Authorization

2016-12-06 09:42:02 -06:00 · 2016-12-06 09:42:02 -06:00 · ce2cfcfb0b
parent dc2bcd1747
commit ce2cfcfb0b
6 changed files with 37 additions and 16 deletions
--- a/2
+++ b/2
@ -18,7 +18,7 @@ group :development, :test do
  gem "pry"
  gem "factory_girl_rails"
  gem "faker"
-  gem "smarf_doc", github: "RickCarlino/smarf_doc"
+  gem "smarf_doc", git: "https://github.com/RickCarlino/smarf_doc.git"
  gem "rails-erd"
  gem "rspec"
  gem "rspec-rails"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -1,5 +1,5 @@
 GIT
-  remote: git://github.com/RickCarlino/smarf_doc.git
+  remote: https://github.com/RickCarlino/smarf_doc.git
  revision: 40dc733363431c6153ccebbeb80df942a77f0b02
  specs:
    smarf_doc (1.0.0)
@ -90,6 +90,7 @@ GEM
    mutations (0.8.0)
      activesupport
    mysql (2.9.1)
+    mysql2 (0.4.5)
    nio4r (1.2.1)
    nokogiri (1.6.8.1)
      mini_portile2 (~> 2.1.0)
@ -202,6 +203,7 @@ DEPENDENCIES
  jwt
  mutations
  mysql
+  mysql2
  pg
  pry
  rack-cors
--- a/app/controllers/api/tools_controller.rb
+++ b/app/controllers/api/tools_controller.rb
@ -25,8 +25,8 @@ private

    def update_params
      output = {tool: tool}
-      output[:name]      = params[:name] if params[:name]
-      output[:tool_slot] = tool_slot     if params[:tool_slot_id]
+      output[:name]      = params[:name]         if params[:name]
+      output[:tool_slot] = params[:tool_slot_id] if params[:tool_slot_id]
      output
    end

@ -34,9 +34,9 @@ private
      if @create_params
        @create_params
      else
-        tsid = params[:tool_slot_id]
        @create_params = { name: params[:name],
                          device: current_device }
+        tsid = params[:tool_slot_id]
        @create_params[:tool_slot_id] = tsid if tsid
        @create_params
      end
--- a/app/mutations/tools/base.rb
+++ b/app/mutations/tools/base.rb
@ -0,0 +1,19 @@
+module Tools
+  class Base < Mutations::Command
+    def it_is_your_tool_slot
+      (tool_slot.tool_bay.device_id == device.id)
+    end
+
+    def tool_slot
+      @tool_slot ||= ToolSlot.find_by(id: tool_slot_id)
+    end
+
+    def forbidden!
+      raise Errors::Forbidden
+    end
+
+    def bad_tool_slot_id!
+      add_error :tool_slot, :bad, "Bad tool slot ID"
+    end
+  end
+end
--- a/app/mutations/tools/create.rb
+++ b/app/mutations/tools/create.rb
@ -1,5 +1,5 @@
 module Tools
-  class Create  < Mutations::Command
+  class Create  < Tools::Base
    required do
      string :name
      model :device, class: Device
@ -10,17 +10,12 @@ module Tools
    end

    def validate
-      puts "TODO: Validate user authorizations"
+      bad_tool_slot_id! unless tool_slot
+      forbidden! if tool_slot_id && !it_is_your_tool_slot
    end

    def execute
      Tool.create!(inputs)
    end
-
-  private
-
-    def query
-      @query ||= ToolBay::DeviceQuery.new(device)
-    end
  end
 end
--- a/app/mutations/tools/update.rb
+++ b/app/mutations/tools/update.rb
@ -1,12 +1,17 @@
 module Tools
-  class Update  < Mutations::Command
+  class Update  < Tools::Base
    required do
-      model :tool,      class: Tool
+      model :tool, class: Tool
    end

    optional do
      string :name
-      model :tool_slot, class: ToolSlot
+      integer :tool_slot_id
+    end
+
+    def validate
+      bad_tool_slot_id! if tool_slot_id && !tool_slot
+      forbidden! if tool_slot_id && !it_is_your_tool_slot
    end

    def execute