From e17aeff740509cf27008bc2b88fb34b248b7bad5 Mon Sep 17 00:00:00 2001
From: Chaoyi Zha <summermontreal@gmail.com>
Date: Fri, 7 Apr 2017 18:25:43 -0400
Subject: [PATCH] Fix API bugs and implement directive for  setup tooltips

---
 app/Http/Controllers/Api/ApiAnalyticsController.php |  4 ++++
 app/Http/Middleware/ApiMiddleware.php               |  6 ++++--
 public/css/admin.css                                |  1 +
 public/js/SetupCtrl.js                              | 10 ++++++++++
 4 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/Api/ApiAnalyticsController.php b/app/Http/Controllers/Api/ApiAnalyticsController.php
index c1bc5ad..4c7a1e4 100644
--- a/app/Http/Controllers/Api/ApiAnalyticsController.php
+++ b/app/Http/Controllers/Api/ApiAnalyticsController.php
@@ -12,6 +12,10 @@ class ApiAnalyticsController extends ApiController {
         $user = $request->user;
         $response_type = $request->input('response_type') ?: 'json';
 
+        if ($user->anonymous) {
+            throw new ApiException('AUTH_ERROR', 'Anonymous access of this API is not permitted.', 401, $response_type);
+        }
+
         if ($response_type != 'json') {
             throw new ApiException('JSON_ONLY', 'Only JSON-encoded data is available for this endpoint.', 401, $response_type);
         }
diff --git a/app/Http/Middleware/ApiMiddleware.php b/app/Http/Middleware/ApiMiddleware.php
index bbab80c..4582989 100644
--- a/app/Http/Middleware/ApiMiddleware.php
+++ b/app/Http/Middleware/ApiMiddleware.php
@@ -23,7 +23,8 @@ class ApiMiddleware {
                 throw new ApiException('AUTH_ERROR', 'Authentication token required.', 401, $response_type);
             }
             $user = (object) [
-                'username' => $username
+                'username' => $username,
+                'anonymous' => true
             ];
         }
         else {
@@ -33,9 +34,10 @@ class ApiMiddleware {
                 ->first();
 
             if (!$user) {
-                throw new ApiException('AUTH_ERROR', 'Authentication token required.', 401, $response_type);
+                throw new ApiException('AUTH_ERROR', 'Authentication token invalid.', 401, $response_type);
             }
             $username = $user->username;
+            $user->anonymous = false;
         }
 
         $api_limit_reached = ApiHelper::checkUserApiQuota($username);
diff --git a/public/css/admin.css b/public/css/admin.css
index f33a96d..b718f20 100644
--- a/public/css/admin.css
+++ b/public/css/admin.css
@@ -38,6 +38,7 @@ input.api-quota {
     width: 9em;
     font-size: .85em;
     height: .85em;
+    padding-left: 0.8em;
 }
 
 .wrap-text {
diff --git a/public/js/SetupCtrl.js b/public/js/SetupCtrl.js
index ed6c8a2..c5fced4 100644
--- a/public/js/SetupCtrl.js
+++ b/public/js/SetupCtrl.js
@@ -1,3 +1,13 @@
+polr.directive('setupTooltip', function() {
+    return {
+        scope: {
+            content: '@',
+        },
+        replace: true,
+        template: '<button data-content="{{ content }}" type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button>'
+    }
+})
+
 polr.controller('SetupCtrl', function($scope) {
     $scope.init = function () {
         $('[data-toggle="popover"]').popover({