File Coverage

blib/lib/Yancy/Controller/Yancy/MultiTenant.pm
Criterion Covered Total %
statement 41 42 97.6
branch 11 14 78.5
condition 18 25 72.0
subroutine 7 7 100.0
pod 4 4 100.0
total 81 92 88.0


line stmt bran cond sub pod time code
1             package Yancy::Controller::Yancy::MultiTenant;
2             our $VERSION = '1.086';
3             # ABSTRACT: A controller to show a user only their content
4              
5             #pod =head1 SYNOPSIS
6             #pod
7             #pod use Mojolicious::Lite;
8             #pod plugin Yancy => {
9             #pod schema => {
10             #pod blog => {
11             #pod properties => {
12             #pod id => { type => 'integer' },
13             #pod user_id => { type => 'integer' },
14             #pod title => { type => 'string' },
15             #pod html => { type => 'string' },
16             #pod },
17             #pod },
18             #pod },
19             #pod };
20             #pod
21             #pod app->routes->get( '/user/:user_id' )->to(
22             #pod 'yancy-multi_tenant#list',
23             #pod schema => 'blog',
24             #pod template => 'index'
25             #pod );
26             #pod
27             #pod __DATA__
28             #pod @@ index.html.ep
29             #pod % for my $item ( @{ stash 'items' } ) {
30             #pod

<%= $item->{title} %>

31             #pod <%== $item->{html} %>
32             #pod % }
33             #pod
34             #pod =head1 DESCRIPTION
35             #pod
36             #pod This module contains routes to manage content owned by users. When paired
37             #pod with an authentication plugin like L, each user
38             #pod is allowed to manage their own content.
39             #pod
40             #pod This controller extends L to add filtering content
41             #pod by a user's ID.
42             #pod
43             #pod =head1 EXAMPLES
44             #pod
45             #pod To use this controller when the URL displays a username and the content
46             #pod uses an internal ID, you can use an C route to map the username
47             #pod in the path to the ID:
48             #pod
49             #pod my $user_route = app->routes->under( '/:username', sub {
50             #pod my ( $c ) = @_;
51             #pod my $username = $c->stash( 'username' );
52             #pod my @users = $c->yancy->list( user => { username => $username } );
53             #pod if ( my $user = $users[0] ) {
54             #pod $c->stash( user_id => $user->{id} );
55             #pod return 1;
56             #pod }
57             #pod return $c->reply->not_found;
58             #pod } );
59             #pod
60             #pod # /:username - List blog posts
61             #pod $user_route->get( '' )->to(
62             #pod 'yancy-multi_tenant#list',
63             #pod schema => 'blog',
64             #pod template => 'blog_list',
65             #pod );
66             #pod # /:username/:id/:slug - Get a single blog post
67             #pod $user_route->get( '/:id/:slug' )->to(
68             #pod 'yancy-multi_tenant#get',
69             #pod schema => 'blog',
70             #pod template => 'blog_view',
71             #pod );
72             #pod
73             #pod To build a website where content is only for the current logged-in user,
74             #pod combine this controller with an auth plugin like
75             #pod L. Use an C route to set the
76             #pod C from the current user.
77             #pod
78             #pod app->yancy->plugin( 'Auth::Basic', {
79             #pod route => any( '' ), # All routes require login
80             #pod schema => 'user',
81             #pod username_field => 'username',
82             #pod password_digest => { type => 'SHA-1' },
83             #pod } );
84             #pod
85             #pod my $user_route = app->yancy->auth->route->under( '/', sub {
86             #pod my ( $c ) = @_;
87             #pod my $user = $c->yancy->auth->current_user;
88             #pod $c->stash( user_id => $user->{id} );
89             #pod return 1;
90             #pod } );
91             #pod
92             #pod # / - List todo items
93             #pod $user_route->get( '' )->to(
94             #pod 'yancy-multi_tenant#list',
95             #pod schema => 'todo_item',
96             #pod template => 'todo_list',
97             #pod );
98             #pod
99             #pod =head1 SEE ALSO
100             #pod
101             #pod L, L, L
102             #pod
103             #pod =cut
104              
105 2     2   10494 use Mojo::Base 'Yancy::Controller::Yancy';
  2         4  
  2         13  
106 2     2   237 use Yancy::Util qw( derp );
  2         5  
  2         1408  
107              
108             #pod =method list
109             #pod
110             #pod $routes->get( '/:user_id' )->to(
111             #pod 'yancy-multi_tenant#list',
112             #pod schema => $schema_name,
113             #pod template => $template_name,
114             #pod );
115             #pod
116             #pod This method is used to list content owned by the given user (specified
117             #pod in the C stash value).
