first api draft

This commit is contained in:
did 2012-01-23 09:05:50 +01:00
parent 4d0f8610c5
commit 739d2db0a9
11 changed files with 212 additions and 22 deletions

View File

@ -1,9 +1,3 @@
PATH
remote: ../gems/aloha-rails
specs:
locomotive-aloha-rails (0.20.1)
actionpack (~> 3.1.3)
PATH
remote: ../gems/custom_fields
specs:
@ -12,12 +6,6 @@ PATH
carrierwave-mongoid (~> 0.1.3)
mongoid (~> 2.4.0)
PATH
remote: ../gems/tinymce-rails
specs:
locomotive-tinymce-rails (3.4.7)
actionpack (~> 3.1.3)
GEM
remote: http://rubygems.org/
specs:
@ -168,6 +156,10 @@ GEM
kgio (2.7.2)
launchy (2.0.5)
addressable (~> 2.2.6)
locomotive-aloha-rails (0.20.1)
actionpack (~> 3.1.3)
locomotive-tinymce-rails (3.4.7)
actionpack (~> 3.1.3)
locomotive_liquid (2.2.2)
locomotive_mongoid_acts_as_tree (0.1.5.8)
mail (2.3.0)
@ -319,8 +311,8 @@ DEPENDENCIES
jquery-rails (~> 1.0.16)
kaminari
launchy
locomotive-aloha-rails!
locomotive-tinymce-rails!
locomotive-aloha-rails (~> 0.20.1)
locomotive-tinymce-rails (~> 3.4.7)
locomotive_liquid (= 2.2.2)
locomotive_mongoid_acts_as_tree (~> 0.1.5.8)
mimetype-fu (~> 0.1.2)

View File

@ -0,0 +1,44 @@
module Locomotive
module Api
class BaseController < ApplicationController
include Locomotive::Routing::SiteDispatcher
include Locomotive::ActionController::LocaleHelpers
before_filter :require_account
before_filter :require_site
# before_filter :validate_site_membership
skip_before_filter :verify_authenticity_token
self.responder = Locomotive::ActionController::Responder # custom responder
respond_to :json, :xml
rescue_from CanCan::AccessDenied do |exception|
::Locomotive.log "[CanCan::AccessDenied] #{exception.inspect}"
if request.xhr?
render :json => { :error => exception.message }
else
flash[:alert] = exception.message
redirect_to pages_url
end
end
protected
def current_ability
@current_ability ||= Ability.new(current_locomotive_account, current_site)
end
def require_account
authenticate_locomotive_account!
end
end
end
end

View File

@ -0,0 +1,28 @@
module Locomotive
module Api
class SnippetsController < BaseController
include Locomotive::Routing::SiteDispatcher
def index
@snippets = current_site.snippets.all
respond_with(@snippets)
end
def create
@snippet = current_site.snippets.create(params[:snippet])
respond_with @snippet, :location => edit_snippet_url(@snippet._id)
end
def update
@snippet = current_site.snippets.find(params[:id])
@snippet.update_attributes(params[:snippet])
respond_with @snippet, :location => edit_snippet_url(@snippet._id)
end
end
end
end

View File

@ -0,0 +1,25 @@
module Locomotive
module Api
class ThemeAssetsController < BaseController
include Locomotive::Routing::SiteDispatcher
def index
@theme_assets = current_site.theme_assets.all
respond_with(@theme_assets)
end
def create
@theme_asset = current_site.theme_assets.create(params[:theme_asset])
respond_with @theme_asset, :location => edit_theme_asset_url(@theme_asset._id)
end
def update
@theme_asset = current_site.theme_assets.find(params[:id])
@theme_asset.update_attributes(params[:theme_asset])
respond_with @theme_asset, :location => edit_theme_asset_url(@theme_asset._id)
end
end
end
end

View File

@ -0,0 +1,31 @@
module Locomotive
module Api
class TokensController < BaseController
skip_before_filter :require_account
def create
begin
token = Account.create_api_token(current_site, params[:email], params[:password])
respond_with({ :token => token }, :location => root_url)
rescue Exception => e
respond_with({ :message => e.message }, :status => 401, :location => root_url)
end
end
def destroy
begin
token = Account.invalidate_api_token(params[:id])
respond_with({ :token => token }, :location => root_url)
rescue Exception => e
respond_with({ :message => e.message }, :status => 404, :location => root_url)
end
end
end
end
end
# cAEERKkstnUya7UVxkqN

