seth
/
jam-cloud
mirror of https://bitbucket.org/jamkazam/jam-cloud.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

VRFS-81

This commit is contained in:
Brian Smith 2012-11-22 03:27:00 -05:00
parent c849ae0536
commit 9fac41e6f3
17 changed files with 215 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
app/controllers/api_bands_controller.rb
View File

@ -66,17 +66,70 @@ class ApiBandsController < ApplicationController
###################### RECORDINGS #######################
def recording_index
@recordings = Recording.paginate(page: params[:page])
hide_private = false
band = Band.find(params[:id])
# hide private Recordings from anyone who's not in the Band
unless band.users.exists? current_user
hide_private = true
end
if hide_private
@recordings = Recording.find(:all,
:joins => :musician_recordings,
:select => "recordings.id, recordings.description, recordings.public",
:conditions => ["bands_recordings.band_id='#{params[:id]}'' AND public=true"])
#.paginate(page: params[:page])
else
@recordings = Recording.find(:all,
:joins => :musician_recordings,
:select => "recordings.id, recordings.description, recordings.public",
:conditions => ["bands_recordings.band_id='#{params[:id]}'"])
end
end
def recording_show
hide_private = false
band = Band.find(params[:id])
# hide private Recordings from anyone who's not in the Band
unless band.users.exists? current_user
hide_private = true
end
@recording = Recording.find(params[:recording_id])
if !@recording.public && hide_private
render :json => { :message => "You are not allowed to access this recording." }, :status => 403
#respond_with "You are not allowed to view this recording.", responder: ApiResponder, :status => 403
else
respond_with @recording, responder: ApiResponder, :status => 200
end
end
def recording_create
Recording.save(params[:recording_id],
@recording = Recording.save(params[:recording_id],
params[:public],
params[:description],
params[:id],
true)
if @recording.errors.nil? || @recording.errors.size == 0
@band = Band.find(params[:id])
respond_with @recording, responder: ApiResponder, :status => 201, :location => api_band_recording_detail_url(@band, @recording)
else
raise ActiveRecord::Rollback
response.status = :unprocessable_entity
respond_with @recording
end
end
def recording_destroy
@recording = Recording.find(params[:recording_id])
@recording.delete
end
end

8
app/controllers/api_controller.rb
View File

@ -5,15 +5,15 @@ class ApiController < ApplicationController
# define common error handlers
rescue_from 'JamRuby::StateError' do |exception|
@exception = exception
render "errors/state_error.rabl", :status => 500
render "errors/state_error.rabl", :status => 400
end
rescue_from 'JamRuby::JamArgrumentError' do |exception|
rescue_from 'JamRuby::JamArgumentError' do |exception|
@exception = exception
render "errors/jam_argument_error", :status => 500
render "errors/jam_argument_error", :status => 400
end
rescue_from 'JamRuby::PermissionError' do |exception|
@exception = exception
render "errors/permission_error", :status => 500
render "errors/permission_error", :status => 403
end
rescue_from 'ActiveRecord::RecordNotFound' do |exception|
@@log.debug(exception)

