some controller:
class Api::V1::AbilitiesController < API::V1::BaseController
before_action :authenticate_api_v1_user!
def index
@resources = User.first.roles.map{|role| role.grants}.flatten!
render json: @resources.group_by{|x| x.action}
end
end
gemfile:
source 'https://rubygems.org'
## Rails - Lock project at 4.2.x
gem 'rails', '4.2.6'
## Database and ActiveRecord related
gem 'pg' # use postgres database
gem 'schema_plus_indexes' # adds various convenient capabilities to ActiveRecord's index handling. see: https://github.com/SchemaPlus/schema_plus_indexes
gem 'paranoia' #provides for 'soft' delete functionality using .deleted_at column, see: https://github.com/radar/paranoia
gem 'has_scope', '0.6.0' # Has scope allows you to easily create controller filters based on your resources named scopes. see https://github.com/plataformatec/has_scope
gem 'seedbank', git: "https://github.com/james2m/seedbank.git" #Seedbank allows you to structure your Rails seed data instead of having it all dumped into one large file.
gem 'globalize' # Rails I18n de-facto standard library for ActiveRecord model/data translation.
gem 'ancestry' # Ancestry is a gem/plugin that allows the records of a Ruby on Rails ActiveRecord model to be organised as a tree structure
gem 'delayed_job_active_record' # Delayed::Job (or DJ) encapsulates the common pattern of asynchronously executing longer tasks in the background.
gem 'daemons'
## Routing & Controller related
gem 'friendly_id', '~> 5.0.0' #Provides methods for managing slug-based routes. See this link for docs: http://norman.github.io/friendly_id/4.0/file.Guide.html 4.x version used as 5.x is for Rails 4.x
gem 'versionist' #A plugin for versioning Rails based RESTful APIs. see: https://github.com/bploetz/versionist
## Caching and Performanceg
gem 'dalli' #provides high-performance memcached functionality to Rails apps
## View and Presenter related
gem 'active_model_serializers', '~> 0.10.0' # ActiveModelSerializers brings convention over configuration to your JSON generation. see: https://github.com/rails-api/active_model_serializers
gem 'slim' #provides SLIM templating.
## Authentication, authorization, and user related
gem 'devise_token_auth'
gem 'omniauth', '<=1.3.2'
gem 'omniauth-oauth2'
gem 'pundit' # Roles and permissions handling. see: https://github.com/elabs/pundit
## Security
gem 'rack-cors', :require => 'rack/cors'
#gem 'secure_headers'
## Admin portal
gem 'rails_admin'
gem 'rails_admin_globalize_field'
## Javascript
gem 'gon'# Simple way to make Rails variables available in JS/Coffeescript, see: https://github.com/gazay/gon
## Media and upload/download related
gem 'paperclip'
# Package manager for frontend frameworks, libraries, assets, and utilities
gem "bower-rails", "~> 0.10.0"
# Support for items usually found in the asset pipeline.
gem 'sass-rails', '~> 5.0'
gem 'uglifier', '>= 1.3.0' # Use Uglifier as compressor for JavaScript assets
gem 'coffee-rails', '~> 4.1.0' # Use CoffeeScript for .coffee assets and views
gem 'turbolinks' # Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks
gem 'jbuilder', '~> 2.0' # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
gem 'jquery-rails', '~> 4.1'
gem 'sdoc', '~> 0.4.0', group: :doc # bundle exec rake doc:rails generates the API under doc/api.
