Allow empty security array for endpoints

[fotos]

Fixes a bug where empty arrays for endpoints (operations) are excluded from the generated schema.

The OpenAPI 2.0 spec for security:

A declaration of which security schemes are applied for the API as a whole. The list of values describes alternative security schemes that can be used (that is, there is a logical OR between the security requirements). Individual operations can override this definition.

This is useful in the following scenario:

You define a top level security requirement (e.g. OAuth2) that applies to the whole API and then selectively whitelist endpoints that are public.

For example:

securityDefinitions:
  oauth:
    type: oauth2
    flow: password
    tokenUrl: 'http://127.0.0.1/oauth/token'
    scopes:
      read: Grants read access
      write: Grants write access
security:
  - oauth:
      - read

paths:
  /users:
    post:
      summary: Create User
      security: []

Which renders like this in Swagger UI:

Note the absence of 🔓 for /users.

There are a couple of more places where #blank? is used in Grape::Endpoint. Namely in #swagger_object, #info_object, #license_object, and #contact_object. I didn't change those since, for example, the #license_object can't be blank (needs at least a name).

This change will produce empty arrays in #method_object, for keys such as parameters or tags. The generated schema is still valid since an empty parameters or tags is allowed. Especially for parameters it's allowed to override / amend (if defined) but not to remove. The empty array is successfully ignored by Swagger UI. This PR will make the generated schema a bit more verbose yet, still, valid. Another alternative is to call Object#presence in #params_object and #tag_object.

In the last commit I remove the default empty description to bring the generated schema (and specs) closer to what they were originally (before this PR).

☝️ Let me know whether I should include / make those changes.

[coveralls]

Coverage decreased (-0.0009%) to 99.213% when pulling 4f9df95 on fotos:allow-empty-security-array into 83a6e8d on ruby-grape:master.

[fotos]

@dblock and/or @LeFnord, when you get the chance, I would appreciate some feedback for this PR.

I'd rather have a fix upstream (here 😄) than having to fork the project for a small change / fix.

(Given the opportunity, thanks for all the hard work on Grape and the surrounding ecosystem 🎉)

[dblock]

This makes total sense, I have merged this.

[dblock]

@fotos You can make another PR for the remaining things with tests, please. Much appreciated, thanks for the good work!

[fotos]

@dblock thanks. 🙇

I'll iterate on another PR and trim the unnecessary parameters / tags.

Is it possible to get 0.32.1 out? 🙏

[dblock]

Happy to make a release soon if @LeFnord is not around, let's see that other PR :)

[fotos]

@dblock here you go: #731 😃

[LeFnord]

I'm here, but need a bit to have a look on all the new stuff 😉