Merge pull request #148 from azul/feature/api-quota-support

Feature/api quota support + current_user null pattern

9 files changed, 104 insertions, 51 deletions

diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb
index 03d3989..1f73f38 100644
--- a/app/controllers/controller_extension/authentication.rb
+++ b/app/controllers/controller_extension/authentication.rb
@@ -8,11 +8,11 @@ module ControllerExtension::Authentication
   end
 
   def current_user
-    @current_user ||= token_authenticate || warden.user
+    @current_user ||= token_authenticate || warden.user || anonymous
   end
 
   def logged_in?
-    !!current_user
+    current_user.is_a? User
   end
 
   def require_login
@@ -42,7 +42,7 @@ module ControllerExtension::Authentication
   end
 
   def admin?
-    current_user && current_user.is_admin?
+    current_user.is_admin?
   end
 
   def require_admin
@@ -72,4 +72,10 @@ module ControllerExtension::Authentication
     request.env['warden.options'] &&
       request.env['warden.options'][:attempted_path]
   end
+
+  protected
+
+  def anonymous
+    AnonymousUser.new
+  end
 end
diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb
index 64cfa7f..73409ef 100644
--- a/app/controllers/v1/certs_controller.rb
+++ b/app/controllers/v1/certs_controller.rb
@@ -4,7 +4,7 @@ class V1::CertsController < ApplicationController
 
   # GET /cert
   def show
-    @cert = ClientCertificate.new(:prefix => certificate_prefix)
+    @cert = ClientCertificate.new(:prefix => service_level.cert_prefix)
     render text: @cert.to_s, content_type: 'text/plain'
   end
 
@@ -13,38 +13,8 @@ class V1::CertsController < ApplicationController
   def anonymous_certs_allowed?
     APP_CONFIG[:allow_anonymous_certs]
   end
-  #
-  # this is some temporary logic until we store the service level in the user db.
-  #
-  # better logic might look like this:
-  #
-  # if logged_in?
-  #   service_level = user.service_level
-  # elsif allow_anonymous?
-  #   service_level = service_levels[:anonymous]
-  # else
-  #   service_level = nil
-  # end
-  #
-  # if service_level.bandwidth == 'limited' && allow_limited?
-  #   prefix = limited
-  # elsif allow_unlimited?
-  #   prefix = unlimited
-  # else
-  #   prefix = nil
-  # end
-  #
-  def certificate_prefix
-    if logged_in?
-      if APP_CONFIG[:allow_unlimited_certs]
-        APP_CONFIG[:unlimited_cert_prefix]
-      elsif APP_CONFIG[:allow_limited_certs]
-        APP_CONFIG[:limited_cert_prefix]
-      end
-    elsif !APP_CONFIG[:allow_limited_certs]
-      APP_CONFIG[:unlimited_cert_prefix]
-    else
-      APP_CONFIG[:limited_cert_prefix]
-    end
+
+  def service_level
+    current_user.effective_service_level
   end
 end
diff --git a/app/controllers/v1/messages_controller.rb b/app/controllers/v1/messages_controller.rb
index f71d0f1..85156b7 100644
--- a/app/controllers/v1/messages_controller.rb
+++ b/app/controllers/v1/messages_controller.rb
@@ -7,12 +7,11 @@ module V1
     respond_to :json
 
     def index
-      render json: (current_user ? current_user.messages : [] )
+      render json: current_user.messages
     end
 
