Merge remote-tracking branch 'origin/2.0.0.rc' into 2.0.0.rc

Conflicts: Gemfile.lock
2012-01-25 22:20:05 +11:00 · 2012-01-25 22:20:05 +11:00 · 5c191e59cd
parent 840609cbce ab507dc165
commit 5c191e59cd
16 changed files with 302 additions and 14 deletions
--- a/app/assets/javascripts/locomotive/views/content_types/custom_fields_view.coffee
+++ b/app/assets/javascripts/locomotive/views/content_types/custom_fields_view.coffee
@ -66,12 +66,16 @@ class Locomotive.Views.ContentTypes.CustomFieldsView extends Backbone.View
    @add_entry(event)

  remove_entry: (custom_field, view) ->
+    if custom_field.isNew()
+      @model.get('entries_custom_fields').remove(custom_field)
+    else
+      custom_field.set _destroy: true
+
    @_entry_views = _.reject @_entry_views, (_view) -> _view == view
-    @model.get('entries_custom_fields').remove(custom_field)

    @refresh_position_entries()

-    @$('> .empty').show() if @model.get('entries_custom_fields').length == 0
+    @$('> .empty').show() if @_entry_views.length == 0

  render_entries: ->
    if @model.get('entries_custom_fields').length == 0
--- a/app/controllers/locomotive/api/base_controller.rb
+++ b/app/controllers/locomotive/api/base_controller.rb
@ -0,0 +1,44 @@
+module Locomotive
+  module Api
+    class BaseController < ApplicationController
+
+      include Locomotive::Routing::SiteDispatcher
+      include Locomotive::ActionController::LocaleHelpers
+
+      before_filter :require_account
+
+      before_filter :require_site
+
+      # before_filter :validate_site_membership
+
+      skip_before_filter :verify_authenticity_token
+
+      self.responder = Locomotive::ActionController::Responder # custom responder
+
+      respond_to :json, :xml
+
+      rescue_from CanCan::AccessDenied do |exception|
+        ::Locomotive.log "[CanCan::AccessDenied] #{exception.inspect}"
+
+        if request.xhr?
+          render :json => { :error => exception.message }
+        else
+          flash[:alert] = exception.message
+
+          redirect_to pages_url
+        end
+      end
+
+      protected
+
+      def current_ability
+        @current_ability ||= Ability.new(current_locomotive_account, current_site)
+      end
+
+      def require_account
+        authenticate_locomotive_account!
+      end
+
+    end
+  end
+end
--- a/app/controllers/locomotive/api/content_assets_controller.rb
+++ b/app/controllers/locomotive/api/content_assets_controller.rb
@ -0,0 +1,23 @@
+module Locomotive
+  module Api
+    class ContentAssetsController < BaseController
+
+      def index
+        @content_assets = current_site.content_assets
+        respond_with(@content_assets)
+      end
+
+      def create
+        @content_asset = current_site.content_assets.create(params[:content_asset])
+        respond_with @content_asset, :location => locomotive_api_content_asset_url(@content_asset._id)
+      end
+
+      def update
+        @content_asset = current_site.content_assets.find(params[:id])
+        @content_asset.update_attributes(params[:content_asset])
+        respond_with @content_asset, :location => locomotive_api_content_asset_url(@content_asset._id)
+      end
+
+    end
+  end
+end
--- a/app/controllers/locomotive/api/content_types_controller.rb
+++ b/app/controllers/locomotive/api/content_types_controller.rb
@ -0,0 +1,28 @@
+module Locomotive
+  module Api
+    class ContentTypesController < BaseController
+
+      def index
+        @content_types = current_site.content_types
+        respond_with(@content_types)
+      end
+
+      def create
+        @content_type = current_site.content_types.create(params[:content_type])
+        respond_with @content_type, :location => edit_locomotive_api_content_type_url(@content_type._id)
+      end
+
+      def edit
+        @content_type = current_site.content_types.find(params[:id])
+        respond_with @content_type
+      end
+
+      def update
+        @content_type = current_site.content_types.find(params[:id])
+        @content_type.update_attributes(params[:content_type])
+        respond_with @content_type, :location => edit_locomotive_api_content_type_url(@content_type._id)
+      end
+
+    end
+  end
+end
--- a/app/controllers/locomotive/api/pages_controller.rb
+++ b/app/controllers/locomotive/api/pages_controller.rb
@ -0,0 +1,25 @@
+module Locomotive
+  module Api
+    class PagesController < BaseController
+
+      def index
+        @pages = current_site.pages.all
+        respond_with(@pages)
+      end
+
+      def create
+        @page = current_site.pages.create(params[:page])
+        respond_with @page, :location => edit_locomotive_api_page_url(@page._id)
+      end
+
+      def update
+        @page = current_site.pages.find(params[:id])
+        @page.update_attributes(params[:page])
+        respond_with @page, :location => edit_locomotive_api_page_url(@page._id)
+      end
+
+    end
+
+  end
+end
+
--- a/app/controllers/locomotive/api/snippets_controller.rb
+++ b/app/controllers/locomotive/api/snippets_controller.rb
@ -0,0 +1,24 @@
+module Locomotive
+  module Api
+    class SnippetsController < BaseController
+
+      def index
+        @snippets = current_site.snippets.all
+        respond_with(@snippets)
+      end
+
+      def create
+        @snippet = current_site.snippets.create(params[:snippet])
+        respond_with @snippet, :location => edit_locomotive_api_snippet_url(@snippet._id)
+      end
+
+      def update
+        @snippet = current_site.snippets.find(params[:id])
+        @snippet.update_attributes(params[:snippet])
+        respond_with @snippet, :location => edit_locomotive_api_snippet_url(@snippet._id)
+      end
+
+    end
+  end
+end
+
--- a/app/controllers/locomotive/api/theme_assets_controller.rb
+++ b/app/controllers/locomotive/api/theme_assets_controller.rb
@ -0,0 +1,23 @@
+module Locomotive
+  module Api
+    class ThemeAssetsController < BaseController
+
+      def index
+        @theme_assets = current_site.theme_assets.all
+        respond_with(@theme_assets)
+      end
+
+      def create
+        @theme_asset = current_site.theme_assets.create(params[:theme_asset])
+        respond_with @theme_asset, :location => edit_locomotive_api_theme_asset_url(@theme_asset._id)
+      end
+
+      def update
+        @theme_asset = current_site.theme_assets.find(params[:id])
+        @theme_asset.update_attributes(params[:theme_asset])
+        respond_with @theme_asset, :location => edit_locomotive_api_theme_asset_url(@theme_asset._id)
+      end
+
+    end
+  end
+end
--- a/app/controllers/locomotive/api/tokens_controller.rb
+++ b/app/controllers/locomotive/api/tokens_controller.rb
@ -0,0 +1,27 @@
+module Locomotive
+  module Api
+    class TokensController < BaseController
+
+      skip_before_filter :require_account
+
+      def create
+        begin
+          token = Account.create_api_token(current_site, params[:email], params[:password])
+          respond_with({ :token => token }, :location => root_url)
+        rescue Exception => e
+          respond_with({ :message => e.message }, :status => 401, :location => root_url)
+        end
+      end
+
+      def destroy
+        begin
+          token = Account.invalidate_api_token(params[:id])
+          respond_with({ :token => token }, :location => root_url)
+        rescue Exception => e
+          respond_with({ :message => e.message }, :status => 404, :location => root_url)
+        end
+      end
+
+    end
+  end
+end
--- a/app/models/locomotive/account.rb
+++ b/app/models/locomotive/account.rb
@ -40,6 +40,50 @@ module Locomotive
      self.find_using_switch_site_token(token, age) || raise(::Mongoid::Errors::DocumentNotFound.new(self, token))
    end

