Skip to content

Commit

Permalink
Adicionadas verificações de permissão de acesso a alguma chamada pela…
Browse files Browse the repository at this point in the history 
… central de autenticação
  • Loading branch information
@eduardocserra
eduardocserra committed Jul 29, 2019
1 parent f5c217f commit 20c1a38
Show file tree
Hide file tree
Showing 9 changed files with 218 additions and 261 deletions.
3 changes: 2 additions & 1 deletion Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,4 +75,5 @@ gem 'graphiql-rails', group: :development
gem 'rails-assets-tether'
gem 'jquery-rails'
gem 'jquery_mask_rails'
gem "recaptcha", require: "recaptcha/rails"
gem "recaptcha", require: "recaptcha/rails"
gem 'httparty'
4 changes: 4 additions & 0 deletions Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,9 @@ GEM
graphql (1.8.10)
http-cookie (1.0.3)
domain_name (~> 0.5)
httparty (0.17.0)
mime-types (~> 3.0)
multi_xml (>= 0.5.2)
i18n (1.1.0)
concurrent-ruby (~> 1.0)
io-like (0.3.0)
Expand Down Expand Up @@ -281,6 +284,7 @@ DEPENDENCIES
doorkeeper-openid_connect
graphiql-rails
graphql
httparty
jbuilder (~> 2.5)
jquery-rails
jquery_mask_rails
Expand Down
1 change: 0 additions & 1 deletion app/controllers/api_accesses_controller.rb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
class ApiAccessesController < ApplicationController
skip_before_action :verify_authenticity_token, only: :create
def new
if current_user
if current_user.role_id == 1
Expand Down
35 changes: 35 additions & 0 deletions app/controllers/application_controller.rb
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,37 @@
class ApplicationController < ActionController::Base
def admin_access
verify_permission(params[:key], 4)
end

def basic_api_access
verify_permission(params[:key], 3)
end

def user_data_access
verify_permission(params[:key], 2)
end

private

def verify_permission(key, level)
if key.present?
response = HTTParty.get('http://localhost:3001/api/level?key=' + key, format: :plain) # TODO Alterar essa URL para produção
response = JSON.parse response, symbolize_names: true
if response[:error].present?
render status: 400, json: {
message: response[:error]
}.to_json
elsif response[:api][:level] < level
render status: 401, json: {
message: 'Não foi possível realizar essa ação'
}.to_json
else
response[:api][:cpf]
end
else
render status: 400, json: {
message: 'Chave não encontrada'
}.to_json
end
end
end
2 changes: 2 additions & 0 deletions app/controllers/certificates_controller.rb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
class CertificatesController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :admin_access, only: [:adicionar_certificado]

def adicionar_certificado
certificates=params[:certificates]
school=School.find_by(initials: params[:school]) #adicionar render em caso de não encontrar escola
Expand Down
95 changes: 29 additions & 66 deletions app/controllers/course_categories_controller.rb
View file
Original file line number Diff line number Diff line change
@@ -1,85 +1,48 @@
class CourseCategoriesController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :admin_access, only: [:adicionar_categoria, :atualizar_categoria]
before_action :basic_api_access, only: [:index]

def adicionar_categoria
@api_key = ApiAccess.find_by(key: params[:key])
if @api_key.present?
if @api_key.api_access_level_id == 4
@category = CourseCategory.new(:name => params[:name], :created_at => DateTime.now.to_date, :updated_at => DateTime.now.to_date)
if @category.save
#@course.logo.attach(io: StringIO.new('https://saberes.senado.leg.br/images/logo_saberes_xl.png'), filename: 'logo_saberes.png', content_type: 'image/png')
render status: 200, json: {
message: "Categoria criada com sucesso",
}.to_json
else
render status: 400, json: {
message: "Não foi possível criar categoria",
}.to_json
end
else
render status: 400, json: {
message: "Permissão negada",
}.to_json
end
@category = CourseCategory.new(:name => params[:name], :created_at => DateTime.now.to_date, :updated_at => DateTime.now.to_date)
if @category.save
#@course.logo.attach(io: StringIO.new('https://saberes.senado.leg.br/images/logo_saberes_xl.png'), filename: 'logo_saberes.png', content_type: 'image/png')
render status: 200, json: {
message: "Categoria criada com sucesso",
}.to_json
else
render status: 400, json: {
message: "Chave não encontrada",
message: "Não foi possível criar categoria",
}.to_json
end
end

def atualizar_categoria
@api_key = ApiAccess.find_by(key: params[:key])
if @api_key.present?
if @api_key.api_access_level_id == 4
if params[:id].present?
@category = CourseCategory.find_by(id: params[:id])
@category.update(name: params[:name])
end
#verificar presença de imagem
render status: 200, json: {
message: "Categoria atualizada com sucesso",
}.to_json
else
render status: 400, json: {
message: "Permissão negada",
}.to_json
end
else
render status: 400, json: {
message: "Chave não encontrada",
}.to_json
if params[:id].present?
@category = CourseCategory.find_by(id: params[:id])
@category.update(name: params[:name])
end
#verificar presença de imagem
render status: 200, json: {
message: "Categoria atualizada com sucesso",
}.to_json
end

def index
@api_key = ApiAccess.find_by(key: params[:key])
if @api_key.present?
if @api_key.api_access_level_id >= 3
categories = CourseCategory.all
hash_categories = categories.map do |c|
{'id' => c.id,
'nome' => c.name,
'logo' => if c.logo.attached?
url_for(c.logo)
else
''
end
}
end
render status: 200, json: {
categorias_cursos: hash_categories,
}.to_json
else
render status: 400, json: {
message: "Permissão negada",
}.to_json
end
else
render status: 400, json: {
message: "Chave não encontrada",
}.to_json
categories = CourseCategory.all
hash_categories = categories.map do |c|
{'id' => c.id,
'nome' => c.name,
'logo' => if c.logo.attached?
url_for(c.logo)
else
''
end
}
end
render status: 200, json: {
categorias_cursos: hash_categories,
}.to_json
end

private
Expand Down
Loading

0 comments on commit 20c1a38

Please sign in to comment.