2012-11-12 12:59:43 +00:00
class ApiUsersController < ApiController
2012-10-14 02:22:13 +00:00
2012-11-21 19:49:00 +00:00
before_filter :api_signed_in_user , :except = > [ :create , :signup_confirm , :auth_session_create ]
2012-10-14 02:22:13 +00:00
respond_to :json
def index
2012-11-12 12:59:43 +00:00
# don't return users that aren't yet confirmed
@users = User . where ( 'email_confirmed=TRUE' ) . paginate ( page : params [ :page ] )
2012-11-18 07:00:06 +00:00
respond_with @users , responder : ApiResponder , :status = > :ok
2012-10-14 02:22:13 +00:00
end
2012-10-15 12:46:51 +00:00
def show
2012-11-12 12:59:43 +00:00
# don't return users that aren't yet confirmed
@user = User . where ( 'email_confirmed=TRUE' ) . find ( params [ :id ] )
2012-11-18 07:00:06 +00:00
respond_with @user , responder : ApiResponder , :status = > :ok
2012-10-15 12:46:51 +00:00
end
2012-11-14 05:37:50 +00:00
# this API call is disabled by virtue of it being commented out in routes.rb
# the reason is that it has no captcha, and is therefore a bit abuseable
# if someone wants to use it, please add in captcha or some other bot-protector
2012-10-14 02:22:13 +00:00
def create
2012-11-14 05:37:50 +00:00
# sends email to email account for confirmation
2012-11-15 03:24:42 +00:00
@user = UserManager . new . signup ( params [ :first_name ] ,
params [ :last_name ] ,
2012-11-14 05:37:50 +00:00
params [ :email ] ,
params [ :password ] ,
params [ :password_confirmation ] ,
params [ :city ] ,
params [ :state ] ,
params [ :country ] ,
params [ :instruments ] ,
ApplicationHelper . base_uri ( request ) + " /confirm " )
# check for errors
unless @user . errors . any?
render :json = > { } , :status = > :ok # an empty response, but 200 OK
else
response . status = :unprocessable_entity
respond_with @user , responder : ApiResponder
2012-11-12 12:59:43 +00:00
end
end
def signup_confirm
2012-11-14 05:37:50 +00:00
@user = UserManager . new . signup_confirm ( params [ :signup_token ] )
2012-11-12 12:59:43 +00:00
2012-11-14 05:37:50 +00:00
unless @user . errors . any?
respond_with @user , responder : ApiResponder , :location = > api_user_detail_url ( @user )
else
response . status = :unprocessable_entity
respond_with @user , responder : ApiResponder
2012-11-03 19:32:57 +00:00
end
2012-10-14 02:22:13 +00:00
end
2012-10-29 10:46:24 +00:00
def update
2012-11-21 19:49:00 +00:00
auth_user ( params [ :id ] )
@user = User . save ( params [ :id ] ,
2012-11-22 08:27:00 +00:00
current_user . id ,
2012-11-21 19:49:00 +00:00
params [ :first_name ] ,
params [ :last_name ] ,
params [ :email ] ,
params [ :password ] ,
params [ :password_confirmation ] ,
params [ :musician ] ,
params [ :gender ] ,
params [ :birth_date ] ,
params [ :internet_service_provider ] ,
params [ :city ] ,
params [ :state ] ,
params [ :country ] ,
params [ :instruments ] )
2012-11-03 19:32:57 +00:00
# check for errors
if @user . errors . nil? || @user . errors . size == 0
respond_with @user , responder : ApiResponder , :status = > :ok
else
raise ActiveRecord :: Rollback
response . status = :unprocessable_entity
2012-11-18 07:00:06 +00:00
respond_with @user
2012-11-18 21:52:22 +00:00
end
2012-10-29 10:46:24 +00:00
end
2012-10-14 02:22:13 +00:00
def delete
@user = User . find ( params [ :id ] )
2012-11-07 13:36:00 +00:00
@user . destroy # required to make 'tire' integration work
2012-10-14 02:22:13 +00:00
respond_with @user , responder : ApiResponder
end
2012-11-18 21:52:22 +00:00
###################### FOLLOWERS ########################
2012-11-04 13:34:59 +00:00
def follower_index
# NOTE: follower_index.rabl template references the followers property
@user = User . find ( params [ :id ] )
end
2012-11-18 21:52:22 +00:00
###################### FOLLOWINGS #######################
2012-11-04 13:34:59 +00:00
def following_index
@user = User . find ( params [ :id ] )
2012-11-21 19:49:00 +00:00
end
2012-11-06 12:15:02 +00:00
2012-11-21 19:49:00 +00:00
def band_following_index
@user = User . find ( params [ :id ] )
2012-11-04 13:34:59 +00:00
end
def following_create
2012-11-21 19:49:00 +00:00
id = params [ :id ]
auth_user ( id )
@user = User . find ( id )
2012-11-06 12:15:02 +00:00
if ! params [ :user_id ] . nil?
