[noosfero/noosfero][api] api: expose plugin endpoints only if enabled on the environment

Mon Jun 15 20:17:49 BRT 2015

Rodrigo Souto pushed to branch api at Noosfero / noosfero


Commits:
4cb1363d by Rodrigo Souto at 2015-06-15T20:17:32Z
api: expose plugin endpoints only if enabled on the environment

- - - - -


7 changed files:

- app/controllers/public/api_controller.rb
- app/views/api/index.html.erb
- app/views/api/playground.html.erb
- lib/noosfero/api/api.rb
- lib/noosfero/api/helpers.rb
- + test/unit/api/api_test.rb
- test/unit/api/helpers_test.rb


Changes:

=====================================
app/controllers/public/api_controller.rb
=====================================

--- a/app/controllers/public/api_controller.rb
+++ b/app/controllers/public/api_controller.rb
@@ -2,12 +2,18 @@ class ApiController < PublicController
 
   no_design_blocks
 
+  helper_method :endpoints
+
   def index
-    @api = Noosfero::API.api_class
   end
 
   def playground
-    @api = Noosfero::API.api_class
+  end
+
+  private
+
+  def endpoints
+    Noosfero::API::API.endpoints(environment)
   end
 
 end


=====================================
app/views/api/index.html.erb
=====================================
--- a/app/views/api/index.html.erb
+++ b/app/views/api/index.html.erb
@@ -4,7 +4,7 @@
 <%= s_('api-playground|Try the %s') % link_to('API Playground', '/api/playground') %>
 </div>
 
-<%= @api.endpoints.map do |endpoint|
+<%= endpoints.map do |endpoint|
   app = endpoint.options[:app].to_s
   unless app.blank?
     content_tag(:h2, app.split('::').last.to_s, title: app) +


=====================================
app/views/api/playground.html.erb
=====================================
--- a/app/views/api/playground.html.erb
+++ b/app/views/api/playground.html.erb
@@ -2,7 +2,7 @@
 
 <script>
 var endpoints = <%=
- at api.endpoints.map do |endpoint|
+endpoints.map do |endpoint|
   app = endpoint.options[:app].to_s
   unless app.blank?
     endpoint.routes.map do |route|


=====================================
lib/noosfero/api/api.rb
=====================================
--- a/lib/noosfero/api/api.rb
+++ b/lib/noosfero/api/api.rb
@@ -28,6 +28,7 @@ module Noosfero
 
       before { setup_multitenancy }
       before { detect_stuff_by_domain }
+      before { filter_disabled_plugins_endpoints }
       after { set_session_cookie }
 
       version 'v1'
@@ -57,10 +58,26 @@ module Noosfero
           end
         end
       end
-    end
 
-    def self.api_class
-      API
+      def self.endpoint_unavailable?(endpoint, environment)
+        api_class = endpoint.options[:app] || endpoint.options[:for]
+        if api_class.present?
+          klass = api_class.name.deconstantize.constantize
+          return klass < Noosfero::Plugin && !environment.plugin_enabled?(klass)
+        end
+      end
+
+      class << self
+        def endpoints_with_plugins(environment = nil)
+          if environment.present?
+            cloned_endpoints = endpoints_without_plugins.dup
+            cloned_endpoints.delete_if { |endpoint| endpoint_unavailable?(endpoint, environment) }
+          else
+            endpoints_without_plugins
+          end
+        end
+        alias_method_chain :endpoints, :plugins
+      end
     end
   end
 end


=====================================
lib/noosfero/api/helpers.rb
=====================================
--- a/lib/noosfero/api/helpers.rb
+++ b/lib/noosfero/api/helpers.rb
@@ -127,6 +127,10 @@ module Noosfero
       #              error helpers             #
       ##########################################
 
+      def not_found!
+        render_api_error!('404 Not found', 404)
+      end
+
       def forbidden!
         render_api_error!('403 Forbidden', 403)
       end
@@ -184,6 +188,10 @@ module Noosfero
         end
       end
 
+      def filter_disabled_plugins_endpoints
+        not_found! if Noosfero::API::API.endpoint_unavailable?(self, !@environment)
+      end
+
       private
 
       def parser_params(params)


=====================================
test/unit/api/api_test.rb
=====================================
--- /dev/null
+++ b/test/unit/api/api_test.rb
@@ -0,0 +1,29 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class MyPlugin < Noosfero::Plugin;end
+class MyPlugin::API;end
+
+class APITest < ActiveSupport::TestCase
+
+  should 'endpoint should not be available if its plugin is unavailable' do
+    endpoint = mock()
+    environment = Environment.default
+    environment.stubs(:plugin_enabled?).returns(false)
+    endpoint.stubs(:options).returns({:for => MyPlugin::API})
+
+    assert Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
+  end
+
+  should 'endpoint should be available if its plugin is available' do
+    class MyPlugin < Noosfero::Plugin;end
+    class MyPlugin::API;end
+
+    endpoint = mock()
+    environment = Environment.default
+    environment.stubs(:plugin_enabled?).returns(true)
+    endpoint.stubs(:options).returns({:for => MyPlugin::API})
+
+    assert !Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
+  end
+
+end


=====================================
test/unit/api/helpers_test.rb
=====================================
--- a/test/unit/api/helpers_test.rb
+++ b/test/unit/api/helpers_test.rb
@@ -161,6 +161,13 @@ class APIHelpersTest < ActiveSupport::TestCase
     assert_nil make_conditions_with_parameter[:type]
   end
 
+  should 'render not_found if endpoint is unavailable' do
+    Noosfero::API::API.stubs(:endpoint_unavailable?).returns(true)
+    self.expects(:not_found!)
+
+    filter_disabled_plugins_endpoints
+  end
+
   protected
 
   def error!(info, status)



View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/4cb1363d9240f238416f25cdeddfb0b4e01905a4
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150615/8a4ec573/attachment.html>