+    # Create the API token which will be passed to all the requests to the Locomotive API.
+    # It requires the credentials of an account with admin role.
+    # If an error occurs (invalid account, ...etc), this method raises an exception that has
+    # to be caught somewhere.
+    #
+    # @param [ Site ] site The site where the authentication request is made
+    # @param [ String ] email The email of the account
+    # @param [ String ] password The password of the account
+    #
+    # @return [ String ] The API token
+    #
+    def self.create_api_token(site, email, password)
+      raise 'The request must contain the user email and password.' if email.blank? or password.blank?
+
+      account = self.where(:email => email.downcase).first
+
+      raise 'Invalid email or password.' if account.nil?
+
+      account.ensure_authentication_token!
+
+      if not account.valid_password?(password) # TODO: check admin roles
+        raise 'Invalid email or password.'
+      end
+
+      account.authentication_token
+    end
+
+    # Logout the user responding to the token passed in parameter from the API.
+    # An exception is raised if no account corresponds to the token.
+    #
+    # @param [ String ] token The API token created by the create_api_token method.
+    #
+    # @return [ String ] The API token
+    #
+    def self.invalidate_api_token(token)
+      account = self.where(:authentication_token => token).first
+
+      raise 'Invalid token.' if account.nil?
+
+      account.reset_authentication_token!
+
+      token
+    end
+
    def devise_mailer
      Locomotive::DeviseMailer
    end
--- a/app/presenters/locomotive/base_presenter.rb
+++ b/app/presenters/locomotive/base_presenter.rb
@ -22,12 +22,14 @@ class Locomotive::BasePresenter
    self.source.persisted? || self.source.embedded? ? self.source._id.to_s : nil
  end

