first api draft

Gemfile.lock

@@ -1,9 +1,3 @@
-PATH
-  remote: ../gems/aloha-rails
-  specs:
-    locomotive-aloha-rails (0.20.1)
-      actionpack (~> 3.1.3)
-
 PATH
   remote: ../gems/custom_fields
   specs:
@@ -12,12 +6,6 @@ PATH
       carrierwave-mongoid (~> 0.1.3)
       mongoid (~> 2.4.0)
 
-PATH
-  remote: ../gems/tinymce-rails
-  specs:
-    locomotive-tinymce-rails (3.4.7)
-      actionpack (~> 3.1.3)
-
 GEM
   remote: http://rubygems.org/
   specs:
@@ -168,6 +156,10 @@ GEM
     kgio (2.7.2)
     launchy (2.0.5)
       addressable (~> 2.2.6)
+    locomotive-aloha-rails (0.20.1)
+      actionpack (~> 3.1.3)
+    locomotive-tinymce-rails (3.4.7)
+      actionpack (~> 3.1.3)
     locomotive_liquid (2.2.2)
     locomotive_mongoid_acts_as_tree (0.1.5.8)
     mail (2.3.0)
@@ -319,8 +311,8 @@ DEPENDENCIES
   jquery-rails (~> 1.0.16)
   kaminari
   launchy
-  locomotive-aloha-rails!
-  locomotive-tinymce-rails!
+  locomotive-aloha-rails (~> 0.20.1)
+  locomotive-tinymce-rails (~> 3.4.7)
   locomotive_liquid (= 2.2.2)
   locomotive_mongoid_acts_as_tree (~> 0.1.5.8)
   mimetype-fu (~> 0.1.2)

app/controllers/locomotive/api/base_controller.rb

@@ -0,0 +1,44 @@
+module Locomotive
+  module Api
+    class BaseController < ApplicationController
+
+      include Locomotive::Routing::SiteDispatcher
+      include Locomotive::ActionController::LocaleHelpers
+
+      before_filter :require_account
+
+      before_filter :require_site
+
+      # before_filter :validate_site_membership
+
+      skip_before_filter :verify_authenticity_token
+
+      self.responder = Locomotive::ActionController::Responder # custom responder
+
+      respond_to :json, :xml
+
+      rescue_from CanCan::AccessDenied do |exception|
+        ::Locomotive.log "[CanCan::AccessDenied] #{exception.inspect}"
+
+        if request.xhr?
+          render :json => { :error => exception.message }
+        else
+          flash[:alert] = exception.message
+
+          redirect_to pages_url
+        end
+      end
+
+      protected
+
+      def current_ability
+        @current_ability ||= Ability.new(current_locomotive_account, current_site)
+      end
+
+      def require_account
+        authenticate_locomotive_account!
+      end
+
+    end
+  end
+end

app/controllers/locomotive/api/snippets_controller.rb

@@ -0,0 +1,28 @@
+module Locomotive
+  module Api
+
+    class SnippetsController < BaseController
+
+      include Locomotive::Routing::SiteDispatcher
+
+      def index
+        @snippets = current_site.snippets.all
+        respond_with(@snippets)
+      end
+
+      def create
+        @snippet = current_site.snippets.create(params[:snippet])
+        respond_with @snippet, :location => edit_snippet_url(@snippet._id)
+      end
+
+      def update
+        @snippet = current_site.snippets.find(params[:id])
+        @snippet.update_attributes(params[:snippet])
+        respond_with @snippet, :location => edit_snippet_url(@snippet._id)
+      end
+
+    end
+
+  end
+end
+

app/controllers/locomotive/api/theme_assets_controller.rb

@@ -0,0 +1,25 @@
+module Locomotive
+  module Api
+    class ThemeAssetsController < BaseController
+
+      include Locomotive::Routing::SiteDispatcher
+
+      def index
+        @theme_assets = current_site.theme_assets.all
+        respond_with(@theme_assets)
+      end
+
+      def create
+        @theme_asset = current_site.theme_assets.create(params[:theme_asset])
+        respond_with @theme_asset, :location => edit_theme_asset_url(@theme_asset._id)
+      end
+
+      def update
+        @theme_asset = current_site.theme_assets.find(params[:id])
+        @theme_asset.update_attributes(params[:theme_asset])
+        respond_with @theme_asset, :location => edit_theme_asset_url(@theme_asset._id)
+      end
+
+    end
+  end
+end

app/controllers/locomotive/api/tokens_controller.rb

@@ -0,0 +1,31 @@
+module Locomotive
+  module Api
+    class TokensController < BaseController
+
+      skip_before_filter :require_account
+
+      def create
+        begin
+          token = Account.create_api_token(current_site, params[:email], params[:password])
+          respond_with({ :token => token }, :location => root_url)
+        rescue Exception => e
+          respond_with({ :message => e.message }, :status => 401, :location => root_url)
+        end
+      end
+
+      def destroy
+        begin
+          token = Account.invalidate_api_token(params[:id])
+          respond_with({ :token => token }, :location => root_url)
+        rescue Exception => e
+          respond_with({ :message => e.message }, :status => 404, :location => root_url)
+        end
+      end
+
+    end
+
+  end
+
+end
+
+# cAEERKkstnUya7UVxkqN

app/models/locomotive/account.rb

@@ -40,6 +40,50 @@ module Locomotive
       self.find_using_switch_site_token(token, age) || raise(::Mongoid::Errors::DocumentNotFound.new(self, token))
     end
 