gem 'compass-rails'
# See https://github.com/rails/execjs#readme for more supported runtimes
# gem 'therubyracer', platforms: :ruby
gem 'faker' #makes it easy to provide fake data for testing, see: https://github.com/stympy/faker
# Use ActiveModel has_secure_password
# gem 'bcrypt', '~> 3.1.7'
# Use Unicorn as the app server
gem 'unicorn'
gem 'ckeditor' # wysiwyg editor
gem 'state_machines'
gem 'twilio-ruby', '~> 4.11.1'
gem 'plivo'
gem 'ruby_dep', '1.3'
gem 'listen', '3.0.0'
# Use Capistrano for deployment
# gem 'capistrano-rails', group: :development
group :development, :test do
gem 'rspec-rails', '3.5.2' #required in both dev and test groups
# Call 'byebug' anywhere in the code to stop execution and get a debugger console
gem 'byebug'
gem 'mailcatcher'
# Debugging tools
gem "better_errors"
gem "binding_of_caller"
# Deployment tools
gem 'capistrano', '3.3.5'
gem 'capistrano-rails', '1.1.6'
gem 'capistrano-rvm', '0.1.2'
gem 'capistrano3-unicorn', '0.2.1'
gem 'capistrano-secrets-yml', '~> 1.0.0'
gem 'capistrano-upload-config', '0.7.0'
gem 'capistrano-faster-assets', '~> 1.0'
#gem 'capistrano-bower'
gem 'rspec-collection_matchers'
end
group :development do
# Access an IRB console on exception pages or by using <%= console %> in views
gem 'web-console', '~> 2.0'
# Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
gem 'spring'
end
group :test do
gem 'rspec'
gem 'capybara', '2.7' #simulates how a real-user would interact with the app.
gem 'poltergeist' #provides headless brower-based testing for Capybara, see: https://github.com/jonleighton/poltergeist
gem 'guard-rspec' #allows to automatically & intelligently launch specs when files are modified
gem 'factory_girl', "~> 4.0" #a replacement for standard fixtures for testing, can be used with faker, see: http://viccode.blogspot.com/2010/12/using-factorygirl-and-faker.html
gem 'factory_girl_rails', "~> 4.0" #a fixtures replacement with a straightforward definition syntax, support for multiple build strategies. see https://github.com/thoughtbot/factory_girl_rails
gem "database_cleaner" #provides database manipulation services for tests, see: https://github.com/bmabey/database_cleaner
#gem 'mocha' #a ruby library for mocking and stubbing, see: http://gofreerange.com/mocha/docs/
gem 'launchy'
gem 'fuubar' # RSpec formatter
gem "email_spec"
gem 'shoulda'
end
I need don’t know how to authenticate user, I guess it’s using some auth_token or something I am new to ruby, I need this soo I can continue my controller tests, some example of RSpec test for controller would be nice, thank you
UPDATE:
class API::V1::BaseController < ApplicationController
before_action :resource_find, only: [ :show, :update, :destroy ]
before_action :build_resource, only: [ :create ]
# TODO handle eager loading and parameter scoping
def index
@resources = apply_scopes(resource_class_name).all
render json: @resources, root: false
end
def show
render json: @entity
end
def create
if @entity.save
render json: @entity
else
render json: {success: false, errors: @entity.errors}, status: 422
end
end
def update
if @entity.update(permitted_params)
render json: @entity
else
render json: {success: false, errors: @entity.errors}, status: 422
end
end
def destroy
@entity.destroy
render json: {success: true}, status: 200
end
private
def resource_find
@entity = resource_class_name.find(params[:id])
end
def build_resource
@entity = resource_class_name.new(permitted_params)
end
def permitted_params(parameters = params)
parameters.permit(self.class::PERMITTED_ATTRIBUTES)
# TODO test logic with disallowed_attrs
#allowed = self.class::PERMITTED_ATTRIBUTES - @disallowed_attrs
#parameters.require(self.class::JSON_CLASSNAME).permit(allowed).tap do |white_listed|
# self.class::WHITE_LIST_ATTRIBUTES.each do |attr|
# white_listed[attr] = parameters[self.class::JSON_CLASSNAME][attr] unless @disallowed_attrs.include?(attr)
# end
#end
end
def authorize_resource
render json: { message: "You're not authoried to see this page"} unless current_user.has_enough_permissions?(action_name, resource_class_name)
end
end
2
Answers
I suspect the authentication method is
authenticate_api_v1_user!
which is, I suspect, located inAPI::V1::BaseController
. By convention it should be onapi/v1/base_controller.rb
.On how it work, you should examine the code. Or show us the code for
authenticate_api_v1_user!
Check here https://github.com/lynndylanhurley/devise_token_auth.
The gem is mentioned in your Gemfile. If the Rails app is exposing API, what should be the case given the Gemfile and the Controller you mentioned in your question. Then, this gem is responsible for the Authentication of the users in conjunction with Devise.
You might also be able to use Auth or Auth2 as corresponding gems are loaded.