api: expose plugin endpoints only if enabled on the environment

Rodrigo Souto
1 parent eafa036d
Showing 7 changed files with 74 additions and 7 deletions Show diff stats
app/controllers/public/api_controller.rb
app/views/api/index.html.erb
app/views/api/playground.html.erb
lib/noosfero/api/api.rb
lib/noosfero/api/helpers.rb
test/unit/api/api_test.rb
test/unit/api/helpers_test.rb
@@ -2,12 +2,18 @@ class ApiController &lt; PublicController
   no_design_blocks
+  helper_method :endpoints
+
   def index
-    @api = Noosfero::API.api_class
   end
   def playground
-    @api = Noosfero::API.api_class
+  end
+
+  private
+
+  def endpoints
+    Noosfero::API::API.endpoints(environment)
   end
 end
@@ -4,7 +4,7 @@
 <%= s_('api-playground|Try the %s') % link_to('API Playground', '/api/playground') %>
 </div>
-<%= @api.endpoints.map do |endpoint|
+<%= endpoints.map do |endpoint|
   app = endpoint.options[:app].to_s
   unless app.blank?
     content_tag(:h2, app.split('::').last.to_s, title: app) +
@@ -2,7 +2,7 @@
 <script>
 var endpoints = <%=
-@api.endpoints.map do |endpoint|
+endpoints.map do |endpoint|
   app = endpoint.options[:app].to_s
   unless app.blank?
     endpoint.routes.map do |route|
@@ -28,6 +28,7 @@ module Noosfero
       before { setup_multitenancy }
       before { detect_stuff_by_domain }
+      before { filter_disabled_plugins_endpoints }
       after { set_session_cookie }
       version 'v1'
@@ -57,10 +58,26 @@ module Noosfero
           end
         end
       end
-    end
-    def self.api_class
-      API
+      def self.endpoint_unavailable?(endpoint, environment)
+        api_class = endpoint.options[:app] || endpoint.options[:for]
+        if api_class.present?
+          klass = api_class.name.deconstantize.constantize
+          return klass < Noosfero::Plugin && !environment.plugin_enabled?(klass)
+        end
+      end
+
+      class << self
+        def endpoints_with_plugins(environment = nil)
+          if environment.present?
+            cloned_endpoints = endpoints_without_plugins.dup
+            cloned_endpoints.delete_if { |endpoint| endpoint_unavailable?(endpoint, environment) }
+          else
+            endpoints_without_plugins
+          end
+        end
+        alias_method_chain :endpoints, :plugins
+      end
     end
   end
 end
@@ -127,6 +127,10 @@ module Noosfero
       #              error helpers             #
       ##########################################
+      def not_found!
+        render_api_error!('404 Not found', 404)
+      end
+
       def forbidden!
         render_api_error!('403 Forbidden', 403)
       end
@@ -184,6 +188,10 @@ module Noosfero
         end
       end
+      def filter_disabled_plugins_endpoints
+        not_found! if Noosfero::API::API.endpoint_unavailable?(self, !@environment)
+      end
+
       private
       def parser_params(params)
@@ -0,0 +1,29 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class MyPlugin < Noosfero::Plugin;end
+class MyPlugin::API;end
+
+class APITest < ActiveSupport::TestCase
+
+  should 'endpoint should not be available if its plugin is unavailable' do
+    endpoint = mock()
+    environment = Environment.default
+    environment.stubs(:plugin_enabled?).returns(false)
+    endpoint.stubs(:options).returns({:for => MyPlugin::API})
+
+    assert Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
+  end
+
+  should 'endpoint should be available if its plugin is available' do
+    class MyPlugin < Noosfero::Plugin;end
+    class MyPlugin::API;end
+
+    endpoint = mock()
+    environment = Environment.default
+    environment.stubs(:plugin_enabled?).returns(true)
+    endpoint.stubs(:options).returns({:for => MyPlugin::API})
+
+    assert !Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
+  end
+
+end
@@ -161,6 +161,13 @@ class APIHelpersTest &lt; ActiveSupport::TestCase
     assert_nil make_conditions_with_parameter[:type]
   end
+  should 'render not_found if endpoint is unavailable' do
+    Noosfero::API::API.stubs(:endpoint_unavailable?).returns(true)
+    self.expects(:not_found!)
