Update README

fabbricadigitale · Aug 5, 2018 · d1c9bab · d1c9bab
1 parent 638257c
commit d1c9bab
Show file tree

Hide file tree

Showing 7 changed files with 39 additions and 28 deletions.
diff --git a/README.md b/README.md
@@ -1,28 +1,36 @@
 # Rails-API-Template
-This template creates a Ruby on Rails API application.
+This template creates a Ruby on Rails API application with the following features:
 
-## Backend
-
-+ Standard JSON-API server using [JSON API Resources](http://jsonapi-resources.com)
++ Standard JSON API server using [JSON API Resources](http://jsonapi-resources.com)
 + Use `UUID` instead of integer IDs by default in migrations
 + Standard `has_secure_password` extension used for storing user passwords
-+ Multiple roles available per user, backed by [Rolify](https://github.com/RolifyCommunity/rolify)
++ Multiple roles available per user backed by [Rolify](https://github.com/RolifyCommunity/rolify)
 + Authorization of REST actions backed by [Pundit](https://github.com/elabs/pundit)
++ Use `memcached` as underlying cache store
 + Custom `has_secure_tokens` extension used in conjuction with [JSON Web Tokens](https://jwt.io/) for managing and verifying user tokens
 + An `authorization` controller concern and a `sessions_controller` to handle JWT authentication and authorization
 + A `registrations_controller` to handle user registrations
-+ Easy `has_fulltext_search` extension backed by [PGSearch](https://github.com/Casecommons/pg_search) used to leverage PostgreSQL’s full text search
-+ Integration of client full-text search with JSONAPI-Resources
-+ Provide a production ready Puma configuration
-+ Provide a template for [Rollbar](https://rollbar.com) reporting (should be used in production only)
-+ Provides connection to New Relic
-+ Uses Memcached as underlying cache store
++ A `has_fulltext_search` extension backed by [PGSearch](https://github.com/Casecommons/pg_search) used to leverage PostgreSQL’s full text search
++ A production ready Puma configuration
++ Rspec and FactoryBot for testing
++ A template for [Rollbar](https://rollbar.com) exception monitoring (should be used in production only)
++ A template for [New Relic](https://www.newrelic.com) application monitoring
+
+Included support for (to be documented):
+
++ Excel
++ PDF
++ Background jobs & scheduling
++ Email
++ Networking tools
++ Reporting tools
++ ISO-compliant countries and exchange-rates information
 
 # Requirements
 
-+ **Ruby** 2.4.2
-+ **Rails** 5.2.1
-+ **Postgresql** 9.6
++ **Ruby** 2.4
++ **Rails** 5.2
++ **Postgresql** At least v9
 + **Memcached**
 
 # Usage
@@ -32,7 +40,6 @@ gem install \
     bundler \
     rails \
     foreman \
-    thor \
     --no-rdoc \
     --no-ri
 ```
@@ -46,5 +53,6 @@ rails new myapi \
 
 ```
 cd myapi
+rspec
 foreman start
 ```               
diff --git a/app/policies/account_policy.rb b/app/policies/account_policy.rb
@@ -7,19 +7,19 @@ def create?
   def show?
     user.id === record.id ?
       true :
-      raise Pundit::NotAuthorizedError
+      raise(Pundit::NotAuthorizedError)
   end
 
   def update?
     user.id === record.id ?
       true :
-      raise Pundit::NotAuthorizedError
+      raise(Pundit::NotAuthorizedError)
   end
 
   def destroy?
     user.id === record.id ?
       true :
-      raise Pundit::NotAuthorizedError
+      raise(Pundit::NotAuthorizedError)
   end
 
 end

diff --git a/app/policies/country_policy.rb b/app/policies/country_policy.rb
@@ -16,8 +16,9 @@ def show?
     end
 
     def update?
-      raise Pundit::NotAuthorizedError unless user
-      true
+      user.has_any_role?(:admin) ?
+        true :
+        (raise Pundit::NotAuthorizedError)
     end
 
     def destroy?

diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
@@ -3,31 +3,31 @@ class UserPolicy < ApplicationPolicy
    def index?
     user.has_any_role?(:admin) ?
       true :
-      raise Pundit::NotAuthorizedError
+      raise(Pundit::NotAuthorizedError)
    end
 
    def create?
     user.has_any_role?(:admin) ?
       true :
-      raise Pundit::NotAuthorizedError
+      raise(Pundit::NotAuthorizedError)
    end
 
    def show?
     user.has_any_role?(:admin) ?
       true :
-      raise Pundit::NotAuthorizedError
+      raise(Pundit::NotAuthorizedError)
    end
 
    def update?
     user.has_any_role?(:admin) ?
       true :
-      raise Pundit::NotAuthorizedError
+      raise(Pundit::NotAuthorizedError)
    end
 
    def destroy?
     user.has_any_role?(:admin) ?
       true :
-      raise Pundit::NotAuthorizedError
+      raise(Pundit::NotAuthorizedError)
    end
 
 end
diff --git a/app/resources/api/v1/api_resource.rb b/app/resources/api/v1/api_resource.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class Api::V1::ApiResource < JSONAPI::Resource
+
+    include JSONAPI::Authorization::PunditScopedResource
 
     abstract
 

diff --git a/config/initializers/jsonapi_resources.rb b/config/initializers/jsonapi_resources.rb
@@ -17,8 +17,8 @@
   config.top_level_meta_include_page_count = false
   config.top_level_meta_page_count_key = :page_count
 
-  #config.default_processor_klass = JSONAPI::Authorization::AuthorizingProcessor
-  #config.exception_class_whitelist = [Pundit::NotAuthorizedError]
+  config.default_processor_klass = JSONAPI::Authorization::AuthorizingProcessor
+  config.exception_class_whitelist = [Pundit::NotAuthorizedError]
 
   # Resource caching
   config.resource_cache = Rails.cache

diff --git a/template.rb b/template.rb
@@ -39,7 +39,7 @@ def commit(msg)
   gem 'pry-rails'
 end
 gem 'jsonapi-resources'
-gem 'jsonapi-authorization', git: 'https://github.com/venuu/jsonapi-authorization.git'
+gem 'jsonapi-authorization', github: 'matteolc/jsonapi-authorization'
 gem 'dalli'
 gem 'connection_pool'
 gem 'dotenv-rails'