Diff
Modified: trunk/app/helpers/mashup_helper.rb (2133 => 2134)
--- trunk/app/helpers/mashup_helper.rb 2009-03-24 16:16:07 UTC (rev 2133)
+++ trunk/app/helpers/mashup_helper.rb 2009-03-24 19:03:28 UTC (rev 2134)
@@ -1,86 +1,2 @@
-
-require 'lib/rest'
-
module MashupHelper
-
- def get_rest_routes(type)
-
- routes = []
-
- TABLES['REST'][:data].sort.each do |uri,methods|
- methods.each do |method,rules|
- routes << [uri,method,rules] if rules['Type'] == type
- end
- end
-
- routes
- end
-
- def get_model_attributes(rest_name)
- TABLES['Model'][:data][rest_name]
- end
-
- def get_example_id(rules)
- rules['Example'][rules['REST Attribute'].index('id')]
- end
-
- def rest_example_id(type)
- case type
- when "workflow"; return "20"
- end
- end
-
- def trim_and_wrap(doc)
-
- # Clean up the base64 sections
-
- doc.root.children.each do |node|
- if node["encoding"] == "base64"
-
- text = node.child.to_s
-
- lines = text.strip.split("\n")
- lines = lines[0..9] + ['...'] if lines.length > 10
- lines = lines.map do |line|
- " #{line.strip}"
- end
-
- text = lines.join("\n").strip
- text = "\n #{text}\n "
-
- node.children[0].remove!
- node << text
- end
- end
-
- doc.to_s
- end
-
- def rest_example(method, rest_name, model_name, id, show_version)
-
- query = { 'id' => id, 'all_elements' => 'yes' }
-
- query['version'] = 1 if show_version
-
- ob = eval(model_name.camelize).find_by_id(id.to_i)
-
- return "" if ob.nil?
-
- doc = rest_get_request(ob, rest_name, nil, rest_resource_uri(ob), rest_name, query)
-
- trim_and_wrap(doc)
- end
-
- def rest_index_example(thing)
- doc = rest_index_request(TABLES['REST'][:data][thing]['GET'], nil, {} )
-
- trim_and_wrap(doc)
- end
-
- def try_it_now_link(method, uri)
- target = "#{request.protocol}#{request.host_with_port}#{uri}"
- "#{target} <input type=\"button\" value=\"Try it now\" '#{target}')\" />"
- end
-
end
-
Modified: trunk/app/views/mashup/api.rhtml (2133 => 2134)
--- trunk/app/views/mashup/api.rhtml 2009-03-24 16:16:07 UTC (rev 2133)
+++ trunk/app/views/mashup/api.rhtml 2009-03-24 19:03:28 UTC (rev 2134)
@@ -5,34 +5,10 @@
<h1>API version <%= "#{API_VERSION}" %></h1>
-<h2>Table of Contents</h2>
+<p>Please refer to the <%= Conf.sitename %> wiki for
+<a href="" documentation</a>.
+</p>
-<ul>
- <li><a href="" it out</a></li>
- <li><a href="" requests</a></li>
- <ul>
- <% get_rest_routes('index').each do |route| %>
- <li><a href="" "#{route[0]}" %>"><%= "#{route[0]} index" %></a></li>
- <% end %>
- </ul>
- <li><a href="" requests</a></li>
- <ul>
- <% get_rest_routes('crud').each do |route| %>
- <li><a href="" "rest-#{route[1]}-#{route[0]}" %>"><%= "#{route[1]} #{route[0]}" %></a></li>
- <% end %>
- </ul>
- <li><a href="" search</a></li>
- <li><a href="" selection</a></li>
- <li><a href=""
- <li><a href=""
- <li><a href=""
- <li><a href="" filtered by tag</a></li>
-<!--
- <li><a href="" URIs</a></li>
--->
- <li><a href="" version</a></li>
- <li><a href="" responses</a></li>
-</ul>
<h2 id="try-it-out">Try it out</h2>
@@ -57,239 +33,3 @@
<textarea class="try_it_out_box" id="output" cols="100" rows="20" style="font-size: 0.9em"></textarea><br />
</div>
-<!--
-<h2>REST commands</h2>
-
-<table summary="">
-
- <tr>
- <td>Auth ID</td>
- <td><input value="1" id="auth-id" size="4" /></td>
- <td>
-
- <input type="button" value="Login" />
- <input type="button" value="Logout" />
-
- </td>
- </tr>
-
-
- <tr>
- <td>User ID</td>
- <td><input value="1" id="user-id" size="4" /></td>
- <td>
-
- <input type="button" value="New user" />
- <input type="button" value="List users" />
- <input type="button" value="Get user" />
- <input type="button" value="Update user" />
- <input type="button" value="Delete user" />
-
- </td>
- </tr>
-
- <tr>