+
+    filter_disabled_plugins_endpoints
+  end
+
   protected
   def error!(info, status)
	@@ -4,7 +4,7 @@		@@ -4,7 +4,7 @@
4	<%= s_('api-playground\|Try the %s') % link_to('API Playground', '/api/playground') %>	4	<%= s_('api-playground\|Try the %s') % link_to('API Playground', '/api/playground') %>
5	</div>	5	</div>
6		6
7	-<%= @api.endpoints.map do \|endpoint\|	7	+<%= endpoints.map do \|endpoint\|
8	app = endpoint.options[:app].to_s	8	app = endpoint.options[:app].to_s
9	unless app.blank?	9	unless app.blank?
10	content_tag(:h2, app.split('::').last.to_s, title: app) +	10	content_tag(:h2, app.split('::').last.to_s, title: app) +
	@@ -2,7 +2,7 @@		@@ -2,7 +2,7 @@
2		2
3	<script>	3	<script>
4	var endpoints = <%=	4	var endpoints = <%=
5	-@api.endpoints.map do \|endpoint\|	5	+endpoints.map do \|endpoint\|
6	app = endpoint.options[:app].to_s	6	app = endpoint.options[:app].to_s
7	unless app.blank?	7	unless app.blank?
8	endpoint.routes.map do \|route\|	8	endpoint.routes.map do \|route\|
	@@ -28,6 +28,7 @@ module Noosfero		@@ -28,6 +28,7 @@ module Noosfero
28		28
29	before { setup_multitenancy }	29	before { setup_multitenancy }
30	before { detect_stuff_by_domain }	30	before { detect_stuff_by_domain }
		31	+ before { filter_disabled_plugins_endpoints }
31	after { set_session_cookie }	32	after { set_session_cookie }
32		33
33	version 'v1'	34	version 'v1'
	@@ -57,10 +58,26 @@ module Noosfero		@@ -57,10 +58,26 @@ module Noosfero
57	end	58	end
58	end	59	end
59	end	60	end
60	- end
61		61
62	- def self.api_class
63	- API	62	+ def self.endpoint_unavailable?(endpoint, environment)
		63	+ api_class = endpoint.options[:app] \|\| endpoint.options[:for]
		64	+ if api_class.present?
		65	+ klass = api_class.name.deconstantize.constantize
		66	+ return klass < Noosfero::Plugin && !environment.plugin_enabled?(klass)
		67	+ end
		68	+ end
		69	+
		70	+ class << self
		71	+ def endpoints_with_plugins(environment = nil)
		72	+ if environment.present?
		73	+ cloned_endpoints = endpoints_without_plugins.dup
		74	+ cloned_endpoints.delete_if { \|endpoint\| endpoint_unavailable?(endpoint, environment) }
		75	+ else
		76	+ endpoints_without_plugins
		77	+ end
		78	+ end
		79	+ alias_method_chain :endpoints, :plugins
		80	+ end
64	end	81	end
65	end	82	end
66	end	83	end
@@ -0,0 +1,29 @@		@@ -0,0 +1,29 @@
	1	+require File.dirname(__FILE__) + '/test_helper'
	2	+
	3	+class MyPlugin < Noosfero::Plugin;end
	4	+class MyPlugin::API;end
	5	+
	6	+class APITest < ActiveSupport::TestCase
	7	+
	8	+ should 'endpoint should not be available if its plugin is unavailable' do
	9	+ endpoint = mock()
	10	+ environment = Environment.default
	11	+ environment.stubs(:plugin_enabled?).returns(false)
	12	+ endpoint.stubs(:options).returns({:for => MyPlugin::API})
	13	+
	14	+ assert Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
	15	+ end
	16	+
	17	+ should 'endpoint should be available if its plugin is available' do
	18	+ class MyPlugin < Noosfero::Plugin;end
	19	+ class MyPlugin::API;end
	20	+
	21	+ endpoint = mock()
	22	+ environment = Environment.default
	23	+ environment.stubs(:plugin_enabled?).returns(true)
	24	+ endpoint.stubs(:options).returns({:for => MyPlugin::API})
	25	+
	26	+ assert !Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
	27	+ end
	28	+
	29	+end
	@@ -161,6 +161,13 @@ class APIHelpersTest < ActiveSupport::TestCase		@@ -161,6 +161,13 @@ class APIHelpersTest < ActiveSupport::TestCase
161	assert_nil make_conditions_with_parameter[:type]	161	assert_nil make_conditions_with_parameter[:type]
162	end	162	end
163		163
		164	+ should 'render not_found if endpoint is unavailable' do
		165	+ Noosfero::API::API.stubs(:endpoint_unavailable?).returns(true)
		166	+ self.expects(:not_found!)
		167	+
		168	+ filter_disabled_plugins_endpoints
		169	+ end
		170	+
164	protected	171	protected
165		172
166	def error!(info, status)	173	def error!(info, status)