end
require 'load_param'
-require 'record_filters'
class ApplicationController < ActionController::Base
include CurrentApiClient
include ThemesForRails::ActionController
include LoadParam
- include RecordFilters
respond_to :json
protect_from_forgery
ERROR_ACTIONS = [:render_error, :render_not_found]
+ before_filter :disable_api_methods
before_filter :set_cors_headers
before_filter :respond_with_json_by_default
before_filter :remote_ip
def apply_filters model_class=nil
model_class ||= self.model_class
- ft = record_filters @filters, model_class
- if ft[:cond_out].any?
- @objects = @objects.where('(' + ft[:cond_out].join(') AND (') + ')',
- *ft[:param_out])
- end
+ @objects = model_class.apply_filters(@objects, @filters)
end
def apply_where_limit_order_params model_class=nil
return if limit_columns.empty?
model_class.transaction do
limit_query = @objects.
+ except(:select).
select("(%s) as read_length" %
- limit_columns.map { |s| "length(#{s})" }.join(" + "))
+ limit_columns.map { |s| "octet_length(#{s})" }.join(" + "))
new_limit = 0
read_total = 0
- limit_query.find_each do |record|
+ limit_query.each do |record|
new_limit += 1
read_total += record.read_length.to_i
- break if ((read_total >= Rails.configuration.max_index_database_read) or
- (new_limit >= @limit))
+ if read_total >= Rails.configuration.max_index_database_read
+ new_limit -= 1 if new_limit > 1
+ break
+ elsif new_limit >= @limit
+ break
+ end
end
@limit = new_limit
@objects = @objects.limit(@limit)
return @attrs if @attrs
@attrs = params[resource_name]
if @attrs.is_a? String
- @attrs = Oj.load @attrs, symbol_keys: true
+ @attrs = Oj.strict_load @attrs, symbol_keys: true
end
unless @attrs.is_a? Hash
message = "No #{resource_name}"
end
end
+ def disable_api_methods
+ if Rails.configuration.disable_api_methods.
+ include?(controller_name + "." + action_name)
+ send_error("Disabled", status: 404)
+ end
+ end
+
def set_cors_headers
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE'
def load_json_value(hash, key, must_be_class=nil)
if hash[key].is_a? String
- hash[key] = Oj.load(hash[key], symbol_keys: false)
+ hash[key] = Oj.strict_load(hash[key], symbol_keys: false)
if must_be_class and !hash[key].is_a? must_be_class
raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}")
end