Merge pull request #4 from ZeusWPI/api

This commit is contained in:
benji 2015-09-09 17:09:53 +02:00
commit 20feaf6a12
17 changed files with 405 additions and 35 deletions

View file

@ -16,3 +16,6 @@
*= require_self *= require_self
*= require purecss *= require purecss
*/ */
body {
padding: 30px;

View file

@ -0,0 +1,22 @@
.error_panel {
margin-bottom: 1em;
border-radius: 3px;
border: 1px solid #ebccd1;
.error_header {
.error_title {
font-size: 16px;
margin-top: 0;
margin-bottom: 0;
padding: 10px 15px;
color: #a94442;
background-color: #f2dede;
.error_body {
padding: 15px;
ul {
margin-bottom: 0px;
margin-top: 0px;

View file

@ -7,3 +7,39 @@
=require purecss/menus =require purecss/menus
=require purecss/tables =require purecss/tables
*/ */
/* Alerts */
.pure-alert {
position: relative;
margin-bottom: 1em;
padding: 1em;
background: #ccc;
border-radius: 3px;
.pure-alert label {
display: inline-block;
*display: inline;
/* IE7 inline-block hack */
*zoom: 1;
white-space: nowrap;
.pure-alert {
background-color: rgb(209, 235, 238);
color: rgb(102, 131, 145);
.pure-alert-error {
background-color: #D13C38;
color: #fff;
.pure-alert-warning {
background-color: rgb(250, 191, 103);
color: rgb(151, 96, 13);
.pure-alert-success {
background-color: rgb(83, 180, 79);
color: #fff;

View file

@ -1,29 +1,23 @@
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception. # Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead. # For APIs, you may want to use :null_session instead.
protect_from_forgery with: :null_session protect_from_forgery with: :exception
rescue_from CanCan::AccessDenied do |exception| rescue_from CanCan::AccessDenied do |exception|
redirect_to root_url, alert: exception.message redirect_to root_url, alert: exception.message
end end
def authenticate_user_or_client!
current_user || current_client || head(:unauthorized)
def current_client def current_client
@current_client ||= identify_client @current_client ||= Client.find_by key: request.headers["X-API-KEY"]
end end
def current_ability def current_ability
if current_user @current_ability ||=
@current_ability ||= current_client.try { |c| } ||
elsif current_client
@current_ability ||=
end end
def identify_client
key = request.headers["X-API-KEY"]
Client.find_by key: key if key
end end

View file

@ -1,4 +1,10 @@
class TransactionsController < ApplicationController class TransactionsController < ApplicationController
skip_before_filter :verify_authenticity_token, only: :create
before_action :authenticate_user!, except: :create
before_action :authenticate_user_or_client!, only: :create
def index def index
@transactions = Transaction.all @transactions = Transaction.all
end end
@ -8,19 +14,35 @@ class TransactionsController < ApplicationController
end end
def create def create
@transaction = @transaction =
transaction_params.merge(origin: I18n.t('origin.created_by_user'))) respond_to do |format|
format.html do
flash[:success] = "Transaction created"
redirect_to new_transaction_path
render 'new'
if format.json do
redirect_to current_user head( ? :created : :unprocessable_entity)
else end
render 'new'
end end
end end
private private
def transaction_params def transaction_params
params.require(:transaction).permit(:creditor_id, :amount, :message) t = params.require(:transaction)
.permit(:debtor, :creditor, :message, :euros, :cents)
debtor: User.find_by(name: t[:debtor]) || User.zeus,
creditor: User.find_by(name: t[:creditor]) || User.zeus,
issuer: current_client || current_user,
amount: (t[:euros].to_f*100 + t[:cents].to_f).to_i,
message: t[:message]
end end
end end

View file

@ -2,12 +2,10 @@ class Ability
include CanCan::Ability include CanCan::Ability
def initialize(user) def initialize(user)
user ||= # guest user (not logged in) return unless user
if user.penning? can :manage, :all if user.penning?
can :manage, :all can :read, user, id:
else can :create, Transaction, debtor: user
can :read, user, id:
end end
end end

View file

@ -14,7 +14,6 @@ class Client < ActiveRecord::Base
before_create :generate_key before_create :generate_key
validates :name, presence: true, uniqueness: true validates :name, presence: true, uniqueness: true
validates :key, presence: true, uniqueness: true
private private
def generate_key def generate_key

View file

@ -7,5 +7,7 @@
= javascript_include_tag 'application', 'data-turbolinks-track' => true = javascript_include_tag 'application', 'data-turbolinks-track' => true
= csrf_meta_tags = csrf_meta_tags
%body %body
= content_tag :div, flash[:alert] if flash[:alert] - flash.each do |key, value|
.pure-alert{ class: "pure-alert-#{key}" }
= value
= yield = yield

View file

@ -0,0 +1,10 @@
- if object.errors.any?
This transaction could not be saved.
- object.errors.full_messages.each do |tr|
= tr

