Begin work on a Cool And New JSON API

- Add API-controller, permitting RO access to some resources when logged
    in:
    - Activities
    - Groups
    - Own Person
- Use rabl for json templating

Gemfile

 # Use HAML for templates
 gem 'haml'
 
+# Use RABL for JSON
+gem 'rabl'
+gem 'oj'
+
 # Use Fontawesome icons
 gem 'font-awesome-sass'
 

Gemfile.lock

     nio4r (2.0.0)
     nokogiri (1.7.1)
       mini_portile2 (~> 2.1.0)
+    oj (3.3.5)
     pg (0.20.0)
     puma (3.8.2)
+    rabl (0.13.1)
+      activesupport (>= 2.3.14)
     rack (2.0.1)
     rack-test (0.6.3)
       rack (>= 1.0)
   jquery-rails
   listen (~> 3.0.5)
   mailgun_rails
+  oj
   pg
   puma (~> 3.0)
+  rabl
   rails (~> 5.0.0, >= 5.0.0.1)
   sass-rails (~> 5.0)
   spring

app/assets/javascripts/authentication.coffee

-# Place all the behaviors and hooks related to the matching controller here.
-# All this logic will automatically be available in application.js.
-# You can use CoffeeScript in this file: http://coffeescript.org/

app/assets/stylesheets/api.scss

+// Place all the styles related to the Api controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/

app/assets/stylesheets/api/me.scss

+// Place all the styles related to the Api::Me controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/

app/controllers/api/activities_controller.rb

+class Api::ActivitiesController < ApiController
+  before_action :set_activity, only: [:show]
+  before_action :require_membership!, only: [:show]
+  before_action :api_require_admin!, only: [:index]
+
+  # GET /api/activities
+  # GET /api/activities.json
+  def index
+    @activities = Activity.all
+  end
+
+  # GET /api/activities/1
+  # GET /api/activities/1.json
+  def show
+  end
+
+  private
+    # Use callbacks to share common setup or constraints between actions.
+    def set_activity
+      @activity = Activity.find(params[:id])
+      @group = @activity.group
+    end
+end

app/controllers/api/groups_controller.rb

+class Api::GroupsController < ApiController
+  before_action :set_group, only: [:show]
+  before_action :require_membership!, only: [:show]
+  before_action :api_require_admin!, only: [:index]
+
+  # GET /api/groups
+  # GET /api/groups.json
+  def index
+    @api_groups = Api::Group.all
+  end
+
+  # GET /api/groups/1
+  def show
+  end
+
+  private
+    # Use callbacks to share common setup or constraints between actions.
+    def set_group
+      @group = Group.find(params[:id])
+    end
+end

app/controllers/api/me_controller.rb

+class Api::MeController < ApiController
+  def index
+    @person = current_person
+    render 'api/people/show'
+  end
+
+  def groups
+    @groups = current_person.groups
+    render 'api/groups/index'
+  end
+end

app/controllers/api/people_controller.rb

+class Api::PeopleController < ApiController
+  before_action :set_person, only: [:show]
+  before_action :api_require_admin! # Normal people should use /me
+
+  # GET /api/people
+  # GET /api/people.json
+  def index
+    @people = Person.all
+  end
+
+  # GET /api/people/1
+  # GET /api/people/1.json
+  def show
+  end
+
+  private
+    # Use callbacks to share common setup or constraints between actions.
+    def set_person
+      @person = Person.find(params[:id])
+    end
+end

app/controllers/api_controller.rb

+class ApiController < ActionController::Base
+  include AuthenticationHelper
+
+  before_action :api_require_authentication!, except: [:status]
+
+  def status
+    @message = "Ok"
+    render 'api/ok'
+  end
+
+  protected
+  def api_require_authentication!
+    if !is_logged_in?
+      head :unauthorized
+    end
+  end
+
+  def api_require_admin!
+    if !current_person.is_admin?
+      @message = I18n.t('authentication.admin_required')
+      render 'api/error', status: :forbidden
+    end
+  end
+
+  # Require user to be a member of group OR admin, requires @group set
+  def require_membership!
+    if !current_person.groups.include?(@group) && !current_person.is_admin?
+      @message = I18n.t('authentication.membership_required')
+      render 'api/error', status: :forbidden
+    end
+  end
+end

