jam-cloud/app/controllers/api_users_controller.rb

class ApiUsersController < ApiController

  before_filter :api_signed_in_user, only: [:index, :show, :edit, :update, :delete,
                                        :friend_request_index, :friend_request_show, 
                                        :friend_request_create, :friend_request_update,
                                        :friend_index, :friend_destroy]

  respond_to :json

  def index
    # don't return users that aren't yet confirmed
    @users = User.where('email_confirmed=TRUE').paginate(page: params[:page])
  end

  def show
    # don't return users that aren't yet confirmed
    @user = User.where('email_confirmed=TRUE').find(params[:id])
  end

  # this API call is disabled by virtue of it being commented out in routes.rb
  # the reason is that it has no captcha, and is therefore a bit abuseable
  # if someone wants to use it, please add in captcha or some other bot-protector
  def create
    # sends email to email account for confirmation
    @user = UserManager.new.signup(params[:name],
                                params[:email],
                                params[:password],
                                params[:password_confirmation],
                                params[:city],
                                params[:state],
                                params[:country],
                                params[:instruments],
                                ApplicationHelper.base_uri(request) + "/confirm")

    # check for errors
    unless @user.errors.any?
      render :json => {}, :status => :ok # an empty response, but 200 OK
    else
      response.status = :unprocessable_entity
      respond_with @user, responder: ApiResponder
    end
  end

  def signup_confirm
    @user = UserManager.new.signup_confirm(params[:signup_token])

    unless @user.errors.any?
      respond_with @user, responder: ApiResponder, :location => api_user_detail_url(@user)
    else
      response.status = :unprocessable_entity
      respond_with @user, responder: ApiResponder
    end
  end

  def update
    @user = User.save(params)

    # check for errors
    if @user.errors.nil? || @user.errors.size == 0
      respond_with @user, responder: ApiResponder, :status => :ok
      
    else
      raise ActiveRecord::Rollback
      response.status = :unprocessable_entity
      respond_with @user      
    end    
  end

  def delete
    @user = User.find(params[:id])
    @user.destroy # required to make 'tire' integration work
    respond_with @user, responder: ApiResponder
  end

  # FOLLOWERS
  def follower_index
    # NOTE: follower_index.rabl template references the followers property
    @user = User.find(params[:id])
  end

  # FOLLOWINGS
  def following_index
    @user = User.find(params[:id])

    # TODO: get band followings and merge (@user.band_followings)
  end

  def following_create

    if !params[:user_id].nil?
      @follower = UserFollower.new()
      @follower.user_id = params[:user_id]
      @follower.follower_id = params[:id]

    elsif !params[:band_id].nil?
      @follower = BandFollower.new()
      @follower.band_id = params[:band_id]
      @follower.follower_id = params[:id]
    end

    @follower.save
    @user = User.find(params[:id])
    respond_with @user, responder: ApiResponder, :location => api_following_index_url(@user)
  end

  def following_destroy
    JamRuby::UserFollower.delete_all "(user_id = '#{params[:user_id]}' AND follower_id = '#{params[:id]}')"
    #JamRuby::BandFollower.delete_all "(band_id = '#{params[:band_id]}' AND follower_id = '#{params[:id]}')"
    respond_with responder: ApiResponder
  end

  # FRIENDS
  def friend_request_index
    # get all outgoing and incoming friend requests
    @friend_requests = FriendRequest.where("(friend_id='#{params[:id]}' OR user_id='#{params[:id]}') AND accepted is null")
  end

  def friend_request_show
    @friend_request = FriendRequest.find(params[:id])
  end

  def friend_request_create
    @friend_request = FriendRequest.new()
    @friend_request.user_id = params[:user_id]
    @friend_request.friend_id = params[:friend_id]
    @friend_request.save
    respond_with @friend_request, responder: ApiResponder, :location => api_friend_request_detail_url(@friend_request)
  end

  def friend_request_update
    ActiveRecord::Base.transaction do
      @friend_request = FriendRequest.find(params[:id])
      @friend_request.accepted = params[:accepted]
      @friend_request.save

      # create both records for this friendship
      if @friend_request.accepted?     
        @friendship = Friendship.new()
        @friendship.user_id = @friend_request.user_id
        @friendship.friend_id = @friend_request.friend_id
        @friendship.save

        @friendship = Friendship.new()
        @friendship.user_id = @friend_request.friend_id
        @friendship.friend_id = @friend_request.user_id
        @friendship.save
      end
    end

    respond_with @friend_request, responder: ApiResponder
  end

  def friend_index
    # NOTE: friend_index.rabl template references the friends property
    @user = User.find(params[:id])
  end

  def friend_destroy
    # clean up both records representing this "friendship"
    JamRuby::Friendship.delete_all "(user_id = '#{params[:id]}' AND friend_id = '#{params[:friend_id]}') OR (user_id = '#{params[:friend_id]}' AND friend_id = '#{params[:id]}')"
    respond_with responder: ApiResponder
  end

  def auth_session_create
    @user = User.authenticate(params[:email], params[:password])

    if @user.nil?
      render :json => { :success => false }, :status => 404
    else
      sign_in @user
      render :json => { :success => true }, :status => 200
    end
  end

  def auth_session_delete
    sign_out
    render :json => { :success => true }, :status => 200
  end


end