[myexperiment-hackers] [2199] trunk: post/delete /favourite.xml

[noreply]

Revision

2199

Author

dgc

Date

2009-05-27 09:58:01 -0400 (Wed, 27 May 2009)

Log Message

post/delete /favourite.xml

Modified Paths

• trunk/app/models/bookmark.rb
• trunk/config/tables.xml
• trunk/lib/authorization.rb
• trunk/lib/rest.rb

Diff

Modified: trunk/app/models/bookmark.rb (2198 => 2199)

--- trunk/app/models/bookmark.rb	2009-05-20 11:35:05 UTC (rev 2198)
+++ trunk/app/models/bookmark.rb	2009-05-27 13:58:01 UTC (rev 2199)
@@ -13,6 +13,9 @@
   # NOTE: Comments belong to a user
   belongs_to :user
   
+  validates_presence_of :bookmarkable
+  validates_presence_of :user
+
   # Helper class method to lookup all comments assigned
   # to all commentable types for a given user.
   def self.find_bookmarks_by_user(user)

Modified: trunk/config/tables.xml

(Binary files differ)

Modified: trunk/lib/authorization.rb (2198 => 2199)

--- trunk/lib/authorization.rb	2009-05-20 11:35:05 UTC (rev 2198)
+++ trunk/lib/authorization.rb	2009-05-27 13:58:01 UTC (rev 2199)
@@ -79,6 +79,19 @@
       return true
     end
     
+    # Bookmark permissions
+
+    if (object_type == 'Bookmark') && (action == 'create')
+
+      # Bookmarks can only be created by authenticated users
+      return false if user.nil?
+
+      # Bookmarks can only be added to things that a user can view
+      return Authorization.is_authorized?('view', nil, context, user) if context
+
+      return true
+    end
+
     return false
   end
 

Modified: trunk/lib/rest.rb (2198 => 2199)

--- trunk/lib/rest.rb	2009-05-20 11:35:05 UTC (rev 2198)
+++ trunk/lib/rest.rb	2009-05-27 13:58:01 UTC (rev 2199)
@@ -1151,6 +1151,59 @@
   comment_aux('destroy', req_uri, rules, user, query)
 end
 
+# Favourites
+
+def favourite_aux(action, req_uri, rules, user, query)
+
+  # Obtain object
+
+  case action
+    when 'create':
+      return rest_response(401) unless Authorization.is_authorized_for_type?('create', 'Bookmark', user, nil)
+
+      ob = Bookmark.new(:user => user)
+    when 'read', 'update', 'destroy':
+      ob = obtain_rest_resource('Bookmark', query['id'], user, action)
+    else
+      raise "Invalid action '#{action}'"
+  end
+
+  return if ob.nil? # appropriate rest response already given
+
+  if action == "destroy"
+
+    ob.destroy
+
+  else
+
+    data = ""
+
+    target = parse_element(data, :resource, '/favourite/object')
+
+    if target
+      return rest_response(400) unless [Blob, Pack, Workflow].include?(target.class)
+      return rest_response(401) unless Authorization.is_authorized_for_type?(action, 'Bookmark', user, target)
+      ob.bookmarkable = target
+    end
+
+    return rest_response(400, :object => ob) unless ob.save
+  end
+
+  rest_get_request(ob, "favourite", user, rest_resource_uri(ob), "favourite", { "id" => ob.id.to_s })
+end
+
+def post_favourite(req_uri, rules, user, query)
+  favourite_aux('create', req_uri, rules, user, query)
+end
+
+def put_favourite(req_uri, rules, user, query)
+  favourite_aux('update', req_uri, rules, user, query)
+end
+
+def delete_favourite(req_uri, rules, user, query)
+  favourite_aux('destroy', req_uri, rules, user, query)
+end
+
 # Call dispatcher
 
 def rest_call_request(req_uri, rules, user, query)