app/helpers/api/activities_helper.rb

+module Api::ActivitiesHelper
+end

app/helpers/api/groups_helper.rb

+module Api::GroupsHelper
+end

app/helpers/api/me_helper.rb

+module Api::MeHelper
+end

app/helpers/api/people_helper.rb

+module Api::PeopleHelper
+end

app/helpers/api_helper.rb

+module ApiHelper
+end

app/views/api/activities/index.rabl

+collection @activities
+
+attributes :id, :name

app/views/api/activities/show.rabl

+object @activity
+
+attributes :id, :name, :start, :end, :deadline, :location
+
+node :response_counts do
+  c = @activity.state_counts
+  {
+    "present": c[true]  || "0",
+    "unknown": c[nil]   || "0",
+    "absent":  c[false] || "0"
+  }
+end
+
+child :participants do
+  child :person do
+    attribute :id, :full_name
+  end
+  attribute :attending, :notes, :is_organizer
+end
+
+child :group do
+  attribute :id, :name
+end

app/views/api/error.rabl

+object false
+
+node :ok do
+  false
+end
+
+node :message do
+  @message
+end

app/views/api/groups/index.rabl

+collection @groups
+
+attribute :id, :name

app/views/api/groups/show.rabl

+object @group
+
+attributes :id, :name
+
+child :members do
+  child :person do
+    attribute :id, :full_name
+  end
+  attribute :is_leader
+end
+
+child :activities do
+  attributes :id, :name
+end

app/views/api/ok.rabl

+object false
+
+node :ok do
+  true
+end
+
+node :message do
+  @message
+end

app/views/api/people/show.rabl

+object @person
+
+attributes :first_name, :infix, :last_name, :full_name

config/locales/authentication/en.yml

     login_required: "You need to be logged in to do that."
     admin_required: "You need to be an administrator to do that."
     organizer_required: "You need to be an organizer to do that."
+    membership_required: "You need to be a member of that group to do that."
     activation_required: "Your account has not yet been activated, please confirm your account using the email you received."
     already_activated: "Your account has already been activated, please use the 'Forgot password' form if you want to reset your password."
     password_repeat_mismatch: "Password confirmation does not match your password!"

config/locales/authentication/nl.yml

     login_required: "Je moet eerst inloggen."
     admin_required: "Je moet een beheerder zijn om dat te doen."
     organizer_required: "Je moet een organisator zijn om dat te doen."
+    membership_required: "Je moet lid zijn van die groep om dat te doen."
     activation_required: "Je account is nog niet geactiveerd! Bevestig je e-mailadres door op de link te klikken die je in je mail hebt gehad."
     already_activated: "Je account is al geactiveerd! Gebruik het 'Wachtwoord vergeten'-formulier als je je wachtwoord opnieuw in wilt stellen."
     password_repeat_mismatch: "Je hebt niet twee keer hetzelfde wachtwoord ingevuld!"

config/puma.rb

 
 # Specifies the `environment` that Puma will run in.
 #
-environment ENV.fetch("RAILS_ENV") { "development" }
+env = ENV.fetch("RAILS_ENV") { "development" }
+environment env
 
 state_path "#{ENV['AARDBEI_PATH']}/tmp/pids/puma.state"
-stdout_redirect "#{ENV['AARDBEI_PATH']}/log/stdout", "#{ENV['AARDBEI_PATH']}/log/stderr", true
+if env == "production"
+  stdout_redirect "#{ENV['AARDBEI_PATH']}/log/stdout", "#{ENV['AARDBEI_PATH']}/log/stderr", true
+end
 