+  alias :_id :id
+
  def ability?
    self.ability.present?
  end

  def included_methods
-    %w(id created_at updated_at)
+    %w(id _id created_at updated_at)
  end

  def as_json(methods = nil)
--- a/app/presenters/locomotive/theme_asset_presenter.rb
+++ b/app/presenters/locomotive/theme_asset_presenter.rb
@ -1,7 +1,7 @@
 module Locomotive
  class ThemeAssetPresenter < BasePresenter

-    delegate :content_type, :to => :source
+    delegate :content_type, :folder, :to => :source

    def local_path
      self.source.local_path(true)
@ -24,7 +24,7 @@ module Locomotive
    end

    def included_methods
-      super + %w(content_type local_path url size dimensions updated_at)
+      super + %w(content_type folder local_path url size dimensions updated_at)
    end

  end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -41,6 +41,7 @@ Locomotive::Engine.routes.draw do
    put :sort, :on => :collection
  end

+  # TODO
  resources :custom_fields, :path => 'custom/:parent/:slug/fields'

  resources :cross_domain_sessions, :only => [:new, :create]
@ -52,9 +53,30 @@ Locomotive::Engine.routes.draw do
  # installation guide
  match '/installation'       => 'installation#show', :defaults => { :step => 1 }, :as => :installation
  match '/installation/:step' => 'installation#show', :as => :installation_step
+
 end

 Rails.application.routes.draw do
+
+  # API
+  namespace :locomotive, :module => 'locomotive' do
+    namespace :api do
+
+      resources :tokens, :only => [:create, :destroy]
+
+      resources :theme_assets
+
+      resources :content_assets
+
+      resources :snippets
+
+      resources :pages
+
+      resources :content_types
+
+    end
+  end
+
  # sitemap
  match '/sitemap.xml'  => 'locomotive/public/sitemaps#show', :format => 'xml'

@ -73,4 +95,6 @@ Rails.application.routes.draw do

  match '/'             => 'locomotive/public/pages#show'
  match '*path'         => 'locomotive/public/pages#show'
+
+
 end
--- a/doc/TODO
+++ b/doc/TODO
@ -83,14 +83,33 @@ x edit my site
    x remove sidebar
    - i18n
    - insert image
- deployment
-  - fix integration problems
-  - pre-compile assets
+x deployment
+  x fix integration problems
+  x pre-compile assets
+- API
+  x authentication from a token + controller to deliver a token
+  x api routes
+  x change api location
+  (- add a way to custom the as_json method within the presenters (by  default as_json ?) + custom responder ?)
+  - REST actions:
+    x CRUD theme assets
+    x CRUD snippets
+    x CRUD content assets
+    x CRUD pages
+    x CRUD content types
+    - data ?
+- refactoring
+  - remove the import / export scripts
+  - remove the cross domain authentication (use auth_token instead)
+- upgrade to rails 3.2 (https://github.com/locomotivecms/engine/pull/281/files)

 - bugs:
  x unable to toggle the "required" check_boxes for content types
-  - unable to sign out
-  - https://github.com/locomotivecms/engine/pull/281/files
+  x unable to sign out
+  x unable to remove a field
+
+  - "back to admin" link does not work if inline editor disabled
+

 - disallow to click twice on the submit form button (spinner ?)
 - message to notify people if their browser is too old
--- a/doc/changelogs/version_2.txt
+++ b/doc/changelogs/version_2.txt
@ -1,7 +1,6 @@
 - rake locomotive:upgrade:rename_collections

 - locales updates (en / fr)
-
  - theme_assets.images => theme_assets.image_picker
  - assets => content_assets
  - EditableXXX => Locomotive::EditableXXX (in mongodb)
--- a/lib/locomotive/action_controller/responder.rb
+++ b/lib/locomotive/action_controller/responder.rb
@ -45,8 +45,10 @@ module Locomotive
          set_flash_message!
          message = controller.flash[type]

-          controller.headers['X-Message']       = message
-          controller.headers['X-Message-Type']  = type
+          unless message.blank?
+            controller.headers['X-Message']       = message
+            controller.headers['X-Message-Type']  = type
+          end

          yield if block_given?

--- a/lib/locomotive/configuration.rb
+++ b/lib/locomotive/configuration.rb
@ -26,7 +26,7 @@ module Locomotive
        :metastore   => URI.encode("file:#{Rails.root}/tmp/dragonfly/cache/meta"), # URI encoded in case of spaces
        :entitystore => URI.encode("file:#{Rails.root}/tmp/dragonfly/cache/body")
      },
-      :devise_modules             => [:rememberable, :database_authenticatable, :recoverable, :trackable, :validatable, :encryptable, { :encryptor => :sha1 }],
+      :devise_modules             => [:rememberable, :database_authenticatable, :token_authenticatable, :recoverable, :trackable, :validatable, :encryptable, { :encryptor => :sha1 }],
      :context_assign_extensions  => {  }
    }