diff --git a/README.md b/README.md index f37f662..764bca3 100755 --- a/README.md +++ b/README.md @@ -1,28 +1,36 @@ # Rails-API-Template -This template creates a Ruby on Rails API application. +This template creates a Ruby on Rails API application with the following features: -## Backend - -+ Standard JSON-API server using [JSON API Resources](http://jsonapi-resources.com) ++ Standard JSON API server using [JSON API Resources](http://jsonapi-resources.com) + Use `UUID` instead of integer IDs by default in migrations + Standard `has_secure_password` extension used for storing user passwords -+ Multiple roles available per user, backed by [Rolify](https://github.com/RolifyCommunity/rolify) ++ Multiple roles available per user backed by [Rolify](https://github.com/RolifyCommunity/rolify) + Authorization of REST actions backed by [Pundit](https://github.com/elabs/pundit) ++ Use `memcached` as underlying cache store + Custom `has_secure_tokens` extension used in conjuction with [JSON Web Tokens](https://jwt.io/) for managing and verifying user tokens + An `authorization` controller concern and a `sessions_controller` to handle JWT authentication and authorization + A `registrations_controller` to handle user registrations -+ Easy `has_fulltext_search` extension backed by [PGSearch](https://github.com/Casecommons/pg_search) used to leverage PostgreSQL’s full text search -+ Integration of client full-text search with JSONAPI-Resources -+ Provide a production ready Puma configuration -+ Provide a template for [Rollbar](https://rollbar.com) reporting (should be used in production only) -+ Provides connection to New Relic -+ Uses Memcached as underlying cache store ++ A `has_fulltext_search` extension backed by [PGSearch](https://github.com/Casecommons/pg_search) used to leverage PostgreSQL’s full text search ++ A production ready Puma configuration ++ Rspec and FactoryBot for testing ++ A template for [Rollbar](https://rollbar.com) exception monitoring (should be used in production only) ++ A template for [New Relic](https://www.newrelic.com) application monitoring + +Included support for (to be documented): + ++ Excel ++ PDF ++ Background jobs & scheduling ++ Email ++ Networking tools ++ Reporting tools ++ ISO-compliant countries and exchange-rates information # Requirements -+ **Ruby** 2.4.2 -+ **Rails** 5.2.1 -+ **Postgresql** 9.6 ++ **Ruby** 2.4 ++ **Rails** 5.2 ++ **Postgresql** At least v9 + **Memcached** # Usage @@ -32,7 +40,6 @@ gem install \ bundler \ rails \ foreman \ - thor \ --no-rdoc \ --no-ri ``` @@ -46,5 +53,6 @@ rails new myapi \ ``` cd myapi +rspec foreman start ``` \ No newline at end of file diff --git a/app/policies/account_policy.rb b/app/policies/account_policy.rb index fcc8cac..779e814 100755 --- a/app/policies/account_policy.rb +++ b/app/policies/account_policy.rb @@ -7,19 +7,19 @@ def create? def show? user.id === record.id ? true : - raise Pundit::NotAuthorizedError + raise(Pundit::NotAuthorizedError) end def update? user.id === record.id ? true : - raise Pundit::NotAuthorizedError + raise(Pundit::NotAuthorizedError) end def destroy? user.id === record.id ? true : - raise Pundit::NotAuthorizedError + raise(Pundit::NotAuthorizedError) end end diff --git a/app/policies/country_policy.rb b/app/policies/country_policy.rb index e50a417..e4d0e50 100755 --- a/app/policies/country_policy.rb +++ b/app/policies/country_policy.rb @@ -16,8 +16,9 @@ def show? end def update? - raise Pundit::NotAuthorizedError unless user - true + user.has_any_role?(:admin) ? + true : + (raise Pundit::NotAuthorizedError) end def destroy? diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb index 3906daa..14959fb 100755 --- a/app/policies/user_policy.rb +++ b/app/policies/user_policy.rb @@ -3,31 +3,31 @@ class UserPolicy < ApplicationPolicy def index? user.has_any_role?(:admin) ? true : - raise Pundit::NotAuthorizedError + raise(Pundit::NotAuthorizedError) end def create? user.has_any_role?(:admin) ? true : - raise Pundit::NotAuthorizedError + raise(Pundit::NotAuthorizedError) end def show? user.has_any_role?(:admin) ? true : - raise Pundit::NotAuthorizedError + raise(Pundit::NotAuthorizedError) end def update? user.has_any_role?(:admin) ? true : - raise Pundit::NotAuthorizedError + raise(Pundit::NotAuthorizedError) end def destroy? user.has_any_role?(:admin) ? true : - raise Pundit::NotAuthorizedError + raise(Pundit::NotAuthorizedError) end end \ No newline at end of file diff --git a/app/resources/api/v1/api_resource.rb b/app/resources/api/v1/api_resource.rb index 8fd56ca..87ca6f9 100755 --- a/app/resources/api/v1/api_resource.rb +++ b/app/resources/api/v1/api_resource.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Api::V1::ApiResource < JSONAPI::Resource + + include JSONAPI::Authorization::PunditScopedResource abstract diff --git a/config/initializers/jsonapi_resources.rb b/config/initializers/jsonapi_resources.rb index aad0f02..e7e53ea 100755 --- a/config/initializers/jsonapi_resources.rb +++ b/config/initializers/jsonapi_resources.rb @@ -17,8 +17,8 @@ config.top_level_meta_include_page_count = false config.top_level_meta_page_count_key = :page_count - #config.default_processor_klass = JSONAPI::Authorization::AuthorizingProcessor - #config.exception_class_whitelist = [Pundit::NotAuthorizedError] + config.default_processor_klass = JSONAPI::Authorization::AuthorizingProcessor + config.exception_class_whitelist = [Pundit::NotAuthorizedError] # Resource caching config.resource_cache = Rails.cache diff --git a/template.rb b/template.rb index 028d300..ed0dc14 100755 --- a/template.rb +++ b/template.rb @@ -39,7 +39,7 @@ def commit(msg) gem 'pry-rails' end gem 'jsonapi-resources' -gem 'jsonapi-authorization', git: 'https://github.com/venuu/jsonapi-authorization.git' +gem 'jsonapi-authorization', github: 'matteolc/jsonapi-authorization' gem 'dalli' gem 'connection_pool' gem 'dotenv-rails'