- <td>Profile ID</td>
- <td><input value="1" id="profile-id" size="4" /></td>
- <td>
-
- <input type="button" value="New profile" />
- <input type="button" value="List profiles" />
- <input type="button" value="Get profile" />
- <input type="button" value="Update profile" />
- <input type="button" value="Delete profile" />
-
- </td>
- </tr>
-
- <tr>
- <td>Group ID</td>
- <td><input value="1" id="group-id" size="4" /></td>
- <td>
-
- <input type="button" value="New group" />
- <input type="button" value="List groups" />
- <input type="button" value="Get group" />
- <input type="button" value="Update group" />
- <input type="button" value="Delete group" />
-
- </td>
- </tr>
-
- <tr>
- <td>Message ID</td>
- <td><input value="1" id="message-id" size="4" /></td>
- <td>
-
- <input type="button" value="New message" />
- <input type="button" value="List messages" />
- <input type="button" value="Get message" />
- <input type="button" value="Update message" />
- <input type="button" value="Delete message" />
-
- </td>
- </tr>
-</table>
--->
-<h2 id="index">Index requests</h2>
-
-<% get_rest_routes('index').each do |route| %>
-
- <h3 id="index-<%= "#{route[0]}" %>">GET <%= "/#{route[0]}.xml" %></h3>
-
- <h4>Example curl request:</h4>
- <p><tt>curl <%= "#{url_for(:controller => '/', : false)}#{route[0]}.xml" %></tt></p>
-
- <pre style="overflow: hidden"><%=h rest_index_example(route[0]) %></pre>
-
-<% end %>
-
-<h2 id="rest">REST (Create/Read/Update/Destroy) requests</h2>
-
-<% get_rest_routes('crud').each do |route| %>
-
- <h3 id="<%= "rest-#{route[1]}-#{route[0]}" %>"><%= "#{route[1]} /#{route[0]}.xml" %></h3>
-
- <% next unless route[1] == 'GET' %>
-
- <div class="rest_table">
- <table>
- <thead>
- <tr>
- <td>Element</td>
- <td>Example</td>
- <td>Read by default</td>
- </tr>
- </thead>
- <tbody>
- <% attrs = get_model_attributes(route[2]['REST Entity']) %>
- <% (0..attrs['REST Attribute'].length).each do |i| %>
-
- <tr>
- <td><%= attrs['REST Attribute'][i] %></td>
- <td><%= attrs['Example'][i] %></td>
- <td><%= attrs['Read by default'][i] %></td>
- </tr>
- <% end %>
- </tbody>
- </table>
- <p><small>Note: You can specify which elements to get by using the
- <a href="" query option.</small></p>
- </div>
-
- <h4>Example curl request:</h4>
- <p><tt>curl <%= "#{url_for(:controller => '/', : false)}#{route[0]}.xml?id=#{get_example_id(attrs)}" %></tt></p>
-
- <pre style="overflow: hidden"><%=h rest_example(route[1], route[2]['REST Entity'], route[2]['Model Entity'], get_example_id(attrs).to_i, false) %></pre>
-
-<% end %>
-
-<h2 id="search">General search</h2>
-
-<p>The search facility is available from the following URL:</p>
-
-<pre> <%= try_it_now_link('GET', '/search.xml?query=bioaid') %></pre>
-
-<p>Particular types can be specified by the <tt>type</tt> query option:</p>
-
-<pre> <%= try_it_now_link('GET', '/search.xml?query=bioaid&type=workflow') %></pre>
-
-<h2 id="elements">Element selection</h2>
-
-<p>The elements within each REST response can be tailored to include only the
-parts of the response of interest. This saves bandwidth and response time!</p>
-
-<pre> <%= try_it_now_link('GET', "/workflow.xml?id=#{rest_example_id('workflow')}&elements=title,description") %></pre>
-
-<p>All elements can be returned too.</p>
-
-<pre> <%= try_it_now_link('GET', "/workflow.xml?id=#{rest_example_id('workflow')}&all_elements=yes") %></pre>
-
-<h2 id="versions">Versions</h2>
-
-<p>For objects that have versions (e.g. Workflows), you may specify the
-specific version to be worked on by including <tt>version</tt> in the URI
-query. For example:</p>
-
-<pre> <%= try_it_now_link('GET', '/workflow.xml?id=20&version=1') %></pre>
-
-<h2 id="sorting">Sorting</h2>
-
