Class: Faalis::APIController
- Inherits:
-
ApplicationController
- Object
- ActionController::Base
- ApplicationController
- Faalis::APIController
- Defined in:
- app/controllers/faalis/api_controller.rb
Overview
This class is the base class of all API controllers in any Faalis host applications. Each host Rails application should have an ‘APIController` which inherit from this class.
Direct Known Subclasses
Class Method Summary collapse
-
.allow_query_on(*args) ⇒ Object
Using this query you can activate the query loading system and specify fields which you want to use in query loading.
Instance Method Summary collapse
-
#allowed_fields ⇒ Object
This attribute holds the allowed fileds which we will allow for making query.
-
#authenticate_filter ⇒ Object
User authentication for API services take place here.
-
#load_resource_by_query ⇒ Object
Load resource by using parameters specified in querystring.
-
#set_csrf_cookie_for_ng ⇒ Object
Rescue from any access denied exception raised from cancan and returns a useful error message in json rescue_from CanCan::AccessDenied do |exception| render :status => 403, :json => { :error => t(‘You don't have access to this page’), :orig_msg => exception.message, :action => exception.action } end.
Methods inherited from ApplicationController
Class Method Details
.allow_query_on(*args) ⇒ Object
Using this query you can activate the query loading system and specify fields which you want to use in query loading
128 129 130 131 132 133 134 |
# File 'app/controllers/faalis/api_controller.rb', line 128 def self.allow_query_on(*args) #instance_variable_set(:@allowed_fields, args.to_a.collect { |x| x.to_s }) define_method :allowed_query_on do args.to_a.collect { |x| x.to_s } end private :allowed_query_on end |
Instance Method Details
#allowed_fields ⇒ Object
This attribute holds the allowed fileds which we will allow for making query
121 122 123 124 |
# File 'app/controllers/faalis/api_controller.rb', line 121 def allowed_fields return allowed_query_on if self.respond_to?(:allowed_query_on, true) @allowed_fields || [] end |
#authenticate_filter ⇒ Object
User authentication for API services take place here. By default Faalis uses the authentication method of Devise to authenticate access to API service.
If you want to change authentication method ? just override this method in you APIController
63 64 65 |
# File 'app/controllers/faalis/api_controller.rb', line 63 def authenticate_filter authenticate_user! end |
#load_resource_by_query ⇒ Object
Load resource by using parameters specified in querystring.
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 |
# File 'app/controllers/faalis/api_controller.rb', line 68 def load_resource_by_query # If any query string parameter provided and allow fields specified if !request.query_parameters.empty? && !allowed_fields.empty? logger.info ('Load resource by query parameters') # Iterate over parameters in query string request.query_parameters.each do |key, value| # each key can be like filename[__querytype]=value # which `querytype` is string that specify the query type scope # to use in model. For example these is a query type scope called # `gt` which mean the mentioned field should be greater than the # value field, query_type = key.split('__') if allowed_fields.include? field # If field name is in the allowed list # If no query type specified we will use assignment scope. query_type = 'assignment' if query_type.nil? # If model have an scope with the "#{query_type}_query" name. # Otherwise skip if model_class.respond_to? "#{query_type}_query" # If resource already loaded. If there was a instnace variable # with the plural name of the resource exists then resource # already loaded and we should chain new conditions if instance_variable_defined? "@#{controller_name}" var = instance_variable_get("@#{controller_name}") var.send("#{query_type}_query".to_sym, field, value) else # Resource did not loaded we make first query # (without touching database) and set the corresponding # instance variables relation_object = model_class.send("#{query_type}_query".to_sym, field, value) instance_variable_set("@#{controller_name}", relation_object) end else logger.info "There is no `#{query_type}_query` in `#{model_class.to_s}` model." end else logger.warn "`#{field}` in not in allowed list for `#{self.class.to_s}`." end end else logger.info('Load resource using `load_resource`') #self.class.load_resource end end |
#set_csrf_cookie_for_ng ⇒ Object
Rescue from any access denied exception raised from cancan and returns a useful error message in json
rescue_from CanCan::AccessDenied do |exception|
render :status => 403, :json => {
:error => t('You don\'t have access to this page'),
:orig_msg => exception.,
:action => exception.action
}
end
53 54 55 |
# File 'app/controllers/faalis/api_controller.rb', line 53 def ['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery? end |