View file

@ -1,6 +1,11 @@
= @transaction.errors.full_messages.join(", ") = render 'partials/form_errors', object: @transaction
= simple_form_for @transaction do |f| = simple_form_for @transaction do |f|
= f.collection_select :creditor_id, User.all, :id, :name, {}, { class: 'select2-selector' } - if current_user.penning
= f.collection_select :debtor, User.all, :name, :name, {}, { class: 'select2-selector' }
- else
= f.hidden_field :debtor, value:
= f.collection_select :creditor, User.all, :name, :name, {}, { class: 'select2-selector' }
= f.input :amount = f.input :amount
= f.input :message, required: true = f.input :message, required: true
= f.submit "Send it!" .pure-controls
= f.button :submit, "Send it!"

View file

@ -0,0 +1,165 @@
# Use this setup block to configure all options available in SimpleForm.
SimpleForm.setup do |config|
# Wrappers are used by the form builder to generate a
# complete input. You can remove any component from the
# wrapper, change the order or even add your own to the
# stack. The options given below are used to wrap the
# whole input.
config.wrappers :default, class: "input pure-control-group",
hint_class: :field_with_hint, error_class: :field_with_errors do |b|
## Extensions enabled by default
# Any of these extensions can be disabled for a
# given input by passing: `f.input EXTENSION_NAME => false`.
# You can make any of these extensions optional by
# renaming `b.use` to `b.optional`.
# Determines whether to use HTML5 (:email, :url, ...)
# and required attributes
b.use :html5
# Calculates placeholders automatically from I18n
# You can also pass a string as f.input placeholder: "Placeholder"
b.use :placeholder
## Optional extensions
# They are disabled unless you pass `f.input EXTENSION_NAME => true`
# to the input. If so, they will retrieve the values from the model
# if any exists. If you want to enable any of those
# extensions by default, you can change `b.optional` to `b.use`.
# Calculates maxlength from length validations for string inputs
b.optional :maxlength
# Calculates pattern from format validations for string inputs
b.optional :pattern
# Calculates min and max from length validations for numeric inputs
b.optional :min_max
# Calculates readonly automatically from readonly attributes
b.optional :readonly
## Inputs
b.use :label_input
b.use :hint, wrap_with: { tag: :span, class: :hint }
b.use :error, wrap_with: { tag: :span, class: :error }
## full_messages_for
# If you want to display the full error message for the attribute, you can
# use the component :full_error, like:
# b.use :full_error, wrap_with: { tag: :span, class: :error }
# The default wrapper to be used by the FormBuilder.
config.default_wrapper = :default
# Define the way to render check boxes / radio buttons with labels.
# Defaults to :nested for bootstrap config.
# inline: input + label
# nested: label > input
config.boolean_style = :nested
# Default class for buttons
config.button_class = 'pure-button pure-button-primary'
# Method used to tidy up errors. Specify any Rails Array method.
# :first lists the first message for each field.
# Use :to_sentence to list all errors for each field.
# config.error_method = :first
# Default tag used for error notification helper.
config.error_notification_tag = :div
# CSS class to add for error notification helper.
config.error_notification_class = 'error_notification'
# ID to add for error notification helper.
# config.error_notification_id = nil
# Series of attempts to detect a default label method for collection.
# config.collection_label_methods = [ :to_label, :name, :title, :to_s ]
# Series of attempts to detect a default value method for collection.
# config.collection_value_methods = [ :id, :to_s ]
# You can wrap a collection of radio/check boxes in a pre-defined tag, defaulting to none.
# config.collection_wrapper_tag = nil
# You can define the class to use on all collection wrappers. Defaulting to none.
# config.collection_wrapper_class = nil
# You can wrap each item in a collection of radio/check boxes with a tag,
# defaulting to :span.
# config.item_wrapper_tag = :span
# You can define a class to use in all item wrappers. Defaulting to none.
# config.item_wrapper_class = nil
# How the label text should be generated altogether with the required text.
# config.label_text = lambda { |label, required, explicit_label| "#{required} #{label}" }
# You can define the class to use on all labels. Default is nil.
# config.label_class = nil
# You can define the default class to be used on forms. Can be overriden
# with `html: { :class }`. Defaulting to none.
config.default_form_class = "pure-form"
# You can define which elements should obtain additional classes
# config.generate_additional_classes_for = [:wrapper, :label, :input]
# Whether attributes are required by default (or not). Default is true.
# config.required_by_default = true
# Tell browsers whether to use the native HTML5 validations (novalidate form option).
# These validations are enabled in SimpleForm's internal config but disabled by default
# in this configuration, which is recommended due to some quirks from different browsers.
# To stop SimpleForm from generating the novalidate option, enabling the HTML5 validations,
# change this configuration to true.
config.browser_validations = false
# Collection of methods to detect if a file type was given.
# config.file_methods = [ :mounted_as, :file?, :public_filename ]
# Custom mappings for input types. This should be a hash containing a regexp
# to match as key, and the input type that will be used when the field name
# matches the regexp as value.
# config.input_mappings = { /count/ => :integer }
# Custom wrappers for input types. This should be a hash containing an input
# type as key and the wrapper that will be used for all inputs with specified type.
# config.wrapper_mappings = { string: :prepend }
# Namespaces where SimpleForm should look for custom input classes that
# override default inputs.
# config.custom_inputs_namespaces << "CustomInputs"
# Default priority for time_zone inputs.
# config.time_zone_priority = nil
# Default priority for country inputs.
# config.country_priority = nil
# When false, do not use translations for labels.
# config.translate_labels = true
# Automatically discover new inputs in Rails' autoload path.
# config.inputs_discovery = true
# Cache SimpleForm inputs discovery
# config.cache_discovery = !Rails.env.development?
# Default class for inputs
# config.input_class = nil
# Define the default class of the input wrapper of the boolean input.
config.boolean_label_class = 'checkbox'
# Defines if the default input wrapper class should be included in radio
# collection wrappers.
# config.include_default_input_wrapper_class = true
# Defines which i18n scope will be used in Simple Form.
# config.i18n_scope = 'simple_form'