56
app/controllers/api_users_controller.rb
View File

@ -55,6 +55,7 @@ class ApiUsersController < ApiController
def update
auth_user(params[:id])
@user = User.save(params[:id],
current_user.id,
params[:first_name],
params[:last_name],
params[:email],
@ -123,21 +124,59 @@ class ApiUsersController < ApiController
###################### RECORDINGS #######################
def recording_index
@recordings = Recording.where("user_id=#{params[:id]}").paginate(page: params[:page])
hide_private = false
# hide private recordings from anyone but the current user
if current_user.id != params[:id]
hide_private = true
end
if hide_private
@recordings = Recording.find(:all,
:joins => :musician_recordings,
:select => "recordings.id, recordings.description, recordings.public",
:conditions => ["musicians_recordings.user_id='#{params[:id]}' AND public=true"])
#.paginate(page: params[:page])
else
@recordings = Recording.find(:all,
:joins => :musician_recordings,
:select => "recordings.id, recordings.description, recordings.public",
:conditions => ["musicians_recordings.user_id='#{params[:id]}'"])
end
end
def recording_show
hide_private = false
# hide private recordings from anyone but the current user
if current_user.id != params[:id]
hide_private = true
end
@recording = Recording.find(params[:recording_id])
if !@recording.public && hide_private
render :json => { :message => "You are not allowed to access this recording." }, :status => 403
#respond_with "You are not allowed to access this recording.", responder: ApiResponder, :status => 403
else
respond_with @recording, responder: ApiResponder, :status => 200
end
end
def recording_create
auth_user(params[:id])
@recording = Recording.save(params[:recording_id],
params[:public],
params[:description],
current_user.id,
params[:id],
false)
# check for errors
if @recording.errors.nil? || @recording.errors.size == 0
respond_with @recording, responder: ApiResponder, :status => 201, :location => api_recording_detail_url(@recording)
@user = current_user
respond_with @recording, responder: ApiResponder, :status => 201, :location => api_recording_detail_url(@user, @recording)
else
raise ActiveRecord::Rollback
response.status = :unprocessable_entity
@ -146,10 +185,10 @@ class ApiUsersController < ApiController
end
def recording_update
auth_user(params[:id])
@recording = Recording.save(params[:recording_id],
params[:public],
params[:description],
current_user.id,
params[:id],
false)
@ -166,7 +205,9 @@ class ApiUsersController < ApiController
def recording_destroy
auth_user(params[:id])
Recording.delete(params[:recording_id], params[:id], false)
recording = Recording.find(params[:recording_id])
recording.delete
#Recording.delete(params[:recording_id], params[:id], false)
end
###################### FAVORITES ########################
@ -247,7 +288,7 @@ class ApiUsersController < ApiController
respond_with responder: ApiResponder
end
###################### AUTHORIZATION ####################
###################### AUTHENTICATION ###################
def auth_session_create
@user = User.authenticate(params[:email], params[:password])
@ -267,6 +308,7 @@ class ApiUsersController < ApiController
protected
def auth_user(id)
if current_user.id != id
#respond_with "You do not have permissions to perform this action.", responder: ApiResponder, :status => 403
raise PermissionError, "You do not have permissions to perform this action."
end
end

3
app/views/api_bands/following_create.rabl
View File

@ -1,3 +0,0 @@
object @band.followings
extends "api_bands/following_index"

3
app/views/api_bands/recording_create.rabl
View File

@ -0,0 +1,3 @@
object @recording
extends "api_bands/recording_show"

3
app/views/api_bands/recording_index.rabl
View File

@ -0,0 +1,3 @@
object @recordings
extends "api_bands/recording_show"

3
app/views/api_bands/recording_show.rabl
View File

@ -0,0 +1,3 @@
object @recording
attributes :id, :description, :public

3
app/views/api_bands/recording_update.rabl
View File

@ -0,0 +1,3 @@
object @recording
extends "api_bands/recording_show"

3
app/views/api_users/recording_create.rabl
View File

@ -0,0 +1,3 @@
object @recording
extends "api_users/recording_show"

4
app/views/api_users/recording_index.rabl
View File

@ -1,3 +1,3 @@
object @user
object @recordings
extends "api_users/show"
extends "api_users/recording_show"

3
app/views/api_users/recording_show.rabl
View File

@ -0,0 +1,3 @@
object @recording
attributes :id, :description, :public

3
app/views/api_users/recording_update.rabl
View File

@ -0,0 +1,3 @@
object @recording
extends "api_users/recording_show"

7
config/routes.rb
View File

@ -8,7 +8,7 @@ SampleApp::Application.routes.draw do
resources :users
resources :music_sessions
resources :friend_requests
resources :sessions, only: [:new, :create, :destroy]
#root to: 'static_pages#home'
@ -46,9 +46,6 @@ SampleApp::Application.routes.draw do
# genres
match '/genres' => 'api_genres#index', :via => :get
# recordings
match '/recordings/:id' => 'api_recordings#show', :via => :get, :as => 'api_recording_detail'
# users
match '/users' => 'api_users#index', :via => :get
match '/users/:id' => 'api_users#show', :via => :get, :as => 'api_user_detail'
@ -103,7 +100,7 @@ SampleApp::Application.routes.draw do
# band recordings
match '/bands/:id/recordings' => 'api_bands#recording_index', :via => :get
match '/bands/:id/recordings/:recording_id' => 'api_bands#recording_show', :via => :get
match '/bands/:id/recordings/:recording_id' => 'api_bands#recording_show', :via => :get, :as => 'api_band_recording_detail'
match '/bands/:id/recordings' => 'api_bands#recording_create', :via => :post
match '/bands/:id/recordings/:recording_id' => 'api_bands#recording_update', :via => :post
match '/bands/:id/recordings/:recording_id' => 'api_bands#recording_destroy', :via => :delete

20
spec/requests/bands_api_spec.rb
View File

@ -0,0 +1,20 @@
require 'spec_helper'
describe "Band API", :type => :api do
include Rack::Test::Methods
subject { page }
describe "profile" do
let(:band) { FactoryGirl.create(:band) }
let(:user) { FactoryGirl.create(:user) }
let(:fan) { FactoryGirl.create(:fan) }
it "should allow musician to create band" do
end
it "should not allow fan to create band" do
end
end
end