 
 # Specifies the number of `workers` to boot in clustered mode.

config/routes.rb

   get 'my_groups', to: 'groups#user_groups', as: :user_groups
 
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
+  namespace 'api' do
+    get 'status'
+    scope 'me' do
+      root to: 'me#index'
+      get 'groups', to: 'me#groups'
+    end
+
+    resources :groups, only: [:index, :show]
+    resources :activities, only: [:index, :show]
+    resources :people, only: [:index, :show]
+  end
 end

test/controllers/api/activities_controller_test.rb

+require 'test_helper'
+
+class Api::ActivitiesControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @api_activity = api_activities(:one)
+  end
+
+  test "should get index" do
+    get api_activities_url
+    assert_response :success
+  end
+
+  test "should get new" do
+    get new_api_activity_url
+    assert_response :success
+  end
+
+  test "should create api_activity" do
+    assert_difference('Api::Activity.count') do
+      post api_activities_url, params: { api_activity: {  } }
+    end
+
+    assert_redirected_to api_activity_url(Api::Activity.last)
+  end
+
+  test "should show api_activity" do
+    get api_activity_url(@api_activity)
+    assert_response :success
+  end
+
+  test "should get edit" do
+    get edit_api_activity_url(@api_activity)
+    assert_response :success
+  end
+
+  test "should update api_activity" do
+    patch api_activity_url(@api_activity), params: { api_activity: {  } }
+    assert_redirected_to api_activity_url(@api_activity)
+  end
+
+  test "should destroy api_activity" do
+    assert_difference('Api::Activity.count', -1) do
+      delete api_activity_url(@api_activity)
+    end
+
+    assert_redirected_to api_activities_url
+  end
+end

test/controllers/api/groups_controller_test.rb

+require 'test_helper'
+
+class Api::GroupsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @api_group = api_groups(:one)
+  end
+
+  test "should get index" do
+    get api_groups_url
+    assert_response :success
+  end
+
+  test "should get new" do
+    get new_api_group_url
+    assert_response :success
+  end
+
+  test "should create api_group" do
+    assert_difference('Api::Group.count') do
+      post api_groups_url, params: { api_group: {  } }
+    end
+
+    assert_redirected_to api_group_url(Api::Group.last)
+  end
+
+  test "should show api_group" do
+    get api_group_url(@api_group)
+    assert_response :success
+  end
+
+  test "should get edit" do
+    get edit_api_group_url(@api_group)
+    assert_response :success
+  end
+
+  test "should update api_group" do
+    patch api_group_url(@api_group), params: { api_group: {  } }
+    assert_redirected_to api_group_url(@api_group)
+  end
+
+  test "should destroy api_group" do
+    assert_difference('Api::Group.count', -1) do
+      delete api_group_url(@api_group)
+    end
+
+    assert_redirected_to api_groups_url
+  end
+end

test/controllers/api/me_controller_test.rb

+require 'test_helper'
+
+class Api::MeControllerTest < ActionDispatch::IntegrationTest
+  # test "the truth" do
+  #   assert true
+  # end
+end

test/controllers/api/people_controller_test.rb

+require 'test_helper'
+
+class Api::PeopleControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @api_person = api_people(:one)
+  end
+
+  test "should get index" do
+    get api_people_url
+    assert_response :success
+  end
+
+  test "should get new" do
+    get new_api_person_url
+    assert_response :success
+  end
+
+  test "should create api_person" do
+    assert_difference('Api::Person.count') do
+      post api_people_url, params: { api_person: {  } }
+    end
+
+    assert_redirected_to api_person_url(Api::Person.last)
+  end
+
+  test "should show api_person" do
+    get api_person_url(@api_person)
+    assert_response :success
+  end
+
+  test "should get edit" do
+    get edit_api_person_url(@api_person)
+    assert_response :success
+  end
+
+  test "should update api_person" do
+    patch api_person_url(@api_person), params: { api_person: {  } }
+    assert_redirected_to api_person_url(@api_person)
+  end
+
+  test "should destroy api_person" do
+    assert_difference('Api::Person.count', -1) do
+      delete api_person_url(@api_person)
+    end
+
+    assert_redirected_to api_people_url
+  end
+end

test/controllers/api_controller_test.rb

+require 'test_helper'
+
+class ApiControllerTest < ActionDispatch::IntegrationTest
+  # test "the truth" do
+  #   assert true
+  # end
+end