Class: Faalis::APIController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• Faalis::APIController

Defined in:

app/controllers/faalis/api_controller.rb

Overview

This class is the base class of all API controllers in any Faalis host applications. Each host Rails application should have an ‘APIController` which inherit from this class.

Direct Known Subclasses

APIController

Class Method Summary

• .allow_query_on(*args) ⇒ Object

  Using this query you can activate the query loading system and specify fields which you want to use in query loading.

Instance Method Summary

• #allowed_fields ⇒ Object

  This attribute holds the allowed fileds which we will allow for making query.

• #authenticate_filter ⇒ Object

  User authentication for API services take place here.

• #load_resource_by_query ⇒ Object

  Load resource by using parameters specified in querystring.

• #set_csrf_cookie_for_ng ⇒ Object

  Rescue from any access denied exception raised from cancan and returns a useful error message in json rescue_from CanCan::AccessDenied do |exception| render :status => 403, :json => { :error => t(‘You don't have access to this page’), :orig_msg => exception.message, :action => exception.action } end.

Methods inherited from ApplicationController

#set_locale

Class Method Details

.allow_query_on(*args) ⇒ Object

Using this query you can activate the query loading system and specify fields which you want to use in query loading

# File 'app/controllers/faalis/api_controller.rb', line 128

def self.allow_query_on(*args)
  #instance_variable_set(:@allowed_fields, args.to_a.collect { |x| x.to_s })
  define_method :allowed_query_on do
    args.to_a.collect { |x| x.to_s }
  end
  private :allowed_query_on
end

Instance Method Details

#allowed_fields ⇒ Object

This attribute holds the allowed fileds which we will allow for making query

# File 'app/controllers/faalis/api_controller.rb', line 121

def allowed_fields
  return allowed_query_on if self.respond_to?(:allowed_query_on, true)
  @allowed_fields || []
end

#authenticate_filter ⇒ Object

User authentication for API services take place here. By default Faalis uses the authentication method of Devise to authenticate access to API service.

If you want to change authentication method ? just override this method in you APIController

# File 'app/controllers/faalis/api_controller.rb', line 63

def authenticate_filter
  authenticate_user!
end

#load_resource_by_query ⇒ Object

Load resource by using parameters specified in querystring.

# File 'app/controllers/faalis/api_controller.rb', line 68

def load_resource_by_query
  # If any query string parameter provided and allow fields specified
  if !request.query_parameters.empty? && !allowed_fields.empty?

    logger.info ('Load resource by query parameters')
    # Iterate over parameters in query string
    request.query_parameters.each do |key, value|
      # each key can be like filename[__querytype]=value
      # which `querytype` is string that specify the query type scope
      # to use in model. For example these is a query type scope called
      # `gt` which mean the mentioned field should be greater than the
      # value
      field, query_type = key.split('__')

      if allowed_fields.include? field
        # If field name is in the allowed list
        # If no query type specified we will use assignment scope.
        query_type = 'assignment' if query_type.nil?

        # If model have an scope with the "#{query_type}_query" name.
        # Otherwise skip
        if model_class.respond_to? "#{query_type}_query"

          # If resource already loaded. If there was a instnace variable
          # with the plural name of the resource exists then resource
          # already loaded and we should chain new conditions
          if instance_variable_defined? "@#{controller_name}"
            var = instance_variable_get("@#{controller_name}")
            var.send("#{query_type}_query".to_sym, field, value)
          else
            # Resource did not loaded we make first query
            # (without touching database) and set the corresponding
            # instance variables
            relation_object = model_class.send("#{query_type}_query".to_sym,
                                               field, value)
            instance_variable_set("@#{controller_name}", relation_object)
          end

        else
          logger.info "There is no `#{query_type}_query` in `#{model_class.to_s}` model."
        end
      else
        logger.warn "`#{field}` in not in allowed list for `#{self.class.to_s}`."
      end
    end
  else
    logger.info('Load resource using `load_resource`')
    #self.class.load_resource
  end
end

#set_csrf_cookie_for_ng ⇒ Object

Rescue from any access denied exception raised from cancan and returns a useful error message in json

rescue_from CanCan::AccessDenied do |exception|
  render :status => 403, :json => {
    :error => t('You don\'t have access to this page'),
    :orig_msg => exception.message,
    :action => exception.action
  }
end

# File 'app/controllers/faalis/api_controller.rb', line 53

def set_csrf_cookie_for_ng
  cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?
end