-<p>Index and search requests can be sorted. By default, these results are
-sorted by ascending creation order but sorting by creation time
-(<tt>created</tt>), update time (<tt>updated</tt>), title (<tt>title</tt>) and
-name (<tt>name</tt>) is also possible. In addition, the results can be
-returned in reverse order.</p>
-
-<pre> <%= try_it_now_link('GET', '/workflows.xml?sort=title') %></pre>
-
-<pre> <%= try_it_now_link('GET', '/files.xml?sort=title&order=reverse') %></pre>
-
-<h2 id="pagination">Pagination</h2>
-
-<p>For the index requests, a default maximum of 25 results is shown. This can
-be raised to 100 by using adding <tt>num</tt> to the query. A particular
-page of results can be selected by adding <tt>page</tt> to the query.</p>
-
-<pre> <%= try_it_now_link('GET', '/workflows.xml?num=50&page=2') %></pre>
-
-<h2 id="tags">Index filtered by tag</h2>
-
-<p>For indices of taggable items, the index can be filtered on a particular tag.</p>
-
-<pre> <%= try_it_now_link('GET', '/workflows.xml?tag=bioaid') %></pre>
-
-<!--
-<h2 id="rest-uris">REST URIs</h2>
-
-<p>URIs used within the API refer to the <%= Conf.sitename %> records. In addition to
-these, "REST URIs" can be requested within each API response by including
-<tt>rest_uris=yes</tt> in the query.</p>
-
-<p>The REST URIs are useful endpoints for further API calls.</p>
-
-<pre> <%= try_it_now_link('GET', '/workflow.xml?id=36&rest_uris=yes') %></pre>
--->
-
-<h2 id="api-version">API version</h2>
-
-<p>The version of the REST API that the server uses can be requested by
-including <tt>api_version</tt> in the query.</p>
-
-<pre> <%= try_it_now_link('GET', '/workflows.xml?api_version=yes') %></pre>
-
-<h2 id="errors">Error responses</h2>
-
-<p>The general format of an error response from the REST API is an XML document
-with an <tt>error</tt> element. The <tt>code</tt> attribute contains a number
-that determines the class of error. The <tt>message</tt> attribute of the
-error element contains a human readable message describing the error.</p>
-
-<h3>Example error response</h3>
-
-<pre>
-<?xml version="1.0" encoding="UTF-8"?>
-<error message="Resource not found" code="404"/>
-</pre>
-
-<h3>Error messages</h3>
-
-<div class="rest_table" summary="">
- <table>
- <thead>
- <tr>
- <td>Message</td>
- <td>Code</td>
- </tr>
- </thead>
- <tbody>
- <tr><td>Resource not found</td><td>404</td></tr>
- <tr><td>Not authorized</td><td>403</td></tr>
- <tr><td>Resource not versioned</td><td>400</td></tr>
- <tr><td>Resource version not found</td><td>404</td></tr>
- <tr><td>Service unavailable</td><td>503</td></tr>
- </tbody>
- </table>
-</div>
-
-
Modified: trunk/config/tables.xml
(Binary files differ)
Modified: trunk/lib/rest.rb (2133 => 2134)
--- trunk/lib/rest.rb 2009-03-24 16:16:07 UTC (rev 2133)
+++ trunk/lib/rest.rb 2009-03-24 19:03:28 UTC (rev 2134)
@@ -18,7 +18,7 @@
'Foreign Accessor',
'List Element Name', 'List Element Accessor',
'Example', 'Versioned', 'Key type',
- 'Limited to user' ] },
+ 'Limited to user', 'Permission' ] },
'REST' => { :indices => [ 'URI', 'Method' ] }
} )
@@ -94,7 +94,7 @@
def rest_get_element(ob, user, rest_entity, rest_attribute, query, elements)
- puts "rest_get_element: #{rest_entity} / #{rest_attribute}"
+ # puts "rest_get_element: #{rest_entity} / #{rest_attribute}"
model_data = TABLES['Model'][:data][rest_entity]
@@ -114,6 +114,12 @@
return nil if limited_ob != user
end
+ permission = model_data['Permission'][i]
+
+ if permission
+ return nil if !Authorization.is_authorized?(permission, nil, ob, user)
+ end
+
unless query['all_elements'] == 'yes'
return nil if elements and not elements.index(model_data['REST Attribute'][i])
return nil if not elements and model_data['Read by default'][i] == 'no'