Make some APIs public, require auth for non-GET requests

Gemfile

@@ -85,6 +85,7 @@ gem 'json', "~> 1.6.0" # isn't json built-in?
 gem 'system_timer', :platforms => [:ruby_18] # this is annoying
 gem 'heroku' # access heroku api
 gem 'rack-timeout' # Timeout requests that take too long
+gem 'require_all', '~> 1.2.1' # require all ruby files in a directory
 
 group :assets do
   gem 'uglifier'
@@ -128,7 +129,7 @@ group :test do
   gem 'rr' # we use rr for mocking
   gem 'rspec-rr' # we use rspec-rr for integration between rspec and rr
   gem 'webmock' # we use webmock to mock google maps and other apis
-  gem 'capybara', :git => 'git://github.com/jnicklas/capybara.git' # we use capybara for integration testing
+  gem 'capybara', '1.1.2'
   gem 'launchy' # we use launchy to launch a browser during integration testing
   gem 'database_cleaner' # we use database_cleaner to clean the database between tests
   gem 'jasmine' # we use jasmine for javascript tests

Gemfile.lock

@@ -6,18 +6,6 @@ GIT
       css_parser (>= 1.1.9)
       htmlentities (>= 4.0.0)
 
-GIT
-  remote: git://github.com/jnicklas/capybara.git
-  revision: 33969bfdc0932d4fd7a55c5c637ec0dad1b8fa44
-  specs:
-    capybara (1.1.2)
-      mime-types (>= 1.16)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      selenium-webdriver (~> 2.0)
-      xpath (~> 0.1.4)
-
 GIT
   remote: https://github.com/dabio/taps.git
   revision: a56d8e8494d6bcb529628ee602b9198086a20b9c
@@ -89,6 +77,13 @@ GEM
       bson (~> 1.6.1)
     builder (3.0.0)
     cancan (1.6.7)
+    capybara (1.1.2)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      selenium-webdriver (~> 2.0)
+      xpath (~> 0.1.4)
     childprocess (0.3.1)
       ffi (~> 1.0.6)
     chunky_png (1.2.5)
@@ -299,6 +294,7 @@ GEM
     redis (2.2.2)
     redis-namespace (1.0.3)
       redis (< 3.0.0)
+    require_all (1.2.1)
     responders (0.8.0)
       railties (~> 3.1)
     resque (1.19.0)
@@ -418,7 +414,7 @@ DEPENDENCIES
   aws-s3
   bson_ext
   cancan
-  capybara!
+  capybara (= 1.1.2)
   compass (= 0.12.alpha.0)
   dalli
   database_cleaner
@@ -469,6 +465,7 @@ DEPENDENCIES
   redcarpet (~> 2.0.1)
   redis
   redis-namespace
+  require_all (~> 1.2.1)
   resque (~> 1.19.0)
   resque-cleaner
   resque-exceptional

app/controllers/application_controller.rb

@@ -6,12 +6,7 @@ class ApplicationController < ActionController::Base
 
   helper_method :serialize
 
-  before_filter :domain_redirect, :set_api_token
-
-  rescue_from CanCan::AccessDenied do |exception|
-    store_location
-    redirect_to "/users/sign_in"
-  end
+  before_filter :domain_redirect
 
   def kickoff
     @kickoff ||= KickOff.new
@@ -23,12 +18,6 @@ def after_sign_out_path_for(resource_or_scope)
 
   protected
 
-  def set_api_token
-    if logged_in?
-      cookies['authentication_token'] = current_user.authentication_token
-    end
-  end
-
   def serialize(thing)
     Serializer::serialize(thing).to_json.html_safe
   end
@@ -89,9 +78,6 @@ def current_community
     @_community
   end
 
-  def store_location
-    session["user_return_to"] = request.fullpath
-  end
 
   def logged_in?
     user_signed_in?

app/models/message.rb

@@ -38,5 +38,15 @@ def between?(start_date, end_date)
   def community
     user.community
   end
-
+
+  # Tells us whether the given user has participated in this conversation
+  #
+  # params:
+  #   user - the user we're asking about
+  # 
+  # Returns true if the user is the owner of the message or any of the 
+  # message's replies
+  def thread_member?(user)
+    user == self.user || self.replies.map(&:user).include?(user)
+  end
 end

lib/api.rb

@@ -1,9 +1,5 @@
 require 'rack/contrib/jsonp'
-%w{ base accounts announcements communities events
-    feeds users group_posts groups messages sessions
-    neighborhoods posts registrations integration swipes }.each do |path|
-  require Rails.root.join("lib", "api", path)
-end
+require_all Rails.root.join("lib", "api", "*.rb")
 
 class API
 
@@ -27,7 +23,6 @@ def initialize
       map("/messages") { run Messages }
       map("/neighborhoods") { run Neighborhoods }
       map("/posts") { run Posts }
-      map("/search/community") { run Search }
       map("/replies") { run Replies }
       map("/stats") { run Stats }
       map("/registration") { run Registrations }