mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-09-20 23:16:15 +08:00
add permissions endpoint on the API
This commit is contained in:
parent
b6a5ab5e6c
commit
e01e7bebbf
|
@ -1,16 +1,57 @@
|
|||
module ClientApi
|
||||
class PermissionsController < ApplicationController
|
||||
before_action :generate_permissions_object, only: :state
|
||||
|
||||
def state
|
||||
respond_to do |format|
|
||||
format.json do
|
||||
render json: {
|
||||
can_update_team?: false,
|
||||
can_read_team?: true
|
||||
}, status: :ok
|
||||
render json: @permissions, status: :ok
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def generate_permissions_object
|
||||
sanitize_permissions!
|
||||
@permissions = {}
|
||||
if @resource
|
||||
@required_permissions.collect do |permission|
|
||||
@permissions.merge!("#{permission}?" => @holder.eval(permission,
|
||||
current_user,
|
||||
@resource))
|
||||
end
|
||||
else
|
||||
@required_permissions.collect do |permission|
|
||||
@permissions.merge!(
|
||||
"#{permission}?" => @holder.eval_generic(permission, current_user)
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def sanitize_permissions!
|
||||
@required_permissions = params.fetch(:parsePermission) do
|
||||
:permissions_array_missing
|
||||
end
|
||||
@holder = Canaid::PermissionsHolder.instance
|
||||
@required_permissions.each do |permission|
|
||||
next if @holder.has_permission?(permission)
|
||||
# this error should happen only in development
|
||||
raise ArgumentError, "Method #{permission} has no related " \
|
||||
"permission registered."
|
||||
end
|
||||
# sanitize resource, this error should happen only in development
|
||||
raise ArgumentError,
|
||||
"Resource #{@resource} does not exists" unless resource_valid?
|
||||
end
|
||||
|
||||
def resource_valid?
|
||||
@resource = params[:resource]
|
||||
return true unless @resource
|
||||
return true if Object.const_get(@resource.classify)
|
||||
rescue NameError
|
||||
return false
|
||||
end
|
||||
end
|
||||
end
|
||||
# holder = Canaid::PermissionsHolder.instance
|
||||
# https://github.com/biosistemika/canaid/blob/master/lib/canaid/helpers/permissions_helper.rb
|
||||
|
|
|
@ -49,7 +49,6 @@ class MyProfile extends Component {
|
|||
}
|
||||
|
||||
render() {
|
||||
console.log(this.props.permissions);
|
||||
return (
|
||||
<div>
|
||||
<h2>
|
||||
|
@ -106,5 +105,4 @@ MyProfile.propTypes = {
|
|||
addCurrentUser: func.isRequired
|
||||
};
|
||||
|
||||
const ComponentWithPermissions = Permissions.connect(MyProfile, ["can_update_team?", "can_read_team?"], "user");
|
||||
export default connect(null, { addCurrentUser })(ComponentWithPermissions)
|
||||
export default connect(null, { addCurrentUser })(MyProfile)
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
|
||||
Now you can access to your permissions through component params. The permissions
|
||||
you required have 3 states [true, false, null]. Null is when you are waiting for server response.
|
||||
You can use methods params.can_uspdate_team? or whatever permissions you declare
|
||||
*/
|
||||
import * as React from "react";
|
||||
import { getPermissionStatus } from "../api/permissions_api";
|
||||
|
|
13
spec/controllers/client_api/permissions_controller_spec.rb
Normal file
13
spec/controllers/client_api/permissions_controller_spec.rb
Normal file
|
@ -0,0 +1,13 @@
|
|||
require 'rails_helper'
|
||||
|
||||
describe ClientApi::PermissionsController, type: :controller do
|
||||
login_user
|
||||
|
||||
describe '#state' do
|
||||
let(:params) do
|
||||
{ parsePermission: ['can_view_team'], resource: 'UserTeam' }
|
||||
end
|
||||
let(:subject) { post :state, format: :json, params: params }
|
||||
it { is_expected.to be_success }
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue