Top Level Namespace

Defined Under Namespace

Modules: ApiResource, Ocean, OceanApplicationController Classes: AliveController, Api, ApplicationController, ErrorsController, OceanScaffoldDynamoGenerator, OceanScaffoldGenerator, OceanSetupGenerator

Constant Summary collapse

INVALIDATE_MEMBER_DEFAULT = 
["($|/|\\?)"]
INVALIDATE_COLLECTION_DEFAULT = 
["($|\\?)"]
UUID_REGEX = 
/([0-9a-f]+-){4}[0-9a-f]+/
DEFAULT_CACHE_TIME = 
1.week

Instance Method Summary collapse

Instance Method Details

#add_right_restrictions(rel, restrictions) ⇒ Object

Takes a relation and adds right restrictions, if present.



73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/ocean-rails.rb', line 73

def add_right_restrictions(rel, restrictions)
  return rel unless restrictions
  # First get the table to use as a basis for the OR clauses
  t = rel.arel_table
  # Accumulating Arel AND clauses
  cond = restrictions.reduce [] do |acc, rr|
    app = rr['app']
    context = rr['context']
    if    app != '*' && context != '*'
      acc << t[:app].eq(app).and(t[:context].eq(context))
    elsif app != '*' && context == '*'
      acc << t[:app].eq(app)
    elsif app == '*' && context != '*'
      acc << t[:context].eq(context)
    end
    acc
  end
  # Process the clauses. We might not need to OR anything.
  case cond.length
  when 0
    return rel
  when 1
    return rel.where(cond.first)
  else
    # OR the multiple clauses together
    cond = cond.reduce :or
    # Return a relation built from the Arel condition we've constructed
    rel.where(cond)
  end
end

#aws_config(endpoint: nil, **keywords) ⇒ Object 



153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
 
# File 'lib/ocean-rails.rb', line 153

def aws_config(endpoint: nil, **keywords)
  if ENV['AWS_ACCESS_KEY_ID'].present? && ENV['AWS_SECRET_ACCESS_KEY'].present?
    raise "AWS_REGION not defined" unless ENV['AWS_REGION'].present?
    {
      region: ENV['AWS_REGION'],
      credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'],
                                        ENV['AWS_SECRET_ACCESS_KEY'])
    }
  elsif endpoint.present? && ENV[endpoint].present?
    {
      region: "eu-west-1",    # Doesn't matter in this context
      credentials: Aws::Credentials.new('not', 'used'),
      endpoint: ENV[endpoint]
    }.merge(keywords)
  else
    raise "AWS_REGION not defined" unless ENV['AWS_REGION'].present?
    credential_handler = ENV['AWS_CONFIG_LOCAL_MODE'].present? ? Aws::InstanceProfileCredentials :
                                                                 Aws::ECSCredentials
    {
      region: ENV['AWS_REGION'],
      credentials: credential_handler.new
    }
  end
end

#deny_with(status, *error_messages) ⇒ Object

For stubbing failed authorisation calls. Makes Api.permitted? return the given status and a body containing a standard API error with the given error messages.



63
64
65
66
67
 
# File 'lib/ocean-rails.rb', line 63

def deny_with(status, *error_messages)
  allow(Api).to receive(:permitted?).
    and_return(double(:status => status,
                      :body => {'_api_error' => error_messages}))
end

#hyperlinks(links = {}) ⇒ Object

Used in Jbuilder templates to build hyperlinks



108
109
110
111
112
113
114
115
116
117
118
 
# File 'lib/ocean-rails.rb', line 108

def hyperlinks(links={})
  result = {}
  links.each do |qi, val|
    next unless val.present?
    result[qi.to_s] = {
               "href" => val.kind_of?(String) ? val : val[:href],
               "type" => val.kind_of?(String) ? "application/json" : val[:type]
            }
  end
  result
end

#member_of_group?(*names) ⇒ Boolean

View helper predicates to determine if the ApiUser behind the current authorisation belongs to one or more of a list of Groups.

Returns:

  • (Boolean) 


140
141
142
 
# File 'lib/ocean-rails.rb', line 140

def member_of_group?(*names)
  @group_names && @group_names.intersect?(names.to_set)
end

#permit_with(status, user_id: "1-2-3-4-5", creator_uri: "https://api.example.com/v1/api_users/#{user_id}", right: nil, group_names: []) ⇒ Object

For stubbing successful authorisation calls. Makes Api.permitted? return the status, and a body containing a partial authentication containing the user_id and creator_uri given by the parameters. It also allows the value of ‘right’ to be specified: this will restrict all SQL queries accordingly.



47
48
49
50
51
52
53
54
55
56
 
# File 'lib/ocean-rails.rb', line 47

def permit_with(status, user_id: "1-2-3-4-5", creator_uri: "https://api.example.com/v1/api_users/#{user_id}",
                        right: nil, group_names: [])
  allow(Api).to receive(:permitted?).
    and_return(double(:status => status,
                      :body => {'authentication' =>
                                 {'right' => right,
                                  'group_names' => group_names,
                                  '_links' => { 'creator' => {'href' => creator_uri,
                                                              'type' => 'application/json'}}}}))
end

#smart_api_user_url(x) ⇒ Object

This renders creator and updater links correctly.



123
124
125
126
127
128
129
130
131
132
133
 
# File 'lib/ocean-rails.rb', line 123

def smart_api_user_url(x)
  if x.blank? || x == "0" || x == 0
    false #"#{OCEAN_API_URL}/#{Api.version_for :api_user}/api_users/0-0-0-0-0"
  elsif x.is_a?(Integer)
    "#{OCEAN_API_URL}/#{Api.version_for :api_user}/api_users/#{x}"
  elsif x.is_a?(String)
    x =~ /^http(s)?:\/\// ? x : "#{OCEAN_API_URL}/#{Api.version_for :api_user}/api_users/#{x}"
  else
    raise "api_user_url takes an integer, a string, or nil"
  end
end

#superuser?Boolean

Returns true if the ApiUser behind the current authorisation belongs to the Ocean Group “Superusers”.

Returns:

  • (Boolean) 


148
149
150
 
# File 'lib/ocean-rails.rb', line 148

def superuser?
  member_of_group?("Superusers")
end