Merge branch 'develop'

Author: toastercup

.travis.yml

@@ -1,14 +1,9 @@
-sudo: required
+sudo: false
 language: ruby
 cache: bundler
 rvm:
   - 2.3.0
 before_install:
-  - wget https://s3.amazonaws.com/cb-content-enablement-misc/resources/phantomjs-2.1.1-linux-x86_64.tar.bz2
-  - tar -xjf phantomjs-2.1.1-linux-x86_64.tar.bz2
-  - sudo rm -rf /usr/local/phantomjs/bin/phantomjs
-  - sudo mv phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/phantomjs/bin/phantomjs
-
   - mkdir /tmp/elasticsearch
   - wget -O - https://download.elasticsearch.org/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/${ES_VERSION}/elasticsearch-${ES_VERSION}.tar.gz | tar xz --directory=/tmp/elasticsearch --strip-components=1
   - /tmp/elasticsearch/bin/elasticsearch -d -D es.path.data=/tmp -D es.discovery.zen.ping.multicast.enabled=false

Gemfile

@@ -17,7 +17,6 @@ gem 'cortex-exceptions', '~> 0.0.4'
 gem 'grape', '~> 0.14'
 gem 'grape-entity', '~> 0.5.1'
 gem 'grape-swagger', '~> 0.20.1'
-gem 'grape-cache_control', '~> 1.0.1'
 gem 'redis-rails', '~> 4.0'
 
 # Authorization

Gemfile.lock

@@ -291,8 +291,6 @@ GEM
       rack-accept
       rack-mount
       virtus (>= 1.0.0)
-    grape-cache_control (1.0.1)
-      grape (~> 0.3)
     grape-entity (0.5.1)
       activesupport
       multi_json (>= 1.3.2)
@@ -618,7 +616,6 @@ DEPENDENCIES
   font-awesome-sass (~> 4.5.0)
   gon (~> 6.0.1)
   grape (~> 0.14)
-  grape-cache_control (~> 1.0.1)
   grape-entity (~> 0.5.1)
   grape-kaminari!
   grape-swagger (~> 0.20.1)

app/api/api.rb

@@ -4,7 +4,7 @@ class API < Grape::API
     rack_response({message: 'Validation failed', errors: errors}.to_json, 422)
   end
 
-  include ::V1::Auth
-  helpers ::V1::APIHelper
+  include ::Helpers::AuthHelper
+  helpers ::Helpers::APIHelper
   mount ::V1::API
 end

app/api/api_helper.rb

@@ -0,0 +1,32 @@
+module Helpers
+  module APIHelper
+    def logger
+      ::API.logger
+    end
+
+    def current_tenant
+      current_user.tenant
+    end
+
+    # API Errors
+    def bad_request!
+      render_api_error!('(400) Bad Request', 400)
+    end
+
+    def forbidden!
+      render_api_error!('(403) Forbidden', 403)
+    end
+
+    def not_found!
+      render_api_error!('(404) Not found', 404)
+    end
+
+    def unauthorized!
+      render_api_error!('(401) Unauthorized', 401)
+    end
+
+    def render_api_error!(message, status)
+      error!({message: message}, status)
+    end
+  end
+end

app/api/auth.rb

@@ -0,0 +1,94 @@
+require 'doorkeeper/grape/authorization_decorator'
+
+module Helpers
+  module AuthHelper
+    extend ActiveSupport::Concern
+
+    included do
+      use Rack::OAuth2::Server::Resource::Bearer, 'OAuth2' do |request|
+        # Yield access token to store it in the env
+        request.access_token
+      end
+
+      helpers HelperMethods
+    end
+
+    module HelperMethods
+      def current_user
+        @current_user ||= find_current_user
+      end
+
+      def current_user!
+        current_user.anonymous? ? unauthorized! : current_user
+      end
+
+      def find_access_token
+        @access_token ||= Doorkeeper.authenticate(doorkeeper_request, Doorkeeper.configuration.access_token_methods)
+      end
+
+      def authenticate!
+        unauthorized! unless current_user
+      end
+
+      def authorize!(action, subject)
+        unless abilities.allowed?(current_user, action, subject)
+          # TODO: Un-comment on May 12, date of OAuth Scope Enforcement rollout
+          # forbidden!
+        end
+      end
+
+      def require_scope!(scopes)
+        return unless find_access_token
+        scopes = [scopes] unless scopes.kind_of? Array
+
+        unless (find_access_token.scopes.to_a & scopes) == scopes
+          forbidden!
+        end
+      end
+
+      def can?(object, action, subject)
+        abilities.allowed?(object, action, subject)
+      end
+
+      private
+
+      def abilities
+        @abilities ||= begin
+          abilities = Six.new
+          abilities << Abilities::Ability
+          abilities
+        end
+      end
+
+      def find_current_user
+        if find_access_token
+          lookup_owner
+        elsif warden_current_user
+          warden_current_user
+        else
+          User.anonymous
+        end
+      end
+
+      def lookup_owner
+        if find_access_token.resource_owner_id.present?
+          User.find_by_id(find_access_token.resource_owner_id)
+        else
+          find_access_token.application.owner
+        end
+      end
+
+      def doorkeeper_request
+        @doorkeeper_request ||= Doorkeeper::Grape::AuthorizationDecorator.new(request)
+      end
+
+      def warden
+        @warden ||= env['warden']
+      end
+
+      def warden_current_user
+        warden ? warden.user : nil
+      end
+    end
+  end
+end

app/api/helpers/api_helper.rb

@@ -4,10 +4,6 @@ class Posts < Grape::API
       helpers ::V1::Helpers::SharedParamsHelper
       helpers ::V1::Helpers::ParamsHelper
 
-      before do
-        cache_control :public, max_age: 2592000, s_maxage: 2592000
-      end
-
       resource :posts do
         include Grape::Kaminari
         helpers ::V1::Helpers::PostsHelper

app/api/helpers/auth_helper.rb

@@ -3,10 +3,6 @@ module Resources
     class Webpages < Grape::API
       helpers ::V1::Helpers::ParamsHelper
 
-      before do
-        cache_control :public, max_age: 2592000, s_maxage: 2592000
-      end
-
       resource :webpages do
         include Grape::Kaminari
         helpers ::V1::Helpers::WebpagesHelper