X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/c131c301fedd3db40294fea2e5b964428ae9510b..27355f62088566a9388972e128bfb8ba77790e9a:/services/api/config/routes.rb

diff --git a/services/api/config/routes.rb b/services/api/config/routes.rb
index e0b89e0b1f..87c4d91757 100644
--- a/services/api/config/routes.rb
+++ b/services/api/config/routes.rb
@@ -1,113 +1,108 @@
 Server::Application.routes.draw do
-  resources :keep_disks
-  resources :commit_ancestors
-  resources :commits
-  resources :job_tasks
-  resources :jobs
-  resources :api_client_authorizations
-  resources :api_clients
-  resources :logs
-  resources :groups
-  resources :specimens
-  resources :collections
-  resources :links
-  resources :nodes
-  resources :pipeline_templates
-  resources :pipeline_instances
+  themes_for_rails
 
-  # The priority is based upon order of creation:
-  # first created -> highest priority.
-
-  # Sample of regular route:
-  #   match 'products/:id' => 'catalog#view'
-  # Keep in mind you can assign values other than :controller and :action
-
-  # Sample of named route:
-  #   match 'products/:id/purchase' => 'catalog#purchase', :as => :purchase
-  # This route can be invoked with purchase_url(:id => product.id)
-
-  # Sample resource route (maps HTTP verbs to controller actions automatically):
-  #   resources :products
-
-  # Sample resource route with options:
-  #   resources :products do
-  #     member do
-  #       get 'short'
-  #       post 'toggle'
-  #     end
-  #
-  #     collection do
-  #       get 'sold'
-  #     end
-  #   end
-
-  # Sample resource route with sub-resources:
-  #   resources :products do
-  #     resources :comments, :sales
-  #     resource :seller
-  #   end
-
-  # Sample resource route with more complex sub-resources
-  #   resources :products do
-  #     resources :comments
-  #     resources :sales do
-  #       get 'recent', :on => :collection
-  #     end
-  #   end
-
-  # Sample resource route within a namespace:
-  #   namespace :admin do
-  #     # Directs /admin/products/* to Admin::ProductsController
-  #     # (app/controllers/admin/products_controller.rb)
-  #     resources :products
-  #   end
-
-  # You can have the root of your site routed with "root"
-  # just remember to delete public/index.html.
-  # root :to => 'welcome#index'
-
-  # See how all your routes lay out with "rake routes"
-
-  # This is a legacy wild controller route that's not recommended for RESTful applications.
-  # Note: This route will make all actions in every controller accessible via GET requests.
-  # match ':controller(/:action(/:id(.:format)))'
+  # OPTIONS requests are not allowed at routes that use cookies.
+  ['/auth/*a', '/login', '/logout'].each do |nono|
+    match nono, to: 'user_sessions#cross_origin_forbidden', via: 'OPTIONS'
+  end
+  # OPTIONS at discovery and API paths get an empty response with CORS headers.
+  match '/discovery/v1/*a', to: 'static#empty', via: 'OPTIONS'
+  match '/arvados/v1/*a', to: 'static#empty', via: 'OPTIONS'
 
   namespace :arvados do
     namespace :v1 do
-      match '/schema' => 'schema#show'
-      match '/nodes/:uuid/ping' => 'nodes#ping', :as => :ping_node
-      match '/keep_disks/ping' => 'keep_disks#ping', :as => :ping_keep_disk
-      match '/links/from/:tail_uuid' => 'links#index', :as => :arvados_v1_links_from
-      match '/users/current' => 'users#current'
-      match '/jobs/queue' => 'jobs#queue'
-      resources :collections
+      resources :api_client_authorizations do
+        post 'create_system_auth', on: :collection
+        get 'current', on: :collection
+      end
+      resources :api_clients
+      resources :authorized_keys
+      resources :collections do
+        get 'provenance', on: :member
+        get 'used_by', on: :member
+        post 'trash', on: :member
+        post 'untrash', on: :member
+      end
+      resources :groups do
+        get 'contents', on: :collection
+        get 'contents', on: :member
+      end
+      resources :humans
+      resources :job_tasks
+      resources :containers do
+        get 'auth', on: :member
+        post 'lock', on: :member
+        post 'unlock', on: :member
+        get 'current', on: :collection
+      end
+      resources :container_requests
+      resources :jobs do
+        get 'queue', on: :collection
+        get 'queue_size', on: :collection
+        post 'cancel', on: :member
+        post 'lock', on: :member
+      end
+      resources :keep_disks do
+        post 'ping', on: :collection
+      end
+      resources :keep_services do
+        get 'accessible', on: :collection
+      end
       resources :links
-      resources :nodes
+      resources :logs
+      resources :nodes do
+        post 'ping', on: :member
+      end
+      resources :pipeline_instances do
+        post 'cancel', on: :member
+      end
       resources :pipeline_templates
-      resources :pipeline_instances
+      resources :workflows
+      resources :repositories do
+        get 'get_all_permissions', on: :collection
+      end
       resources :specimens
-      resources :groups
-      resources :logs
-      resources :users
-      resources :jobs
-      resources :job_tasks
-      resources :keep_disks
+      resources :traits
+      resources :user_agreements do
+        get 'signatures', on: :collection
+        post 'sign', on: :collection
+      end
+      resources :users do
+        get 'current', on: :collection
+        get 'system', on: :collection
+        post 'activate', on: :member
+        post 'setup', on: :collection
+        post 'unsetup', on: :member
+      end
+      resources :virtual_machines do
+        get 'logins', on: :member
+        get 'get_all_logins', on: :collection
+      end
+      get '/permissions/:uuid', to: 'links#get_permissions'
     end
   end
 
+  if Rails.env == 'test'
+    post '/database/reset', to: 'database#reset'
+  end
+
   # omniauth
-  match '/auth/:provider/callback', :to => 'user_sessions#create'
-  match '/auth/failure', :to => 'user_sessions#failure'
+  match '/auth/:provider/callback', to: 'user_sessions#create', via: [:get, :post]
+  match '/auth/failure', to: 'user_sessions#failure', via: [:get, :post]
+  # not handled by omniauth provider -> 403 with no CORS headers.
+  get '/auth/*a', to: 'user_sessions#cross_origin_forbidden'
 
   # Custom logout
-  match '/login', :to => 'user_sessions#login'
-  match '/logout', :to => 'user_sessions#logout'
+  match '/login', to: 'user_sessions#login', via: [:get, :post]
+  match '/logout', to: 'user_sessions#logout', via: [:get, :post]
+
+  match '/discovery/v1/apis/arvados/v1/rest', to: 'arvados/v1/schema#index', via: [:get, :post]
 
-  match '/discovery/v1/apis/arvados/v1/rest', :to => 'arvados/v1/schema#discovery_rest_description'
+  match '/static/login_failure', to: 'static#login_failure', as: :login_failure, via: [:get, :post]
 
   # Send unroutable requests to an arbitrary controller
   # (ends up at ApplicationController#render_not_found)
-  match '*a', :to => 'arvados/v1/links#render_not_found'
+  match '*a', to: 'static#render_not_found', via: [:get, :post, :put, :patch, :delete, :options]
 
-  root :to => 'static#home'
+  root to: 'static#home'
 end