View File

@ -40,6 +40,50 @@ module Locomotive
self.find_using_switch_site_token(token, age) || raise(::Mongoid::Errors::DocumentNotFound.new(self, token))
end
# Create the API token which will be passed to all the requests to the Locomotive API.
# It requires the credentials of an account with admin role.
# If an error occurs (invalid account, ...etc), this method raises an exception that has
# to be caught somewhere.
#
# @param [ Site ] site The site where the authentication request is made
# @param [ String ] email The email of the account
# @param [ String ] password The password of the account
#
# @return [ String ] The API token
#
def self.create_api_token(site, email, password)
raise 'The request must contain the user email and password.' if email.blank? or password.blank?
account = self.where(:email => email.downcase).first
raise 'Invalid email or password.' if account.nil?
account.ensure_authentication_token!
if not account.valid_password?(password) # TODO: check admin roles
raise 'Invalid email or password.'
end
account.authentication_token
end
# Logout the user responding to the token passed in parameter from the API.
# An exception is raised if no account corresponds to the token.
#
# @param [ String ] token The API token created by the create_api_token method.
#
# @return [ String ] The API token
#
def self.invalidate_api_token(token)
account = self.where(:authentication_token => token).first
raise 'Invalid token.' if account.nil?
account.reset_authentication_token!
token
end
def devise_mailer
Locomotive::DeviseMailer
end

View File

@ -1,7 +1,7 @@
module Locomotive
class ThemeAssetPresenter < BasePresenter
delegate :content_type, :to => :source
delegate :content_type, :folder, :to => :source
def local_path
self.source.local_path(true)
@ -24,7 +24,7 @@ module Locomotive
end
def included_methods
super + %w(content_type local_path url size dimensions updated_at)
super + %w(content_type folder local_path url size dimensions updated_at)
end
end

View File

@ -52,9 +52,24 @@ Locomotive::Engine.routes.draw do
# installation guide
match '/installation' => 'installation#show', :defaults => { :step => 1 }, :as => :installation
match '/installation/:step' => 'installation#show', :as => :installation_step
end
Rails.application.routes.draw do
# api
namespace :_locomotive, :module => 'locomotive' do
namespace :api do
resources :tokens, :only => [:create, :destroy]
resources :theme_assets
resources :snippets
end
end
# sitemap
match '/sitemap.xml' => 'locomotive/public/sitemaps#show', :format => 'xml'
@ -73,4 +88,6 @@ Rails.application.routes.draw do
match '/' => 'locomotive/public/pages#show'
match '*path' => 'locomotive/public/pages#show'
end

View File

@ -83,13 +83,23 @@ x edit my site
x remove sidebar
- i18n
- insert image
- deployment
- fix integration problems
- pre-compile assets
x deployment
x fix integration problems
x pre-compile assets
- API
- authentication from a token + controller to deliver a token
- api routes
- add a way to custom the as_json method within the presenters (by default as_json ?) + custom responder ?
- REST actions:
- CRUD assets
- CRUD pages
- CRUD snippets
- CRUD content types
- data ?
- bugs:
x unable to toggle the "required" check_boxes for content types
- unable to sign out
x unable to sign out
- https://github.com/locomotivecms/engine/pull/281/files
- disallow to click twice on the submit form button (spinner ?)

View File

@ -1,7 +1,6 @@
- rake locomotive:upgrade:rename_collections
- locales updates (en / fr)
- theme_assets.images => theme_assets.image_picker
- assets => content_assets
- EditableXXX => Locomotive::EditableXXX (in mongodb)

View File

@ -26,7 +26,7 @@ module Locomotive
:metastore => URI.encode("file:#{Rails.root}/tmp/dragonfly/cache/meta"), # URI encoded in case of spaces
:entitystore => URI.encode("file:#{Rails.root}/tmp/dragonfly/cache/body")
},
:devise_modules => [:rememberable, :database_authenticatable, :recoverable, :trackable, :validatable, :encryptable, { :encryptor => :sha1 }],
:devise_modules => [:rememberable, :database_authenticatable, :token_authenticatable, :recoverable, :trackable, :validatable, :encryptable, { :encryptor => :sha1 }],
:context_assign_extensions => { }
}