: 'organizations#create', via: :post
match api_path + '/organizations/:id', to: 'organizations#update', via: :put
match api_path + '/organizations/:id', to: 'organizations#destroy', via: :delete
match api_path + '/organizations/history/:id', to: 'organizations#history', via: :get
end

View file

@ -24,12 +24,14 @@ Zammad::Application.routes.draw do
match api_path + '/ticket_priorities/:id', to: 'ticket_priorities#show', via: :get
match api_path + '/ticket_priorities', to: 'ticket_priorities#create', via: :post
match api_path + '/ticket_priorities/:id', to: 'ticket_priorities#update', via: :put
match api_path + '/ticket_priorities/:id', to: 'ticket_priorities#destroy', via: :delete
# ticket state
match api_path + '/ticket_states', to: 'ticket_states#index', via: :get
match api_path + '/ticket_states/:id', to: 'ticket_states#show', via: :get
match api_path + '/ticket_states', to: 'ticket_states#create', via: :post
match api_path + '/ticket_states/:id', to: 'ticket_states#update', via: :put
match api_path + '/ticket_states/:id', to: 'ticket_states#destroy', via: :delete
# ticket articles
match api_path + '/ticket_articles', to: 'ticket_articles#index', via: :get

View file

@ -20,6 +20,7 @@ Zammad::Application.routes.draw do
match api_path + '/users/history/:id', to: 'users#history', via: :get
match api_path + '/users', to: 'users#create', via: :post
match api_path + '/users/:id', to: 'users#update', via: :put
match api_path + '/users/:id', to: 'users#destroy', via: :delete
match api_path + '/users/image/:hash', to: 'users#image', via: :get
match api_path + '/users/email_verify', to: 'users#email_verify', via: :post

View file

@ -97,6 +97,7 @@ returns
=end
def self.references(object_name, object_id)
object_name = object_name.to_s
# check if model exists
object_model = load_adapter(object_name)

View file

@ -81,8 +81,8 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
post '/api/v1/users', params.to_json, @headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error_human'])
assert_equal('Feature not enabled!', result['error_human'])
assert(result['error'])
assert_equal('Feature not enabled!', result['error'])
Setting.set('user_create_account', true)
@ -91,16 +91,16 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
post '/api/v1/users', params.to_json, @headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error_human'])
assert_equal('Only signup is possible!', result['error_human'])
assert(result['error'])
assert_equal('Only signup with not authenticate user possible!', result['error'])
# already existing user with enabled feature
params = { email: 'rest-customer1@example.com', signup: true }
post '/api/v1/users', params.to_json, @headers
assert_response(422)
result = JSON.parse(@response.body)
assert(result['error_human'])
assert_equal('User already exists!', result['error_human'])
assert(result['error'])
assert_equal('User already exists!', result['error'])
# create user with enabled feature
params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }