edit grids and pathways

[chadwhitacre]

Incorporates #377, so merge that first and then rebase here.

To-do

• [x] remove topics grids under "All Topics Grids" (drag to garbage can? little clicky x or trashcan when loaded?)
• [x] rename a topic grid
• [x] remove pathways under "$Topic" "$Grid"
• [x] rename a pathway
• [x] keep "All Topics Grids" and "$Topic" "$Grid" alphabetized

[chadwhitacre]

[chadwhitacre]

What happens if anon tries to edit?

[chadwhitacre]

I'm having trouble testing as anon. I can't find localhost:3000 from curl, even with --ipv4.

$ curl http://localhost:3000/
curl: (7) Failed to connect to localhost port 3000: Connection refused
$ curl --ipv4 http://localhost:3000/
curl: (7) Failed to connect to localhost port 3000: Connection refused
$

Postman (h/t @dmtroyer) gives a 500:

Is that the anon behavior, then?

[chadwhitacre]

I yanked the Cookie from Chrome (which encodes auth, ya?) and put it in Postman and I still get the same 500.

[chadwhitacre]

Gosh. Rails and Chrome are using IPv6! :flushed:

$ curl --ipv4 http://localhost:3000/
curl: (7) Failed to connect to localhost port 3000: Connection refused
$ curl --ipv6 http://localhost:3000/
<!DOCTYPE html>
<html ng-app="caac">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="shortcut icon" href="shared/favicon/favicon.ico"/>
    <title></title>
    <link rel="stylesheet" href="app.min.css">
    <link rel="stylesheet" href="vendors.min.css">
    <link rel="stylesheet" href="http://fonts.googleapis.com/css?family=Open+Sans:400,400italic,600,600italic,800,800italic">
    <script type="text/javascript" src="//maps.googleapis.com/maps/api/js"></script>
  </head>
  <body>
    <ng-view></ng-view>
    <script type="text/javascript" src="vendors.min.js"></script>
    <script type="text/javascript" src="app.min.js"></script>
  </body>
</html>
$

[chadwhitacre]

Okay! Rails wants an application/json POST body, I had been sending form-data from Postman.

Looks like the PUT still works without the Cookie header, which I take it indicates that we aren't sufficiently protecting the endpoint yet.

[chadwhitacre]

Yeah, these endpoints are wide open:

$ curl --ipv6 http://localhost:3000/pathways/1.json
{"pathway":{"id":1,"name":"Bloo","nodes":[]}}$
$ curl --ipv6 http://localhost:3000/pathways/1.json -X PUT --data-binary '{"name": "Blah"}' -H"Content-Typepplication/json"
$ curl --ipv6 http://localhost:3000/pathways/1.json
{"pathway":{"id":1,"name":"Blah","nodes":[]}}$

Hmm ... I guess we need to fix that app-wide, not just here. I think I'll leave that to another PR for now.

[chadwhitacre]

POSTing to pathways also works for anon:

$ curl --ipv6 http://localhost:3000/pathways.json -X POST --data-binary '{"name": "Flam", "grid_id": "1"}' -H"Content-Type: application/json"
{"pathway":{"id":2,"name":"Flam","nodes":[]}}$

[chadwhitacre]

[dmtroyer]

Move the endpoint within the api/v1 scope.

[dmtroyer]

OH! And in the rails controller add a call to authenticate_user! in a before_action filter for the pertinent actions ala https://github.com/saxifrage/cityasacampus/blob/edit-map-things/app/controllers/organizers_controller.rb#L3

[dmtroyer]

uhh, I can make those changes on #377 before I merge it?

[chadwhitacre]

[chadwhitacre]

uhh, I can make those changes on #377 before I merge it?

Whichever. #377 is just against #364, so merging #377 is not merging to master.

[dmtroyer]

Whichever. #377 is just against #364, so merging #377 is not merging to master.

Ok, I'm a little confused with the PR hierarchy so I'll just put it somewhere.

[chadwhitacre]

I'm a little confused with the PR hierarchy

Yeah, it's gettin' squirrelly. :-)

• 380 is a prerequisite PR for #364.

• 364 is the main PR for #227.

• 377 is a PR against #364.

• 384 (this one) is a second PR against #364 that incorporates #377.

My expectation is that we would merge #377 to #364 next. Then I'll rebase this PR and get it ready for review & merge to #364 as well.

I'm expecting to keep making smaller PRs against #364 until #364 is ready to merge to master.

[chadwhitacre]

380 is ready for review and merge to master.

377 is ready for review and merge to #364.

[chadwhitacre]

I'll just put it somewhere

I propose that we make another PR against #364 to clean up auth for all of the endpoints in one fell swoop.

[chadwhitacre]

Do we have any modals lying around that we could use instead of the stock browser UI popups?

[chadwhitacre]

Nothin' called modal in client/.

[chadwhitacre]

Not gonna worry about modals for now.

[chadwhitacre]

Onward!

[chadwhitacre]

Rebased onto #364 at d611e9cd741d80bbec717f7e9c0320fa36bb37fb. Previous head was 1c5c0ef8ab7bd659ad5179292d6fa1f4886d2e31.

[chadwhitacre]

Squashed. Previous head was b17d391513b3ba158ae53e30c0aa3ec8bcc0da66.