118             #pod
119             #pod =head4 Input Stash
120             #pod
121             #pod This method extends L and adds the
122             #pod following configuration and stash values:
123             #pod
124             #pod =over
125             #pod
126             #pod =item user_id
127             #pod
128             #pod The ID of the user whose content should be listed. Required. Should
129             #pod match a value in the C.
130             #pod
131             #pod =item user_id_field
132             #pod
133             #pod The field in the item that holds the user ID. Defaults to C.
134             #pod
135             #pod =back
136             #pod
137             #pod =cut
138              
139             sub list {
140 4     4 1 232298 my ( $c ) = @_;
141 4   100     19 my $user_id = $c->stash( 'user_id' ) || die "User ID not defined in stash";
142             $c->stash( filter => {
143 3   100     75 %{ $c->_resolve_filter },
  3         19  
144             $c->stash( 'user_id_field' ) // 'user_id' => $user_id,
145             } );
146 3         99 return $c->SUPER::list;
147             }
148              
149             #pod =method get
150             #pod
151             #pod $routes->get( '/:user_id/:id' )->to(
152             #pod 'yancy-multi_tenant#get',
153             #pod schema => $schema_name,
154             #pod template => $template_name,
155             #pod );
156             #pod
157             #pod This method is used to show a single item owned by a user (given by the
158             #pod C stash value).
159             #pod
160             #pod =head4 Input Stash
161             #pod
162             #pod This method extends L and adds the
163             #pod following configuration and stash values:
164             #pod
165             #pod =over
166             #pod
167             #pod =item user_id
168             #pod
169             #pod The ID of the user whose content should be listed. Required. Should
170             #pod match a value in the C.
171             #pod
172             #pod =item user_id_field
173             #pod
174             #pod The field in the item that holds the user ID. Defaults to C.
175             #pod
176             #pod =back
177             #pod
178             #pod =cut
179              
180             sub get {
181 7     7 1 686545 my ( $c ) = @_;
182 7 100       39 return if !$c->_is_owned_by;
183 2         64 return $c->SUPER::get;
184             }
185              
186             #pod =method set
187             #pod
188             #pod $routes->any( [ 'GET', 'POST' ] => '/:id/edit' )->to(
189             #pod 'yancy#set',
190             #pod schema => $schema_name,
191             #pod template => $template_name,
192             #pod );
193             #pod
194             #pod $routes->any( [ 'GET', 'POST' ] => '/create' )->to(
195             #pod 'yancy#set',
196             #pod schema => $schema_name,
197             #pod template => $template_name,
198             #pod forward_to => $route_name,
199             #pod );
200             #pod
201             #pod This route creates a new item or updates an existing item in
202             #pod a schema. If the user is making a C request, they will simply
203             #pod be shown the template. If the user is making a C or C
204             #pod request, the form parameters will be read, the data will be validated
205             #pod against L,
206             #pod and the user will either be shown the form again with the
207             #pod result of the form submission (success or failure) or the user will be
208             #pod forwarded to another place.
209             #pod
210             #pod This method does not authenticate users. User authentication and
211             #pod authorization should be performed by an auth plugin like
212             #pod L.
213             #pod
214             #pod =head4 Input Stash
215             #pod
216             #pod This method extends L and adds the
217             #pod following configuration and stash values:
218             #pod
219             #pod =over
220             #pod
221             #pod =item user_id
222             #pod
223             #pod The ID of the user whose content is being edited. Required. Will be
224             #pod set in the C.
225             #pod
226             #pod =item user_id_field
227             #pod
228             #pod The field in the item that holds the user ID. Defaults to C.
229             #pod This field will be filled in with the C stash value.
