[myexperiment-hackers] [2132] trunk: returning HTTP status codes from RE

Diff

Modified: trunk/app/controllers/api_controller.rb (2131 => 2132)


--- trunk/app/controllers/api_controller.rb	2009-03-18 15:54:31 UTC (rev 2131)
+++ trunk/app/controllers/api_controller.rb	2009-03-20 14:02:35 UTC (rev 2132)
@@ -13,6 +13,9 @@
 
   def process_request
 
+    # all responses from the API are in XML
+    response.content_type = "application/xml"
+
     user = current_user
 
     auth = request.env["HTTP_AUTHORIZATION"]
@@ -21,10 +24,7 @@
       credentials = Base64.decode64(auth.sub(/^Basic /, '')).split(':')
       user = User.authenticate(credentials[0], credentials[1])
 
-      if user.nil?
-        render :xml => rest_error_response(401, 'Not authorized').to_s
-        return
-      end
+      return rest_error(401) if user.nil?
 
     end
 
@@ -32,14 +32,14 @@
     method = request.method.to_s.upcase
     uri    = params[:uri]
 
-   # logger.info "current token: #{current_token.inspect}"
-   # logger.info "current user: #{user.id}"
-   # logger.info "query: #{query}"
-   # logger.info "method: #{method}"
-   # logger.info "uri: #{uri}"
+    # logger.info "current token: #{current_token.inspect}"
+    # logger.info "current user: #{user.id}"
+    # logger.info "query: #{query}"
+    # logger.info "method: #{method}"
+    # logger.info "uri: #{uri}"
 
-    return bad_rest_request if TABLES['REST'][:data][uri].nil? 
-    return bad_rest_request if TABLES['REST'][:data][uri][method].nil?
+    return rest_error(400) if TABLES['REST'][:data][uri].nil? 
+    return rest_error(400) if TABLES['REST'][:data][uri][method].nil?
 
     rules = TABLES['REST'][:data][uri][method]
 
@@ -54,21 +54,15 @@
         permission_found = true if permission.for == requested_permission
       end
 
-      if permission_found == false
-        render :xml => rest_error_response(403, 'Not authorized').to_s
-        return
-      end
+      return rest_error(403) if permission_found == false
     end  
 
     case rules['Type']
       when 'index'; doc = rest_index_request(rules, user, query)
       when 'crud';  doc = rest_crud_request(rules, user)
       when 'call';  doc = rest_call_request(rules, user, query)
-      else;         bad_rest_request
+      else;         return rest_error(400)
     end
-
-    current_token = nil
-    render :xml => doc.to_s
   end
 end

Modified: trunk/lib/rest.rb (2131 => 2132)


--- trunk/lib/rest.rb	2009-03-18 15:54:31 UTC (rev 2131)
+++ trunk/lib/rest.rb	2009-03-20 14:02:35 UTC (rev 2132)
@@ -37,8 +37,38 @@
   end
 end
 
-def bad_rest_request
-  render(:text => '400 Bad Request', :status => '400 Bad Request')
+def rest_error(code, error_ob = nil)
+
+  if code == 401
+    response.headers['WWW-Authenticate'] = "Basic realm=\"#{Conf.sitename} REST API\""
+  end
+
+  message = "Unknown Error"
+
+  case code
+    when 400: message = "Bad Request"
+    when 401: message = "Unauthorized"
+    when 403: message = "Forbidden"
+    when 404: message = "Not Found"
+    when 500: message = "Internal Server Error"
+  end
+
+  error = XML::Node.new('error')
+  error["code"   ] = code.to_s
+  error["message"] = message
+
+  doc = XML::Document.new
+  doc.root = error
+
+  if error_ob
+    error_ob.errors.full_messages.each do |message|
+      reason = XML::Node.new('reason')
+      reason << message
+      doc.root << reason
+    end
+  end
+
+  render(:xml => doc.to_s, :status => "#{code} #{message}")
 end
 
 def file_column_url(ob, field)
@@ -182,9 +212,9 @@
 def rest_get_request(ob, req_uri, user, uri, entity_name, query)
 
   if query['version']
-    return rest_error_response(400, 'Resource not versioned') unless ob.respond_to?('versions')
-    return rest_error_response(404, 'Resource version not found') if query['version'].to_i < 1
-    return rest_error_response(404, 'Resource version not found') if ob.versions[query['version'].to_i - 1].nil?
+    return rest_error(400) unless ob.respond_to?('versions')
+    return rest_error(404) if query['version'].to_i < 1
+    return rest_error(404) if ob.versions[query['version'].to_i - 1].nil?
   end
 
   elements = query['elements'] ? query['elements'].split(',') : nil
@@ -214,29 +244,9 @@
     root << data unless data.nil?
   end
 