2
spec/requests/invitations_api_spec.rb
View File

@ -168,7 +168,7 @@ describe "Invitation API ", :type => :api do
# then check that there is one invitation sent by us
get '/api/invitations.json?sender=' + other_user.id
last_response.status.should eql(500)
last_response.status.should eql(403)
response = JSON.parse(last_response.body)
response.should == {"message" => "You can only ask for your own sent invitations","type" => "PermissionError"}

2
spec/requests/music_session_pages_spec.rb
View File

@ -322,7 +322,7 @@ describe "Music Session API ", :type => :api do
# users are friends, but no invitation... so we shouldn't be able to join as user 2
login(user2)
post "/api/sessions/#{session["id"]}/participants.json", { :client_id => client2.client_id, :as_musician => true }.to_json, "CONTENT_TYPE" => 'application/json'
last_response.status.should eql(500)
last_response.status.should eql(403)
join_response = JSON.parse(last_response.body)
join_response["type"].should == "PermissionError"

72
spec/requests/users_api_spec.rb
View File

@ -98,7 +98,7 @@ describe "User API", :type => :api do
followings.size.should == 1
followings[0]["user_id"].should == fan.id
# get followers for for fan
# get followers for other side of above following (fan)
login(fan.email, fan.password, 200, true)
get "/api/users/#{fan.id}/followers.json"
last_response.status.should == 200
@ -134,35 +134,83 @@ describe "User API", :type => :api do
it "should not allow user to create following for another user" do
login(user.email, user.password, 200, true)
post "/api/users/2/followings.json", { :user_id => fan.id }.to_json, "CONTENT_TYPE" => 'application/json'
last_response.status.should == 500
post "/api/users/10/followings.json", { :user_id => fan.id }.to_json, "CONTENT_TYPE" => 'application/json'
last_response.status.should == 403
end
it "should not allow user to delete following of another user" do
end
it "should allow musician to create recordings" do
# create public recording
login(user.email, user.password, 200, true)
post "/api/users/#{user.id}/recordings.json", { :description => "My Recording", :public => true }.to_json, "CONTENT_TYPE" => 'application/json'
last_response.status.should == 201
recording = JSON.parse(last_response.body)
recording["description"].should == "My Recording"
# create private recording
login(user.email, user.password, 200, true)
post "/api/users/#{user.id}/recordings.json", { :description => "My Recording 2", :public => false }.to_json, "CONTENT_TYPE" => 'application/json'
last_response.status.should == 201
private_recording = JSON.parse(last_response.body)
# get all recordings as creator
login(user.email, user.password, 200, true)
get "/api/users/#{user.id}/recordings.json"
last_response.status.should == 200
recordings = JSON.parse(last_response.body)
recordings.size.should == 2
# get all recordings as non-creator
login(fan.email, fan.password, 200, true)
get "/api/users/#{user.id}/recordings.json"
last_response.status.should == 200
recordings = JSON.parse(last_response.body)
recordings.size.should == 1
# attempt to get the private recording
login(fan.email, fan.password, 200, true)
get "/api/users/#{user.id}/recordings/#{private_recording["id"]}.json"
last_response.status.should == 403
end
it "should not allow fan to create recordings" do
end
it "should allow user to get recordings" do
login(fan.email, fan.password, 200, true)
post "/api/users/#{fan.id}/recordings.json", { :description => "My Recording", :public => true }.to_json, "CONTENT_TYPE" => 'application/json'
last_response.status.should == 403
end
it "should allow user to create favorites" do
# create recording first
login(user.email, user.password, 200, true)
post "/api/users/#{user.id}/recordings.json", { :description => "My Recording", :public => true }.to_json, "CONTENT_TYPE" => 'application/json'
last_response.status.should == 201
recording = JSON.parse(last_response.body)
# add favorite
login(user.email, user.password, 200, true)
post "/api/users/#{user.id}/favorites.json", { :recording_id => recording["id"] }.to_json, "CONTENT_TYPE" => 'application/json'
last_response.status.should == 201
login(user.email, user.password, 200, true)
get "/api/users/#{user.id}/favorites.json"
last_response.status.should == 200
puts last_response.body
favorites = JSON.parse(last_response.body)
favorites.size.should == 1
favorites[0]["recording_id"].should == recording["id"]
favorites[0]["description"].should == "My Recording"
favorites[0]["public"].should == true
end
it "should not allow user to create favorite for another user" do
end
it "should allow user to delete favorites" do
end
it "should allow musician to create band" do
end
it "should not allow fan to create band" do
end
it "should allow user to send friend request" do
end