View file

@ -0,0 +1,31 @@
"yes": 'Yes'
"no": 'No'
text: 'required'
mark: '*'
# You can uncomment the line below if you need to overwrite the whole required html.
# When using html, text and mark won't be used.
# html: '<abbr title="required">*</abbr>'
default_message: "Please review the problems below:"
# Examples
# labels:
# defaults:
# password: 'Password'
# user:
# new:
# email: 'E-mail to sign in.'
# edit:
# email: 'E-mail.'
# hints:
# defaults:
# username: 'User name to sign in.'
# password: 'No special characters, please.'
# include_blanks:
# defaults:
# age: 'Rather not say'
# prompts:
# defaults:
# age: 'Select your age'

View file

@ -0,0 +1,10 @@
= simple_form_for(@<%= singular_table_name %>) do |f|
= f.error_notification
<%- attributes.each do |attribute| -%>
= f.<%= attribute.reference? ? :association : :input %> :<%= %>
<%- end -%>
= f.button :submit

View file

@ -1,5 +1,78 @@
require 'rails_helper' require 'rails_helper'
require 'spec_helper'
RSpec.describe TransactionsController, type: :controller do RSpec.describe TransactionsController, type: :controller do
describe "creating transaction" do
before :each do
@debtor = create(:user)
@creditor = create(:user)
sign_in @debtor
context "with valid attributes" do
before :each do
@attributes = { transaction: {
cents: 70,
message: 'hoi'
post :create, @attributes
@transaction = Transaction.last
it "should create a new transaction" do
expect {post :create, @attributes}.to change {Transaction.count}.by(1)
it "should set debtor" do
expect(@transaction.debtor).to eq(@debtor)
it "should set amount" do
expect(@transaction.amount).to eq(70)
it "should set creditor" do
expect(@transaction.creditor).to eq(@creditor)
it "should set issuer" do
expect(@transaction.issuer).to eq(@debtor)
context "with float euros" do
it "should set correct amount" do
post :create, transaction: {
euros: 10.5,
message: "Omdat je een leuke jongen bent!"
expect(Transaction.last.amount).to eq(1050)
context "with negative amount" do
it "should be refused" do
expect do
post :create, transaction: attributes_for(:transaction, cents: -20)
end.not_to change {Transaction.count}
context "for other user" do
it "should be refused" do
expect do
post :create, transaction: {
euros: 10000000,
message: 'DIT IS OVERVAL'
end.not_to change {Transaction.count}
end end

View file

@ -11,5 +11,4 @@ require 'rails_helper'
# end # end
# end # end
RSpec.describe TransactionsHelper, type: :helper do RSpec.describe TransactionsHelper, type: :helper do
pending "add some examples to (or delete) #{__FILE__}"
end end

View file

@ -11,5 +11,4 @@ require 'rails_helper'
# end # end
# end # end
RSpec.describe UsersHelper, type: :helper do RSpec.describe UsersHelper, type: :helper do
pending "add some examples to (or delete) #{__FILE__}"
end end

View file

@ -21,8 +21,10 @@ Coveralls.wear!('rails')
# #
# See # See
require 'factory_girl' require 'factory_girl'
require 'devise'
RSpec.configure do |config| RSpec.configure do |config|
config.include FactoryGirl::Syntax::Methods config.include FactoryGirl::Syntax::Methods
config.include Devise::TestHelpers, type: :controller
# rspec-expectations config goes here. You can use an alternate # rspec-expectations config goes here. You can use an alternate
# assertion/expectation library such as wrong or the stdlib/minitest # assertion/expectation library such as wrong or the stdlib/minitest
# assertions if you prefer. # assertions if you prefer.