-  doc
+  render(:xml => doc.to_s)
 end
 
-def rest_error_response(code, message, error_ob = nil)
-
-  error = XML::Node.new('error')
-  error["code"   ] = code.to_s
-  error["message"] = message
-
-  doc = XML::Document.new
-  doc.root = error
-
-  if error_ob
-    error_ob.errors.full_messages.each do |message|
-      reason = XML::Node.new('reason')
-      reason << message
-      doc.root << reason
-    end
-  end
-
-  doc
-end
-
 def rest_crud_request(rules, user)
 
   query = CGIMethods.parse_query_parameters(request.query_string)
@@ -246,7 +256,7 @@
 
   ob = eval(model_name.camelize).find_by_id(params[:id].to_i)
 
-  return rest_error_response(404, 'Resource not found') if ob.nil?
+  return rest_error(404) if ob.nil?
 
   perm_ob = ob
 
@@ -254,11 +264,10 @@
 
   case rules['Permission']
     when 'public'; # do nothing
-    when 'view'; return rest_error_response(403, 'Not authorized') if not Authorization.is_authorized?("show", nil, perm_ob, user)
-    when 'owner'; return rest_error_response(403, 'Not authorized') if logged_in?.nil? or object_owner(perm_ob) != user
+    when 'view';  return rest_error(401) if not Authorization.is_authorized?("show", nil, perm_ob, user)
+    when 'owner'; return rest_error(401) if logged_in?.nil? or object_owner(perm_ob) != user
   end
 
-  response.content_type = "application/xml"
   rest_get_request(ob, params[:uri], user, eval("rest_resource_uri(ob)"), rest_name, query)
 end
 
@@ -332,7 +341,7 @@
   doc = XML::Document.new
   doc.root = root
 
-  doc
+  render(:xml => doc.to_s)
 end
 
 def object_owner(ob)
@@ -510,10 +519,11 @@
 
 def get_rest_uri(rules, user, query)
 
-  return bad_rest_request if query['resource'].nil?
+  return rest_error(400) if query['resource'].nil?
 
   obs = (obs.select do |c| c.respond_to?('contribution') == false or Authorization.is_authorized?("index", nil, c, user) end)
   doc = REXML::Document.new("<?xml version=\"1.0\" encoding=\"UTF-8\"?><rest-uri/>")
+
   "bing"
 end
 
@@ -523,8 +533,8 @@
 
 def post_workflow(rules, user, query)
 
-  return rest_error_response(400, 'Bad Request') if user.nil?
-  return rest_error_response(400, 'Bad Request') if params["workflow"].nil?
+  return rest_error(400) if user.nil?
+  return rest_error(400) if params["workflow"].nil?
 
   elements = params["workflow"]
 
@@ -567,7 +577,7 @@
   workflow.set_unique_name
 
   if not workflow.save
-    return rest_error_response(400, 'Bad Request', workflow)
+    return rest_error(400, workflow)
   end
 
   workflow.contribution.policy = create_default_policy(user)
@@ -586,20 +596,20 @@
 #   runner_bits     = parse_resource_uri(params["job"]["runner"])
 #   runnable_bits   = parse_resource_uri(params["job"]["runnable"])
 #
-#   return rest_error_response(400, 'Bad Request') if title.nil?
-#   return rest_error_response(400, 'Bad Request') if description.nil?
+#   return rest_error(400) if title.nil?
+#   return rest_error(400) if description.nil?
 #
-#   return rest_error_response(400, 'Bad Request') if experiment_bits.nil? or experiment_bits[0] != 'Experiment'
-#   return rest_error_response(400, 'Bad Request') if runner_bits.nil?     or runner_bits[0]     != 'Runner'
-#   return rest_error_response(400, 'Bad Request') if runnable_bits.nil?   or runnable_bits[0]   != 'Workflow'
+#   return rest_error(400) if experiment_bits.nil? or experiment_bits[0] != 'Experiment'
+#   return rest_error(400) if runner_bits.nil?     or runner_bits[0]     != 'Runner'
+#   return rest_error(400) if runnable_bits.nil?   or runnable_bits[0]   != 'Workflow'
 #
 #   experiment = Experiment.find_by_id(experiment_bits[1].to_i)
 #   runner     = TavernaEnactor.find_by_id(runner_bits[1].to_i)
 #   runnable   = Workflow.find_by_id(runnable_bits[1].to_i)
 #
-#   return rest_error_response(400, 'Bad Request') if experiment.nil? or not Authorization.is_authorized?('edit', nil, experiment, user)
-#   return rest_error_response(400, 'Bad Request') if runner.nil?     or not Authorization.is_authorized?('download', nil, runner, user)
-#   return rest_error_response(400, 'Bad Request') if runnable.nil?   or not Authorization.is_authorized?('view', nil, runnable, user)
+#   return rest_error(400) if experiment.nil? or not Authorization.is_authorized?('edit', nil, experiment, user)
+#   return rest_error(400) if runner.nil?     or not Authorization.is_authorized?('download', nil, runner, user)
+#   return rest_error(400) if runnable.nil?   or not Authorization.is_authorized?('view', nil, runnable, user)
 #
 #   puts "#{params[:job]}"
 #
@@ -613,7 +623,7 @@
 #
 #   success = job.submit_and_run!
 #
-#   return rest_error_response(200, 'Failed to submit job') if not success
+#   return rest_error(500) if not success
 #
 #   return "<yes/>"
 #
@@ -654,7 +664,8 @@
 
