app/controllers/scrivito/objs_controller.rb in scrivito_sdk-0.17.0 vs app/controllers/scrivito/objs_controller.rb in scrivito_sdk-0.18.0

@@ -1,14 +1,21 @@
 module Scrivito
 
   class ObjsController < WebserviceController
-    before_filter :ensure_identical_selected_and_visible_workspace, only: [:create, :update, :copy,
-        :duplicate, :page_class_selection, :widget_class_selection]
+    around_action :authorize_selected_workspace_read,
+        only: [:details, :page_class_selection, :widget_class_selection, :search]
 
+    around_action :authorize_selected_workspace_write,
+        only: [:create, :update, :destroy, :destroy_widget, :revert, :restore, :mark_resolved,
+               :copy, :duplicate]
+
+    before_filter :ensure_identical_selected_and_visible_workspace,
+        only: [:create, :update, :copy, :duplicate, :page_class_selection, :widget_class_selection]
+
     def create
       created_obj = task_unaware_request(:post,
-        "workspaces/#{Workspace.current.id}/objs",
+        "workspaces/#{selected_workspace.id}/objs",
         {obj: obj_params}
       )
       render json: created_obj
     end
 
@@ -18,11 +25,11 @@
     end
 
     def update
       load_object
       changed_obj = task_unaware_request(:put,
-        "workspaces/#{Workspace.current.id}/objs/#{params[:id]}",
+        "workspaces/#{selected_workspace.id}/objs/#{params[:id]}",
         {obj: obj_params}
       )
       render json: changed_obj
     end
 
@@ -58,17 +65,17 @@
       in_selected_workspace { load_object.mark_resolved }
       render_empty_json
     end
 
     def copy
-      render json: copy_obj(get_obj_attributes(params[:id]), params[:parent_path])
+      render json: copy_obj(load_object, params[:parent_path])
     end
 
     def duplicate
-      attributes = get_obj_attributes(params[:id])
+      load_object
 
-      render json: copy_obj(attributes, parent_path(attributes['_path']))
+      render json: copy_obj(@obj, parent_path(@obj.path))
     end
 
     def page_class_selection
       valid_page_classes = Obj.valid_page_classes_beneath(params[:parent_path]) ||
           Obj.descendants
@@ -108,55 +115,62 @@
     def search
       in_selected_workspace do
         query = MultiJson.decode(params[:query]).with_indifferent_access
         search_builder = ObjSearchBuilder.new(query)
         enumerator = search_builder.build
+        formatter = fetch_formatter(query[:format])
 
         if params[:query_action] == 'size'
-          result = { total: enumerator.size }
-        else
+          render json: { total: enumerator.size }
+        elsif formatter
           batch = enumerator.load_batch
 
           result = {
             total: enumerator.size,
-            hits: batch
+            hits: batch.map { |obj| formatter.call(obj, scrivito_user) }
           }
-        end
 
-        render json: result
+          render json: result
+        else
+          render json: { error: format_missing_message(query[:format]) }, status: :not_found
+        end
       end
-    rescue ObjSearchEnumerator::UnregisteredObjFormat => e
-      render json: { error: e.message }, status: :not_found
     end
 
     private
 
     def load_object
       @obj = Obj.find(params[:id])
     end
 
     def ensure_identical_selected_and_visible_workspace
-      if editing_context.selected_workspace != editing_context.visible_workspace
+      if selected_workspace != editing_context.visible_workspace
         raise ScrivitoError, "selected and visible workspace are not identical"
       end
     end
 
     def obj_params
       @obj_params ||= ObjParamsParser.new(request.host, request.port).parse(@obj, params[:obj])
     end
 
-    def copy_obj(attributes, target_path=nil)
-      attributes = attributes.except('_permalink')
+    def copy_obj(obj, target_path)
       id = SecureRandom.hex(8)
-      attributes['_id'] = id
-      attributes['_path'] = "#{target_path}/#{id}"
 
-      task_unaware_request(:post, "workspaces/#{Workspace.current.id}/objs", obj: attributes)
+      copied_obj = obj.copy(_id: id, _path: "#{target_path}/#{id}")
+      dumped_last_changed = CmsRestApi::AttributeSerializer
+          .convert_time(copied_obj[:_last_changed])
+
+      {
+        _id: copied_obj[:_id],
+        _last_changed: dumped_last_changed,
+        _obj_class: copied_obj[:_obj_class_name],
+        _path: copied_obj[:_path],
+      }
     end
 
     def get_obj_attributes(id)
-      task_unaware_request(:get, "workspaces/#{Workspace.current.id}/objs/#{id}")
+      task_unaware_request(:get, "workspaces/#{selected_workspace.id}/objs/#{id}")
     end
 
     def parent_path(path)
       path.split('/')[0..-2].join('/')
     end
@@ -168,17 +182,39 @@
 
     delegate :task_unaware_request, to: CmsRestApi
 
     private
 
-    def in_selected_workspace
-      editing_context.selected_workspace.as_current do
-        yield
-      end
+    def authorize_selected_workspace_read(&block)
+      authorize_workspace_access(:read, selected_workspace, &block)
     end
 
+    def authorize_selected_workspace_write(&block)
+      authorize_workspace_access(:write, selected_workspace, &block)
+    end
+
+    def in_selected_workspace(&block)
+      selected_workspace.as_current(&block)
+    end
+
+    def selected_workspace
+      @selected_workspace ||= editing_context.selected_workspace
+    end
+
     def render_empty_json
       render json: {}
+    end
+
+    def fetch_formatter(name)
+      if name
+        Configuration.obj_formats[name]
+      else
+        proc { |obj, _| obj.id }
+      end
+    end
+
+    def format_missing_message(format_name)
+      "The format with the name '#{format_name}' is not registered"
     end
   end
 
 end