diff --git a/tracks/app/apis/todo_api.rb b/tracks/app/apis/todo_api.rb new file mode 100644 index 00000000..385a207f --- /dev/null +++ b/tracks/app/apis/todo_api.rb @@ -0,0 +1,5 @@ +class TodoApi < ActionWebService::API::Base + api_method :new_todo, + :expects => [{:username => :string}, {:token => :string}, {:context_id => :int}, {:description => :string}], + :returns => [:int] +end diff --git a/tracks/app/controllers/backend_controller.rb b/tracks/app/controllers/backend_controller.rb new file mode 100644 index 00000000..ee8fa802 --- /dev/null +++ b/tracks/app/controllers/backend_controller.rb @@ -0,0 +1,31 @@ +class BackendController < ApplicationController + wsdl_service_name 'Backend' + web_service_api TodoApi + web_service_scaffold :invoke + + def new_todo(username, token, context_id, description) + if !check_token_against_user_word(username, token) + raise "invalid token" + end + + item = @user.todos.build + item.description = description + item.context_id = context_id + item.save + raise item.errors.full_messages.to_s if item.new_record? + item.id + end + + protected + + # Check whether the token in the URL matches the word in the User's table + def check_token_against_user_word(username, token) + @user = User.find_by_login( username ) + unless ( token == @user.word) + render :text => "Sorry, you don't have permission to perform this action." + return false + end + true + end + +end diff --git a/tracks/app/models/todo.rb b/tracks/app/models/todo.rb index 690d2e58..d8c490b4 100644 --- a/tracks/app/models/todo.rb +++ b/tracks/app/models/todo.rb @@ -10,7 +10,7 @@ class Todo < ActiveRecord::Base # Notes must be < 60,000 bytes (65,000 actually, but I'm being cautious) validates_presence_of :description validates_length_of :description, :maximum => 100 - validates_length_of :notes, :maximum => 60000 + validates_length_of :notes, :maximum => 60000, :allow_nil => true def self.not_done( id=id ) self.find(:all, :conditions =>[ "done = ? AND context_id = ?", false, id], :order =>"due IS NULL, due ASC, created_at ASC")