   doc = XML::Document.new
   doc.root = root
-  doc
+
+  render(:xml => doc.to_s)
 end
 
 def user_count(rules, user, query)
@@ -667,7 +678,7 @@
   doc = XML::Document.new
   doc.root = root
 
-  doc
+  render(:xml => doc.to_s)
 end
 
 def group_count(rules, user, query)
@@ -677,7 +688,8 @@
 
   doc = XML::Document.new
   doc.root = root
-  doc
+
+  render(:xml => doc.to_s)
 end
 
 def pack_count(rules, user, query)
@@ -691,12 +703,13 @@
 
   doc = XML::Document.new
   doc.root = root
-  doc
+
+  render(:xml => doc.to_s)
 end
 
 def get_tagged(rules, user, query)
 
-  return rest_error_response(400, 'Bad Request') if query['tag'].nil?
+  return rest_error(400) if query['tag'].nil?
 
   tag = Tag.find_by_name(query['tag'])
 
@@ -743,7 +756,7 @@
     root << tag_node
   end
 
-  doc
+  render(:xml => doc.to_s)
 end
 
 def post_comment(rules, user, query)
@@ -756,11 +769,11 @@
 
   resource_bits = parse_resource_uri(params["comment"]["resource"])
 
-  return rest_error_response(400, 'Bad Request') if user.nil?
-  return rest_error_response(400, 'Bad Request') if text.nil? or text.length.zero?
-  return rest_error_response(400, 'Bad Request') if resource_bits.nil?
+  return rest_error(400) if user.nil?
+  return rest_error(400) if text.nil? or text.length.zero?
+  return rest_error(400) if resource_bits.nil?
 
-  return rest_error_response(400, 'Bad Request') unless ['Blob', 'Network', 'Pack', 'Workflow'].include?(resource_bits[0])
+  return rest_error(400) unless ['Blob', 'Network', 'Pack', 'Workflow'].include?(resource_bits[0])
 
   resource = eval(resource_bits[0]).find_by_id(resource_bits[1].to_i)
 
@@ -775,16 +788,16 @@
 #
 # def delete_comment(rules, user, query)
 #
-#   return rest_error_response(400, 'Bad Request') if query['id'].nil?
+#   return rest_error(400) if query['id'].nil?
 #
 #   resource = Comment.find_by_id(query['id'])
 #
-#   return rest_error_response(404, 'Resource Not Found') if resource.nil?
+#   return rest_error(404) if resource.nil?
 #
 #   FIXME: The following respond_to? would not work anymore
 #
 #   if resource.respond_to?('authorized?')
-#     return rest_error_response(403, 'Not Authorized') if not Authorization.is_authorized?('edit', nil, resource, user)
+#     return rest_error(401) if not Authorization.is_authorized?('edit', nil, resource, user)
 #   end
 #
 # end

From:	noreply
Subject:	[myexperiment-hackers] [2132] trunk: returning HTTP status codes from REST API
Date:	Fri, 20 Mar 2009 10:02:36 -0400 (EDT)

[myexperiment-hackers] [2132] trunk: returning HTTP status codes from RE

Log Message

Modified Paths

Diff

Modified: trunk/app/controllers/api_controller.rb (2131 => 2132)

Modified: trunk/lib/rest.rb (2131 => 2132)