jam-cloud/web/app/controllers/api_retailers_controller.rb

class ApiRetailersController < ApiController

  before_filter :api_signed_in_user, :except => [:customer_email]
  before_filter :lookup_retailer, :only => [:show, :update, :update_avatar, :delete_avatar, :generate_filepicker_policy, :remove_student, :remove_teacher, :customer_email]
  before_filter :auth_retailer, :only => [:show, :update, :update_avatar, :delete_avatar, :generate_filepicker_policy, :remove_student, :remove_teacher]

  respond_to :json

  def show

  end

  def update
    @retailer.update_from_params(params)

    respond_with_model(@retailer)
  end

  def update_avatar
    original_fpfile = params[:original_fpfile]
    cropped_fpfile = params[:cropped_fpfile]
    cropped_large_fpfile = params[:cropped_large_fpfile]
    crop_selection = params[:crop_selection]

    # public bucket to allow images to be available to public
    @retailer.update_avatar(original_fpfile, cropped_fpfile, cropped_large_fpfile, crop_selection, Rails.application.config.aws_bucket_public)

    if @retailer.errors.any?
      respond_with @retailer, status: :unprocessable_entity
      return
    end


  end

  def delete_avatar
    @retailer.delete_avatar(Rails.application.config.aws_bucket_public)

    if @retailer.errors.any?
      respond_with @retailer, status: :unprocessable_entity
      return
    end
  end

  def generate_filepicker_policy
    # generates a soon-expiring filepicker policy so that a user can only upload to their own folder in their bucket

    handle = params[:handle]

    call = 'pick,convert,store'

    policy = { :expiry => (DateTime.now + 5.minutes).to_i(),
               :call => call,
               #:path => 'avatars/' + @user.id + '/.*jpg'
    }

    # if the caller specifies a handle, add it to the hash
    unless handle.nil?
      start = handle.rindex('/') + 1
      policy[:handle] = handle[start..-1]
    end

    policy = Base64.urlsafe_encode64( policy.to_json )
    digest  = OpenSSL::Digest::Digest.new('sha256')
    signature = OpenSSL::HMAC.hexdigest(digest, Rails.application.config.fp_secret, policy)

    render :json => {
               :signature => signature,
               :policy => policy
           }, :status => :ok
  end

  def remove_student
    user = User.find(params[:user_id])
    user.retailer_id = nil
    if !user.save
      respond_with user, status: :unprocessable_entity
      return
    end
  end

  def remove_teacher
    teacher = User.find(params[:teacher_id])
    teacher.teacher.retailer_id = nil
    if !teacher.teacher.save
      respond_with teacher.teacher, status: :unprocessable_entity
      return
    end
  end

  def customer_email
    if !User::VALID_EMAIL_REGEX.match(params[:email])
      raise JamRuby::JamArgumentError.new('is not valid', :email)
    end

    UserMailer.retailer_customer_blast(params[:email], @retailer).deliver_now

    render :json => {}, status: 200
  end
  private
  def lookup_retailer
    @retailer = Retailer.find_by_id(params[:id])
    raise ActiveRecord::RecordNotFound, "Can't find retailer" if @retailer.nil?
  end

  def auth_retailer
    if current_user.id != @retailer.owner.id && current_user.id != @retailer.owner.id
      raise JamPermissionError, "You do not have access to this retailer"
    end
  end
end
posa wip 2016-08-31 09:19:16 +00:00			`class ApiRetailersController < ApiController`

			`before_filter :api_signed_in_user, :except => [:customer_email]`
			`before_filter :lookup_retailer, :only => [:show, :update, :update_avatar, :delete_avatar, :generate_filepicker_policy, :remove_student, :remove_teacher, :customer_email]`
			`before_filter :auth_retailer, :only => [:show, :update, :update_avatar, :delete_avatar, :generate_filepicker_policy, :remove_student, :remove_teacher]`

			`respond_to :json`

			`def show`

			`end`

			`def update`
			`@retailer.update_from_params(params)`

			`respond_with_model(@retailer)`
			`end`

			`def update_avatar`
			`original_fpfile = params[:original_fpfile]`
			`cropped_fpfile = params[:cropped_fpfile]`
			`cropped_large_fpfile = params[:cropped_large_fpfile]`
			`crop_selection = params[:crop_selection]`

			`# public bucket to allow images to be available to public`
			`@retailer.update_avatar(original_fpfile, cropped_fpfile, cropped_large_fpfile, crop_selection, Rails.application.config.aws_bucket_public)`

			`if @retailer.errors.any?`
			`respond_with @retailer, status: :unprocessable_entity`
			`return`
			`end`


			`end`

			`def delete_avatar`
			`@retailer.delete_avatar(Rails.application.config.aws_bucket_public)`

			`if @retailer.errors.any?`
			`respond_with @retailer, status: :unprocessable_entity`
			`return`
			`end`
			`end`

			`def generate_filepicker_policy`
			`# generates a soon-expiring filepicker policy so that a user can only upload to their own folder in their bucket`

			`handle = params[:handle]`

			`call = 'pick,convert,store'`

			`policy = { :expiry => (DateTime.now + 5.minutes).to_i(),`
			`:call => call,`
			`#:path => 'avatars/' + @user.id + '/.*jpg'`
			`}`

			`# if the caller specifies a handle, add it to the hash`
			`unless handle.nil?`
			`start = handle.rindex('/') + 1`
			`policy[:handle] = handle[start..-1]`
			`end`

			`policy = Base64.urlsafe_encode64( policy.to_json )`
			`digest = OpenSSL::Digest::Digest.new('sha256')`
			`signature = OpenSSL::HMAC.hexdigest(digest, Rails.application.config.fp_secret, policy)`

			`render :json => {`
			`:signature => signature,`
			`:policy => policy`
			`}, :status => :ok`
			`end`

			`def remove_student`
			`user = User.find(params[:user_id])`
			`user.retailer_id = nil`
			`if !user.save`
			`respond_with user, status: :unprocessable_entity`
			`return`
			`end`
			`end`

			`def remove_teacher`
			`teacher = User.find(params[:teacher_id])`
			`teacher.teacher.retailer_id = nil`
			`if !teacher.teacher.save`
			`respond_with teacher.teacher, status: :unprocessable_entity`
			`return`
			`end`
			`end`

			`def customer_email`
			`if !User::VALID_EMAIL_REGEX.match(params[:email])`
			`raise JamRuby::JamArgumentError.new('is not valid', :email)`
			`end`

			`UserMailer.retailer_customer_blast(params[:email], @retailer).deliver_now`

			`render :json => {}, status: 200`
			`end`
			`private`
			`def lookup_retailer`
			`@retailer = Retailer.find_by_id(params[:id])`
			`raise ActiveRecord::RecordNotFound, "Can't find retailer" if @retailer.nil?`
			`end`

			`def auth_retailer`
			`if current_user.id != @retailer.owner.id && current_user.id != @retailer.owner.id`
			`raise JamPermissionError, "You do not have access to this retailer"`
			`end`
			`end`
			`end`