Commit 4cb1363d9240f238416f25cdeddfb0b4e01905a4
1 parent
eafa036d
Exists in
api_tasks
and in
4 other branches
api: expose plugin endpoints only if enabled on the environment
Showing
7 changed files
with
74 additions
and
7 deletions
Show diff stats
app/controllers/public/api_controller.rb
| ... | ... | @@ -2,12 +2,18 @@ class ApiController < PublicController |
| 2 | 2 | |
| 3 | 3 | no_design_blocks |
| 4 | 4 | |
| 5 | + helper_method :endpoints | |
| 6 | + | |
| 5 | 7 | def index |
| 6 | - @api = Noosfero::API.api_class | |
| 7 | 8 | end |
| 8 | 9 | |
| 9 | 10 | def playground |
| 10 | - @api = Noosfero::API.api_class | |
| 11 | + end | |
| 12 | + | |
| 13 | + private | |
| 14 | + | |
| 15 | + def endpoints | |
| 16 | + Noosfero::API::API.endpoints(environment) | |
| 11 | 17 | end |
| 12 | 18 | |
| 13 | 19 | end | ... | ... |
app/views/api/index.html.erb
| ... | ... | @@ -4,7 +4,7 @@ |
| 4 | 4 | <%= s_('api-playground|Try the %s') % link_to('API Playground', '/api/playground') %> |
| 5 | 5 | </div> |
| 6 | 6 | |
| 7 | -<%= @api.endpoints.map do |endpoint| | |
| 7 | +<%= endpoints.map do |endpoint| | |
| 8 | 8 | app = endpoint.options[:app].to_s |
| 9 | 9 | unless app.blank? |
| 10 | 10 | content_tag(:h2, app.split('::').last.to_s, title: app) + | ... | ... |
app/views/api/playground.html.erb
lib/noosfero/api/api.rb
| ... | ... | @@ -28,6 +28,7 @@ module Noosfero |
| 28 | 28 | |
| 29 | 29 | before { setup_multitenancy } |
| 30 | 30 | before { detect_stuff_by_domain } |
| 31 | + before { filter_disabled_plugins_endpoints } | |
| 31 | 32 | after { set_session_cookie } |
| 32 | 33 | |
| 33 | 34 | version 'v1' |
| ... | ... | @@ -57,10 +58,26 @@ module Noosfero |
| 57 | 58 | end |
| 58 | 59 | end |
| 59 | 60 | end |
| 60 | - end | |
| 61 | 61 | |
| 62 | - def self.api_class | |
| 63 | - API | |
| 62 | + def self.endpoint_unavailable?(endpoint, environment) | |
| 63 | + api_class = endpoint.options[:app] || endpoint.options[:for] | |
| 64 | + if api_class.present? | |
| 65 | + klass = api_class.name.deconstantize.constantize | |
| 66 | + return klass < Noosfero::Plugin && !environment.plugin_enabled?(klass) | |
| 67 | + end | |
| 68 | + end | |
| 69 | + | |
| 70 | + class << self | |
| 71 | + def endpoints_with_plugins(environment = nil) | |
| 72 | + if environment.present? | |
| 73 | + cloned_endpoints = endpoints_without_plugins.dup | |
| 74 | + cloned_endpoints.delete_if { |endpoint| endpoint_unavailable?(endpoint, environment) } | |
| 75 | + else | |
| 76 | + endpoints_without_plugins | |
| 77 | + end | |
| 78 | + end | |
| 79 | + alias_method_chain :endpoints, :plugins | |
| 80 | + end | |
| 64 | 81 | end |
| 65 | 82 | end |
| 66 | 83 | end | ... | ... |
lib/noosfero/api/helpers.rb
| ... | ... | @@ -127,6 +127,10 @@ module Noosfero |
| 127 | 127 | # error helpers # |
| 128 | 128 | ########################################## |
| 129 | 129 | |
| 130 | + def not_found! | |
| 131 | + render_api_error!('404 Not found', 404) | |
| 132 | + end | |
| 133 | + | |
| 130 | 134 | def forbidden! |
| 131 | 135 | render_api_error!('403 Forbidden', 403) |
| 132 | 136 | end |
| ... | ... | @@ -184,6 +188,10 @@ module Noosfero |
| 184 | 188 | end |
| 185 | 189 | end |
| 186 | 190 | |
| 191 | + def filter_disabled_plugins_endpoints | |
| 192 | + not_found! if Noosfero::API::API.endpoint_unavailable?(self, !@environment) | |
| 193 | + end | |
| 194 | + | |
| 187 | 195 | private |
| 188 | 196 | |
| 189 | 197 | def parser_params(params) | ... | ... |
| ... | ... | @@ -0,0 +1,29 @@ |
| 1 | +require File.dirname(__FILE__) + '/test_helper' | |
| 2 | + | |
| 3 | +class MyPlugin < Noosfero::Plugin;end | |
| 4 | +class MyPlugin::API;end | |
| 5 | + | |
| 6 | +class APITest < ActiveSupport::TestCase | |
| 7 | + | |
| 8 | + should 'endpoint should not be available if its plugin is unavailable' do | |
| 9 | + endpoint = mock() | |
| 10 | + environment = Environment.default | |
| 11 | + environment.stubs(:plugin_enabled?).returns(false) | |
| 12 | + endpoint.stubs(:options).returns({:for => MyPlugin::API}) | |
| 13 | + | |
| 14 | + assert Noosfero::API::API.endpoint_unavailable?(endpoint, environment) | |
| 15 | + end | |
| 16 | + | |
| 17 | + should 'endpoint should be available if its plugin is available' do | |
| 18 | + class MyPlugin < Noosfero::Plugin;end | |
| 19 | + class MyPlugin::API;end | |
| 20 | + | |
| 21 | + endpoint = mock() | |
| 22 | + environment = Environment.default | |
| 23 | + environment.stubs(:plugin_enabled?).returns(true) | |
| 24 | + endpoint.stubs(:options).returns({:for => MyPlugin::API}) | |
| 25 | + | |
| 26 | + assert !Noosfero::API::API.endpoint_unavailable?(endpoint, environment) | |
| 27 | + end | |
| 28 | + | |
| 29 | +end | ... | ... |
test/unit/api/helpers_test.rb
| ... | ... | @@ -161,6 +161,13 @@ class APIHelpersTest < ActiveSupport::TestCase |
| 161 | 161 | assert_nil make_conditions_with_parameter[:type] |
| 162 | 162 | end |
| 163 | 163 | |
| 164 | + should 'render not_found if endpoint is unavailable' do | |
| 165 | + Noosfero::API::API.stubs(:endpoint_unavailable?).returns(true) | |
| 166 | + self.expects(:not_found!) | |
| 167 | + | |
| 168 | + filter_disabled_plugins_endpoints | |
| 169 | + end | |
| 170 | + | |
| 164 | 171 | protected |
| 165 | 172 | |
| 166 | 173 | def error!(info, status) | ... | ... |