Merge pull request #5433 from AntonKhorev/user-routes-api-namespace

Resourceful routes for users api
2025-01-15 12:55:41 +00:00 · 2025-01-15 12:55:41 +00:00 · f32aea6d14
commit f32aea6d14
parent b8a1a904c6 971fbc28b8
7 changed files with 83 additions and 54 deletions
--- a/app/abilities/api_ability.rb
+++ b/app/abilities/api_ability.rb
@ -29,8 +29,6 @@ class ApiAbility
        can [:create, :update, :destroy], Trace if scope?(token, :write_gpx)

        can :details, User if scope?(token, :read_prefs)
-        can :gpx_files, User if scope?(token, :read_gpx)
-
        can :read, UserPreference if scope?(token, :read_prefs)
        can [:update, :update_all, :destroy], UserPreference if scope?(token, :write_prefs)

--- a/app/controllers/api/users/traces_controller.rb
+++ b/app/controllers/api/users/traces_controller.rb
@ -0,0 +1,14 @@
+module Api
+  module Users
+    class TracesController < ApiController
+      before_action :authorize
+
+      authorize_resource :trace
+
+      def index
+        @traces = current_user.traces.reload
+        render :content_type => "application/xml"
+      end
+    end
+  end
+end
--- a/app/controllers/api/users_controller.rb
+++ b/app/controllers/api/users_controller.rb
@ -2,13 +2,13 @@ module Api
  class UsersController < ApiController
    before_action :disable_terms_redirect, :only => [:details]
    before_action :setup_user_auth, :only => [:show, :index]
-    before_action :authorize, :only => [:details, :gpx_files]
+    before_action :authorize, :only => [:details]

    authorize_resource

    load_resource :only => :show

-    before_action :set_request_formats, :except => [:gpx_files]
+    before_action :set_request_formats

    def index
      raise OSM::APIBadUserInput, "The parameter users is required, and must be of the form users=id[,id[,id...]]" unless params["users"]
@ -47,11 +47,6 @@ module Api
      end
    end

-    def gpx_files
-      @traces = current_user.traces.reload
-      render :content_type => "application/xml"
-    end
-
    private

    def disable_terms_redirect
--- a/app/views/api/users/traces/index.builder
+++ b/app/views/api/users/traces/index.builder
--- a/config/routes.rb
+++ b/config/routes.rb
@ -66,14 +66,14 @@ OpenStreetMap::Application.routes.draw do
    get "map" => "map#index"

    get "trackpoints" => "tracepoints#index"
-
-    get "user/:id" => "users#show", :id => /\d+/, :as => :api_user
-    get "user/details" => "users#details"
-    get "user/gpx_files" => "users#gpx_files"
-    get "users" => "users#index", :as => :api_users
  end

  namespace :api, :path => "api/0.6" do
+    resources :users, :only => :index
+    resources :users, :path => "user", :id => /\d+/, :only => :show
+    resources :user_traces, :path => "user/gpx_files", :module => :users, :controller => :traces, :only => :index
+    get "user/details" => "users#details"
+
    resources :user_preferences, :except => [:new, :create, :edit], :param => :preference_key, :path => "user/preferences" do
      collection do
        put "" => "user_preferences#update_all", :as => ""
--- a/test/controllers/api/users/traces_controller_test.rb
+++ b/test/controllers/api/users/traces_controller_test.rb
@ -0,0 +1,53 @@
+require "test_helper"
+
+module Api
+  module Users
+    class TracesControllerTest < ActionDispatch::IntegrationTest
+      ##
+      # test all routes which lead to this controller
+      def test_routes
+        assert_routing(
+          { :path => "/api/0.6/user/gpx_files", :method => :get },
+          { :controller => "api/users/traces", :action => "index" }
+        )
+      end
+
+      def test_index
+        user = create(:user)
+        trace1 = create(:trace, :user => user) do |trace|
+          create(:tracetag, :trace => trace, :tag => "London")
+        end
+        trace2 = create(:trace, :user => user) do |trace|
+          create(:tracetag, :trace => trace, :tag => "Birmingham")
+        end
+
+        # check that we get a response when logged in
+        auth_header = bearer_authorization_header user, :scopes => %w[read_gpx]
+        get api_user_traces_path, :headers => auth_header
+        assert_response :success
+        assert_equal "application/xml", response.media_type
+
+        # check the data that is returned
+        assert_select "gpx_file[id='#{trace1.id}']", 1 do
+          assert_select "tag", "London"
+        end
+        assert_select "gpx_file[id='#{trace2.id}']", 1 do
+          assert_select "tag", "Birmingham"
+        end
+      end
+
+      def test_index_anonymous
+        get api_user_traces_path
+        assert_response :unauthorized
+      end
+
+      def test_index_no_scope
+        user = create(:user)
+        bad_auth = bearer_authorization_header user, :scopes => %w[]
+
+        get api_user_traces_path, :headers => bad_auth
+        assert_response :forbidden
+      end
+    end
+  end
+end
--- a/test/controllers/api/users_controller_test.rb
+++ b/test/controllers/api/users_controller_test.rb
@ -21,10 +21,6 @@ module Api
        { :path => "/api/0.6/user/details.json", :method => :get },
        { :controller => "api/users", :action => "details", :format => "json" }
      )
-      assert_routing(
-        { :path => "/api/0.6/user/gpx_files", :method => :get },
-        { :controller => "api/users", :action => "gpx_files" }
-      )
      assert_routing(
        { :path => "/api/0.6/users", :method => :get },
        { :controller => "api/users", :action => "index" }
@ -156,12 +152,12 @@ module Api
      create(:message, :sender => user)