230             #pod
231             #pod =back
232             #pod
233             #pod =cut
234              
235             sub set {
236 14     14 1 569895 my ( $c ) = @_;
237              
238             # Users are not allowed to edit content from other users
239 14         75 my $id = $c->stash( 'id' );
240 14 50 66     275 return if $id && !$c->_is_owned_by;
241              
242 13 100       94 if ( $c->req->method ne 'GET' ) {
243 8   50     228 my $user_id_field = $c->stash( 'user_id_field' ) // 'user_id';
244 8         111 my $user_id = $c->stash( 'user_id' );
245 8 100       88 if ( eval { $c->req->json } ) {
  8         796  
246 2         825 $c->req->json->{ $user_id_field } = $user_id;
247             }
248             else {
249 6         8343 $c->req->param( $user_id_field => $c->stash( 'user_id' ) );
250             }
251             }
252              
253 13         4991 return $c->SUPER::set;
254             }
255              
256             #pod =method delete
257             #pod
258             #pod $routes->any( [ 'GET', 'POST' ], '/delete/:id' )->to(
259             #pod 'yancy#delete',
260             #pod schema => $schema_name,
261             #pod template => $template_name,
262             #pod forward_to => $route_name,
263             #pod );
264             #pod
265             #pod This route deletes an item from a schema. If the user is making
266             #pod a C request, they will simply be shown the template (which can be
267             #pod used to confirm the delete). If the user is making a C or C
268             #pod request, the item will be deleted and the user will either be shown the
269             #pod form again with the result of the form submission (success or failure)
270             #pod or the user will be forwarded to another place.
271             #pod
272             #pod This method does not authenticate users. User authentication and
273             #pod authorization should be performed by an auth plugin like
274             #pod L.
275             #pod
276             #pod =head4 Input Stash
277             #pod
278             #pod This method extends L and adds the
279             #pod following configuration and stash values:
280             #pod
281             #pod =over
282             #pod
283             #pod =item user_id
284             #pod
285             #pod The ID of the user whose content is being edited. Required. Will be
286             #pod set in the C.
287             #pod
288             #pod =item user_id_field
289             #pod
290             #pod The field in the item that holds the user ID. Defaults to C.
291             #pod This field will be filled in with the C stash value.
292             #pod
293             #pod =back
294             #pod
295             #pod =cut
296              
297             sub delete {
298 9     9 1 421141 my ( $c ) = @_;
299 9 50       61 return if !$c->_is_owned_by;
300 6         46 return $c->SUPER::delete;
301             }
302              
303             # =sub _is_owned_by
304             #
305             # return if !_is_owned_by();
306             #
307             # Check that the currently-requested item is owned by the user_id in the
308             # stash. This uses the schema, id, user_id, and user_id_field stash
309             # values. user_id_field defaults to 'user_id'. All other fields are
310             # required and will throw an exception if missing.
311             sub _is_owned_by {
312 23     23   70 my ( $c ) = @_;
313 23 50       100 if ( $c->stash( 'collection' ) ) {
314 0         0 derp '"collection" stash key is now "schema" in controller configuration';
315             }
316 23   100     339 my $schema_name = $c->stash( 'schema' ) || $c->stash( 'collection' )
317             || die "Schema name not defined in stash";
318 21   100     311 my $user_id = $c->stash( 'user_id' ) || die "User ID not defined in stash";
319 18         254 my $schema = $c->yancy->schema( $schema_name );
320             # XXX: The id_field stash is not documented and is only used by the
321             # editor plugin API. We should make it so the editor API does not
322             # need to use this anymore, and instead uses the x-id-field directly.
323 18   33     97 my $id_field = $c->stash( 'id_field' ) // $schema->{'x-id-field'} // 'id';
      50        
324 18   100     370 my $id = $c->stash( $id_field ) // die sprintf 'ID field "%s" not defined in stash', $id_field;
325 16   50     210 my $user_id_field = $c->stash( 'user_id_field' ) // 'user_id';
326 16         204 my $item = $c->yancy->backend->get( $schema_name => $id );
327 16 100 66     127 if ( !$item || $item->{ $user_id_field } ne $user_id ) {
328 2         23 $c->reply->not_found;
329 2         239832 return 0;
330             }
331 14         238 return 1;
332             }
333              
334             1;
335              
336             __END__