diff --git a/app/controllers/api/v0/guidance_groups_controller.rb b/app/controllers/api/v0/guidance_groups_controller.rb index 173cce4..1336f55 100644 --- a/app/controllers/api/v0/guidance_groups_controller.rb +++ b/app/controllers/api/v0/guidance_groups_controller.rb @@ -11,7 +11,7 @@ end def index -raise Pundit::NotAuthorizedError unless Api::V0::GuidanceGroupPolicy.new(@user, :guidance_group).index? + raise Pundit::NotAuthorizedError unless Api::V0::GuidanceGroupPolicy.new(@user, :guidance_group).index? @all_viewable_groups = GuidanceGroup.all_viewable(@user) respond_with @all_viewable_groups end diff --git a/app/controllers/api/v0/statistics_controller.rb b/app/controllers/api/v0/statistics_controller.rb index e213c58..6ef0540 100644 --- a/app/controllers/api/v0/statistics_controller.rb +++ b/app/controllers/api/v0/statistics_controller.rb @@ -8,19 +8,16 @@ # @return a count of users who joined DMPonline between the optional specified dates # users are scoped to the organisation of the user initiating the call def users_joined - if has_auth(constant("token_permission_types.statistics")) - users = restrict_date_range(@user.org.users) - confirmed_users = [] - users.each do |user| - unless user.confirmed_at.blank? - confirmed_users += [user] - end + raise Pundit::NotAuthorizedError unless Api::V0::StatisticsPolicy.new(@user, :statistics).users_joined? + users = restrict_date_range(@user.org.users) + confirmed_users = [] + users.each do |user| + unless user.confirmed_at.blank? + confirmed_users += [user] end - @users_count = confirmed_users.count - respond_with @users_count - else - render json: I18n.t("api.no_auth_for_endpoint"), status: 401 end + @users_count = confirmed_users.count + respond_with @users_count end @@ -29,17 +26,10 @@ # @return the number of DMPs using the specified template between the optional specified dates # ensures that the template is owned/created by the caller's organisation def using_template - if has_auth(constant("token_permission_types.statistics")) - template = Template.find(params[:dmptemplate_id]) - if template.org == @user.org - @template_count = restrict_date_range(template.plans).count - respond_with @template_count - else - #no auth to view statistics for this template - end - else - render json: I18n.t("api.no_auth_for_endpoint"), status: 401 - end + template = Template.find(params[:id]) + raise Pundit::NotAuthorizedError unless Api::V0::StatisticsPolicy.new(@user, template).using_template? + @template_count = restrict_date_range(template.plans).count + respond_with @template_count end ## @@ -48,20 +38,17 @@ # the uses are restricted to DMPs created by users of the same organisation # as the user who ititiated the call def plans_by_template - if has_auth(constant("token_permission_types.statistics")) - @org_projects = [] - @user.org.users.each do |user| - user.plans.each do |plan| - unless @org_projects.include? plan - @org_projects += [plan] - end + raise Pundit::NotAuthorizedError unless Api::V0::StatisticsPolicy.new(@user, :statistics).plans_by_template? + @org_projects = [] + @user.org.users.each do |user| + user.plans.each do |plan| + unless @org_projects.include? plan + @org_projects += [plan] end end - @org_projects = restrict_date_range(@org_projects) - respond_with @org_projects - else - render json: I18n.t("api.no_auth_for_endpoint"), status: 401 end + @org_projects = restrict_date_range(@org_projects) + respond_with @org_projects end ## @@ -70,20 +57,17 @@ # DMPs must be owned by a user who's organisation is the same as the user # who generates the call def plans - if has_auth(constant("token_permission_types.statistics")) - @org_projects = [] - @user.org.users.each do |user| - user.plans.each do |plan| - unless @org_projects.include? plan - @org_projects += [plan] - end + raise Pundit::NotAuthorizedError unless Api::V0::StatisticsPolicy.new(@user, :statistics).plans? + @org_plans = [] + @user.org.users.each do |user| + user.plans.each do |plan| + unless @org_plans.include? plan + @org_plans += [plan] end end - @org_projects = restrict_date_range(@org_projects) - respond_with @org_projects - else - render json: I18n.t("api.no_auth_for_endpoint"), status: 401 end + @org_plans = restrict_date_range(@org_plans) + respond_with @org_plans end diff --git a/app/controllers/api/v0/templates_controller.rb b/app/controllers/api/v0/templates_controller.rb index 3ab1207..dfe78da 100644 --- a/app/controllers/api/v0/templates_controller.rb +++ b/app/controllers/api/v0/templates_controller.rb @@ -9,26 +9,21 @@ # @return a list of templates ordered by organisation def index # check if the user has permissions to use the templates API - if has_auth(constant("api_endpoint_types.templates")) - @org_templates = {} - published_templates = Template.includes(:org).where(customization_of: nil, published: true).order(:org_id, :version) - published_templates.all.each do |temp| - if @org_templates[temp.org].present? - if @org_templates[temp.org][temp.dmptemplate_id].nil? - @org_templates[temp.org][temp.dmptemplate_id] = temp - end - else - @org_templates[temp.org] = {} + raise Pundit::NotAuthorizedError unless Api::V0::TemplatePolicy.new(@user, :guidance_group).index? + @org_templates = {} + published_templates = Template.includes(:org).where(customization_of: nil, published: true).order(:org_id, :version) + published_templates.all.each do |temp| + if @org_templates[temp.org].present? + if @org_templates[temp.org][temp.dmptemplate_id].nil? @org_templates[temp.org][temp.dmptemplate_id] = temp end + else + @org_templates[temp.org] = {} + @org_templates[temp.org][temp.dmptemplate_id] = temp end - respond_with @org_templates - else - #render unauthorised - render json: I18n.t("api.no_auth_for_endpoint"), status: 401 end - - end + respond_with @org_templates + end end end end \ No newline at end of file diff --git a/app/policies/api/v0/statistics_policy.rb b/app/policies/api/v0/statistics_policy.rb new file mode 100644 index 0000000..155a3da --- /dev/null +++ b/app/policies/api/v0/statistics_policy.rb @@ -0,0 +1,41 @@ +module Api + module V0 + class StatisticsPolicy < ApplicationPolicy + attr_reader :user + + def initialize(user, statistic) + raise Pundit::NotAuthorizedError, _("must be logged in") unless user + unless user.org.token_permission_types.include? TokenPermissionType::STATISTICS + raise Pundit::NotAuthorizedError, _("must have access to guidances api") + end + @user = user + @statistic = statistic + end + + ## + # always allowed to see how many users joined your org within a date range + def users_joined? + true + end + + ## + # need to check if your org owns this template + def using_template? + @statistic.org_id == @user.org_id + end + + ## + # always allowed to get plans by template + def plans_by_template? + true + end + + ## + # always allowed to get plans + def plans? + true + end + + end + end +end \ No newline at end of file diff --git a/app/policies/api/v0/template_policy.rb b/app/policies/api/v0/template_policy.rb new file mode 100644 index 0000000..7ec770b --- /dev/null +++ b/app/policies/api/v0/template_policy.rb @@ -0,0 +1,23 @@ +module Api + module V0 + class TemplatePolicy < ApplicationPolicy + attr_reader :user, :template + + def initialize(user, template) + raise Pundit::NotAuthorizedError, _("must be logged in") unless user + unless user.org.token_permission_types.include? TokenPermissionType::TEMPLATES + raise Pundit::NotAuthorizedError, _("must have access to guidances api") + end + @user = user + @template = template + end + + ## + # always allowed as index chooses which guidances to display + def index? + true + end + + end + end +end \ No newline at end of file diff --git a/app/views/api/v0/statistics/plans.json.jbuilder b/app/views/api/v0/statistics/plans.json.jbuilder index fe85ca8..a2ca5c1 100644 --- a/app/views/api/v0/statistics/plans.json.jbuilder +++ b/app/views/api/v0/statistics/plans.json.jbuilder @@ -1,9 +1,9 @@ json.prettify! -json.plans @org_projects.each do |plan| +json.plans @org_plans.each do |plan| json.id plan.id json.grant_number plan.grant_number - json.org_id plan.creator.org.id + json.org_id plan.owner.org.id json.template do json.title plan.template.title json.id plan.template.id @@ -12,7 +12,7 @@ json.title plan.title end json.funder do - json.name (plan.template.org.funder? ? plan.org.name : '') + json.name (plan.template.org.funder? ? plan.template.org.name : '') end json.principal_investigator do json.name plan.principal_investigator diff --git a/config/routes.rb b/config/routes.rb index 6970392..b0523f3 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -219,6 +219,7 @@ namespace :api, defaults: {format: :json} do namespace :v0 do resources :guidance_groups, only: [:index, :show] + resources :guidances, only: [:index, :show] resources :plans, only: :create resources :templates, only: :index resource :statistics, only: [], controller: "statistics", path: "statistics" do diff --git a/lib/tasks/migrate.rake b/lib/tasks/migrate.rake index 4128de7..af3369d 100644 --- a/lib/tasks/migrate.rake +++ b/lib/tasks/migrate.rake @@ -79,22 +79,34 @@ # seed languages to database languages = { 'English(GB)' => { - abbreviation: 'en_GB', - description: '', - name: 'English (GB)', - default_language: true + abbreviation: 'en_GB', + description: '', + name: 'English (GB)', + default_language: true + }, + 'English(US)' => { + abbreviation: 'en_US', + description: '', + name: 'English (US)', + default_language: false }, 'FR' => { - abbreviation: 'fr', - description: '', - name: 'Français', - default_language: false + abbreviation: 'fr', + description: '', + name: 'Français', + default_language: false }, 'DE' => { abbreviation: 'de', description: '', name: 'Deutsch', default_language: false + }, + 'Español' => { + abbreviation: 'es', + description: '', + name: 'Español', + default_language: false } } @@ -158,4 +170,60 @@ temp.save! end end + + desc "replaces languages in incorrect formats and seeds all correct formats" + task fix_languages: :environment do + languages = [ + { abbreviation: 'en_GB', + old_abbreviation: 'en-UK', + description: '', + name: 'English (GB)', + default_language: true}, + { abbreviation: 'en_US', + old_abbreviation: 'en-US', + description: '', + name: 'English (US)', + default_language: false}, + { abbreviation: 'fr', + old_abbreviation: 'fr', + description: '', + name: 'Français', + default_language: false}, + { abbreviation: 'de', + old_abbreviation: 'de', + description: '', + name: 'Deutsch', + default_language: false}, + { abbreviation: 'es', + old_abbreviation: 'es', + description: '', + name: 'Español', + default_language: false} + ] + + languages.each do |lang_data| + # if the old abbreviation exists, remove and replace the data + lang = Language.find_by(abbreviation: lang_data[:old_abbreviation]) + if lang.present? + lang.abbreviation = lang_data[:abbreviation] + lang.description = lang_data[:description] + lang.name = lang_data[:name] + lang.default_language = lang_data[:default_language] + lang.save! + else + # if nothing batching either abbreviation exists, replace with new abbreviation + lang = Language.find_by(abbreviation: lang_data[:abbreviation]) + if lang.blank? + lang = Language.new + lang.abbreviation = lang_data[:abbreviation] + lang.description = lang_data[:description] + lang.name = lang_data[:name] + lang.default_language = lang_data[:default_language] + lang.save! + end + end + end + + end + end