     def update
-      message = Message.find(params[:id])
-      if (message and current_user)
+      if message = Message.find(params[:id])
         message.mark_as_read_by(current_user)
         message.save
         render json: true
diff --git a/app/controllers/v1/services_controller.rb b/app/controllers/v1/services_controller.rb
new file mode 100644
index 0000000..594940e
--- /dev/null
+++ b/app/controllers/v1/services_controller.rb
@@ -0,0 +1,8 @@
+class V1::ServicesController < ApplicationController
+
+  respond_to :json
+
+  def show
+    respond_with current_user.effective_service_level
+  end
+end
diff --git a/app/models/anonymous_service_level.rb b/app/models/anonymous_service_level.rb
new file mode 100644
index 0000000..4366a4a
--- /dev/null
+++ b/app/models/anonymous_service_level.rb
@@ -0,0 +1,30 @@
+class AnonymousServiceLevel
+
+  delegate :to_json, to: :config_hash
+
+  def cert_prefix
+    if APP_CONFIG[:allow_limited_certs]
+      APP_CONFIG[:limited_cert_prefix]
+    elsif APP_CONFIG[:allow_unlimited_certs]
+      APP_CONFIG[:unlimited_cert_prefix]
+    end
+  end
+
+  def description
+    if APP_CONFIG[:allow_anonymous_certs]
+      "anonymous access to the VPN"
+    else
+      "please login to access our services"
+    end
+  end
+
+  protected
+
+  def config_hash
+    { name: "anonymous",
+      description: description,
+      eip_rate_limit: APP_CONFIG[:allow_limited_certs]
+    }
+  end
+
+end
diff --git a/app/models/anonymous_user.rb b/app/models/anonymous_user.rb
new file mode 100644
index 0000000..360a577
--- /dev/null
+++ b/app/models/anonymous_user.rb
@@ -0,0 +1,27 @@
+# The nil object for the user class
+class AnonymousUser < Object
+
+  def effective_service_level
+    AnonymousServiceLevel.new
+  end
+
+  def is_admin?
+    false
+  end
+
+  def id
+    nil
+  end
+
+  def email_address
+    nil
+  end
+
+  def login
+    nil
+  end
+
+  def messages
+    []
+  end
+end
diff --git a/app/models/service_level.rb b/app/models/service_level.rb
index 299aaf1..5dd8838 100644
--- a/app/models/service_level.rb
+++ b/app/models/service_level.rb
@@ -4,16 +4,35 @@ class ServiceLevel
     @id = attributes[:id] || APP_CONFIG[:default_service_level]
   end
 
-  def self.authenticated_select_options
-    APP_CONFIG[:service_levels].map { |id,config_hash| [config_hash[:description], id] if config_hash[:name] != 'anonymous'}.compact
+  def self.select_options
+    APP_CONFIG[:service_levels].map do |id,config_hash|
+      [config_hash[:description], id]
+    end
   end
 
   def id
     @id
   end
 
+  delegate :to_json, to: :config_hash
+
+  def cert_prefix
+    if limited_cert?
+      APP_CONFIG[:limited_cert_prefix]
+    elsif APP_CONFIG[:allow_unlimited_certs]
+      APP_CONFIG[:unlimited_cert_prefix]
+    end
+  end
+
+  protected
+
+  def limited_cert?
+    APP_CONFIG[:allow_limited_certs] &&
+      (!APP_CONFIG[:allow_unlimited_certs] || config_hash[:eip_rate_limit])
+  end
+
   def config_hash
-    APP_CONFIG[:service_levels][@id]
+    @config_hash || APP_CONFIG[:service_levels][@id].with_indifferent_access
   end
 
 end
diff --git a/app/models/unauthenticated_user.rb b/app/models/unauthenticated_user.rb
deleted file mode 100644
index 0fc17d2..0000000
--- a/app/models/unauthenticated_user.rb
+++ /dev/null
@@ -1,6 +0,0 @@
-# The nil object for the user class
-class UnauthenticatedUser < Object
-
-  # will probably want something here to return service level as  APP_CONFIG[:service_levels][0] but not sure how will be accessing.
-
-end
diff --git a/app/views/users/_change_service_level.html.haml b/app/views/users/_change_service_level.html.haml
index 61e67d9..42315a2 100644
--- a/app/views/users/_change_service_level.html.haml
+++ b/app/views/users/_change_service_level.html.haml
@@ -8,11 +8,11 @@
     %legend= t(:service_level)
     - if @user != current_user
       = t(:desired_service_level)
-    = f.select :desired_service_level_code, ServiceLevel.authenticated_select_options, :selected => @user.desired_service_level.id
+    = f.select :desired_service_level_code, ServiceLevel.select_options, :selected => @user.desired_service_level.id
     - if @user != current_user
       %p
       = t(:effective_service_level)
-      = f.select :effective_service_level_code, ServiceLevel.authenticated_select_options, :selected => @user.effective_service_level.id
+      = f.select :effective_service_level_code, ServiceLevel.select_options, :selected => @user.effective_service_level.id
     .control-group
       .controls
         = f.submit t(:save), :class => 'btn', :data => {"loading-text" => "Saving..."}