+    # Create the API token which will be passed to all the requests to the Locomotive API.
+    # It requires the credentials of an account with admin role.
+    # If an error occurs (invalid account, ...etc), this method raises an exception that has
+    # to be caught somewhere.
+    #
+    # @param [ Site ] site The site where the authentication request is made
+    # @param [ String ] email The email of the account
+    # @param [ String ] password The password of the account
+    #
+    # @return [ String ] The API token
+    #
+    def self.create_api_token(site, email, password)
+      raise 'The request must contain the user email and password.' if email.blank? or password.blank?
+
+      account = self.where(:email => email.downcase).first
+
+      raise 'Invalid email or password.' if account.nil?
+
+      account.ensure_authentication_token!
+
+      if not account.valid_password?(password) # TODO: check admin roles
+        raise 'Invalid email or password.'
+      end
+
+      account.authentication_token
+    end
+
+    # Logout the user responding to the token passed in parameter from the API.
+    # An exception is raised if no account corresponds to the token.
+    #
+    # @param [ String ] token The API token created by the create_api_token method.
+    #
+    # @return [ String ] The API token
+    #
+    def self.invalidate_api_token(token)
+      account = self.where(:authentication_token => token).first
+
+      raise 'Invalid token.' if account.nil?
+
+      account.reset_authentication_token!
+
+      token
+    end
+
     def devise_mailer
       Locomotive::DeviseMailer
     end

app/presenters/locomotive/theme_asset_presenter.rb

@@ -1,7 +1,7 @@
 module Locomotive
   class ThemeAssetPresenter < BasePresenter
 
-    delegate :content_type, :to => :source
+    delegate :content_type, :folder, :to => :source
 
     def local_path
       self.source.local_path(true)
@@ -24,7 +24,7 @@ module Locomotive
     end
 
     def included_methods
-      super + %w(content_type local_path url size dimensions updated_at)
+      super + %w(content_type folder local_path url size dimensions updated_at)
     end
 
   end

config/routes.rb

@@ -52,9 +52,24 @@ Locomotive::Engine.routes.draw do
   # installation guide
   match '/installation'       => 'installation#show', :defaults => { :step => 1 }, :as => :installation
   match '/installation/:step' => 'installation#show', :as => :installation_step
+
 end
 
 Rails.application.routes.draw do
+
+  # api
+  namespace :_locomotive, :module => 'locomotive' do
+    namespace :api  do
+
+      resources :tokens, :only => [:create, :destroy]
+
+      resources :theme_assets
+
+      resources :snippets
+
+    end
+  end
+
   # sitemap
   match '/sitemap.xml'  => 'locomotive/public/sitemaps#show', :format => 'xml'
 
@@ -73,4 +88,6 @@ Rails.application.routes.draw do
 
   match '/'             => 'locomotive/public/pages#show'
   match '*path'         => 'locomotive/public/pages#show'
+
+
 end

doc/TODO

@@ -83,13 +83,23 @@ x edit my site
     x remove sidebar
     - i18n
     - insert image
-- deployment
-  - fix integration problems
-  - pre-compile assets
+x deployment
+  x fix integration problems
+  x pre-compile assets
+- API
+  - authentication from a token + controller to deliver a token
+  - api routes
+  - add a way to custom the as_json method within the presenters (by  default as_json ?) + custom responder ?
+  - REST actions:
+    - CRUD assets
+    - CRUD pages
+    - CRUD snippets
+    - CRUD content types
+    - data ?
 
 - bugs:
   x unable to toggle the "required" check_boxes for content types
-  - unable to sign out
+  x unable to sign out
   - https://github.com/locomotivecms/engine/pull/281/files
 
 - disallow to click twice on the submit form button (spinner ?)

doc/changelogs/version_2.txt

@@ -1,7 +1,6 @@
 - rake locomotive:upgrade:rename_collections
 
 - locales updates (en / fr)
-
   - theme_assets.images => theme_assets.image_picker
   - assets => content_assets
   - EditableXXX => Locomotive::EditableXXX (in mongodb)

lib/locomotive/configuration.rb

@@ -26,7 +26,7 @@ module Locomotive
         :metastore   => URI.encode("file:#{Rails.root}/tmp/dragonfly/cache/meta"), # URI encoded in case of spaces
         :entitystore => URI.encode("file:#{Rails.root}/tmp/dragonfly/cache/body")
       },
-      :devise_modules             => [:rememberable, :database_authenticatable, :recoverable, :trackable, :validatable, :encryptable, { :encryptor => :sha1 }],
+      :devise_modules             => [:rememberable, :database_authenticatable, :token_authenticatable, :recoverable, :trackable, :validatable, :encryptable, { :encryptor => :sha1 }],
       :context_assign_extensions  => {  }
     }