add permissions endpoint on the API

2025-09-11 07:34:41 +08:00 · 2017-12-04 13:25:48 +01:00 · 2017-12-04 13:25:48 +01:00 · e01e7bebbf
commit e01e7bebbf
parent b6a5ab5e6c
4 changed files with 62 additions and 9 deletions
--- a/app/controllers/client_api/permissions_controller.rb
+++ b/app/controllers/client_api/permissions_controller.rb
@ -1,16 +1,57 @@
 module ClientApi
  class PermissionsController < ApplicationController
    before_action :generate_permissions_object, only: :state
    def state
      respond_to do |format|
        format.json do
-          render json: {
+          render json: @permissions, status: :ok
            can_update_team?: false,
            can_read_team?: true
          }, status: :ok
        end
      end
    end
    private
    def generate_permissions_object
      sanitize_permissions!
      @permissions = {}
      if @resource
        @required_permissions.collect do |permission|
          @permissions.merge!("#{permission}?" => @holder.eval(permission,
                                                               current_user,
                                                               @resource))
        end
      else
        @required_permissions.collect do |permission|
          @permissions.merge!(
            "#{permission}?" => @holder.eval_generic(permission, current_user)
          )
        end
      end
    end
    def sanitize_permissions!
      @required_permissions = params.fetch(:parsePermission) do
        :permissions_array_missing
      end
      @holder = Canaid::PermissionsHolder.instance
      @required_permissions.each do |permission|
        next if @holder.has_permission?(permission)
        # this error should happen only in development
        raise ArgumentError, "Method #{permission} has no related " \
                             "permission registered."
      end
      # sanitize resource, this error should happen only in development
      raise ArgumentError,
            "Resource #{@resource} does not exists" unless resource_valid?
    end
    def resource_valid?
      @resource = params[:resource]
      return true unless @resource
      return true if Object.const_get(@resource.classify)
    rescue NameError
      return false
    end
  end
 end
 # holder = Canaid::PermissionsHolder.instance
 # https://github.com/biosistemika/canaid/blob/master/lib/canaid/helpers/permissions_helper.rb
--- a/app/javascript/src/scenes/SettingsPage/scenes/profile/components/MyProfile.jsx
+++ b/app/javascript/src/scenes/SettingsPage/scenes/profile/components/MyProfile.jsx
@ -49,7 +49,6 @@ class MyProfile extends Component {
  }
  render() {
    console.log(this.props.permissions);
    return (
      <div>
        <h2>
@ -106,5 +105,4 @@ MyProfile.propTypes = {
  addCurrentUser: func.isRequired
 };
-const ComponentWithPermissions = Permissions.connect(MyProfile, ["can_update_team?", "can_read_team?"], "user");
+export default connect(null, { addCurrentUser })(MyProfile)
 export default connect(null, { addCurrentUser })(ComponentWithPermissions)
--- a/app/javascript/src/services/permissions/index.js
+++ b/app/javascript/src/services/permissions/index.js
@ -13,6 +13,7 @@
 Now you can access to your permissions through component params. The permissions
 you required have 3 states [true, false, null]. Null is when you are waiting for server response.
 You can use methods params.can_uspdate_team? or whatever permissions you declare
 */
 import * as React from "react";
 import { getPermissionStatus } from "../api/permissions_api";
--- a/spec/controllers/client_api/permissions_controller_spec.rb
+++ b/spec/controllers/client_api/permissions_controller_spec.rb
@ -0,0 +1,13 @@
 require 'rails_helper'
 describe ClientApi::PermissionsController, type: :controller do
  login_user
  describe '#state' do
    let(:params) do
      { parsePermission: ['can_view_team'], resource: 'UserTeam' }
    end
    let(:subject) { post :state, format: :json, params: params }
    it { is_expected.to be_success }
  end
 end