      # check that nothing is returned when not logged in
-      get user_details_path
+      get api_user_details_path
      assert_response :unauthorized

      # check that we get a response when logged in
      auth_header = bearer_authorization_header user
-      get user_details_path, :headers => auth_header
+      get api_user_details_path, :headers => auth_header
      assert_response :success
      assert_equal "application/xml", response.media_type

@ -170,7 +166,7 @@ module Api

      # check that data is returned properly in json
      auth_header = bearer_authorization_header user
-      get user_details_path(:format => "json"), :headers => auth_header
+      get api_user_details_path(:format => "json"), :headers => auth_header
      assert_response :success
      assert_equal "application/json", response.media_type

@ -191,11 +187,11 @@ module Api
      email_auth = bearer_authorization_header(user, :scopes => %w[read_prefs read_email])

      # check that we can't fetch details as XML without read_prefs
-      get user_details_path, :headers => bad_auth
+      get api_user_details_path, :headers => bad_auth
      assert_response :forbidden

      # check that we can fetch details as XML without read_email
-      get user_details_path, :headers => good_auth
+      get api_user_details_path, :headers => good_auth
      assert_response :success
      assert_equal "application/xml", response.media_type

@ -203,7 +199,7 @@ module Api
      check_xml_details(user, true, false)

      # check that we can fetch details as XML with read_email
-      get user_details_path, :headers => email_auth
+      get api_user_details_path, :headers => email_auth
      assert_response :success
      assert_equal "application/xml", response.media_type

@ -211,11 +207,11 @@ module Api
      check_xml_details(user, true, true)

      # check that we can't fetch details as JSON without read_prefs
-      get user_details_path(:format => "json"), :headers => bad_auth
+      get api_user_details_path(:format => "json"), :headers => bad_auth
      assert_response :forbidden

      # check that we can fetch details as JSON without read_email
-      get user_details_path(:format => "json"), :headers => good_auth
+      get api_user_details_path(:format => "json"), :headers => good_auth
      assert_response :success
      assert_equal "application/json", response.media_type

@ -227,7 +223,7 @@ module Api
      check_json_details(js, user, true, false)

      # check that we can fetch details as JSON with read_email
-      get user_details_path(:format => "json"), :headers => email_auth
+      get api_user_details_path(:format => "json"), :headers => email_auth
      assert_response :success
      assert_equal "application/json", response.media_type

@ -405,33 +401,6 @@ module Api
      assert_select "user", :count => 0
    end

-    def test_gpx_files
-      user = create(:user)
-      trace1 = create(:trace, :user => user) do |trace|
-        create(:tracetag, :trace => trace, :tag => "London")
-      end
-      trace2 = create(:trace, :user => user) do |trace|
-        create(:tracetag, :trace => trace, :tag => "Birmingham")
-      end
-      # check that nothing is returned when not logged in
-      get user_gpx_files_path
-      assert_response :unauthorized
-
-      # check that we get a response when logged in
-      auth_header = bearer_authorization_header user
-      get user_gpx_files_path, :headers => auth_header
-      assert_response :success
-      assert_equal "application/xml", response.media_type
-
-      # check the data that is returned
-      assert_select "gpx_file[id='#{trace1.id}']", 1 do
-        assert_select "tag", "London"
-      end
-      assert_select "gpx_file[id='#{trace2.id}']", 1 do
-        assert_select "tag", "Birmingham"
-      end
-    end
-
    private

    def check_xml_details(user, include_private, include_email)