2012-11-21 19:49:00 +00:00
User . create_user_following ( params [ :user_id ] , id )
respond_with @user , responder : ApiResponder , :location = > api_user_following_index_url ( @user )
2012-11-06 12:15:02 +00:00
elsif ! params [ :band_id ] . nil?
2012-11-21 19:49:00 +00:00
User . create_band_following ( params [ :band_id ] , id )
respond_with @user , responder : ApiResponder , :location = > api_band_following_index_url ( @user )
2012-11-06 12:15:02 +00:00
end
2012-11-04 13:34:59 +00:00
end
def following_destroy
2012-11-21 19:49:00 +00:00
auth_user ( params [ :id ] )
User . delete_user_following ( params [ :user_id ] , params [ :id ] )
2012-11-06 12:15:02 +00:00
respond_with responder : ApiResponder
2012-11-04 13:34:59 +00:00
end
2012-11-21 19:49:00 +00:00
###################### RECORDINGS #######################
def recording_index
2012-11-22 08:27:00 +00:00
hide_private = false
# hide private recordings from anyone but the current user
if current_user . id != params [ :id ]
hide_private = true
end
if hide_private
@recordings = Recording . find ( :all ,
:joins = > :musician_recordings ,
:select = > " recordings.id, recordings.description, recordings.public " ,
:conditions = > [ " musicians_recordings.user_id=' #{ params [ :id ] } ' AND public=true " ] )
#.paginate(page: params[:page])
else
@recordings = Recording . find ( :all ,
:joins = > :musician_recordings ,
:select = > " recordings.id, recordings.description, recordings.public " ,
:conditions = > [ " musicians_recordings.user_id=' #{ params [ :id ] } ' " ] )
end
end
def recording_show
hide_private = false
# hide private recordings from anyone but the current user
if current_user . id != params [ :id ]
hide_private = true
end
@recording = Recording . find ( params [ :recording_id ] )
if ! @recording . public && hide_private
render :json = > { :message = > " You are not allowed to access this recording. " } , :status = > 403
#respond_with "You are not allowed to access this recording.", responder: ApiResponder, :status => 403
else
respond_with @recording , responder : ApiResponder , :status = > 200
end
2012-11-21 19:49:00 +00:00
end
def recording_create
@recording = Recording . save ( params [ :recording_id ] ,
params [ :public ] ,
params [ :description ] ,
2012-11-22 08:27:00 +00:00
current_user . id ,
2012-11-21 19:49:00 +00:00
params [ :id ] ,
false )
# check for errors
if @recording . errors . nil? || @recording . errors . size == 0
2012-11-22 08:27:00 +00:00
@user = current_user
respond_with @recording , responder : ApiResponder , :status = > 201 , :location = > api_recording_detail_url ( @user , @recording )
2012-11-21 19:49:00 +00:00
else
raise ActiveRecord :: Rollback
response . status = :unprocessable_entity
respond_with @recording
end
end
def recording_update
@recording = Recording . save ( params [ :recording_id ] ,
params [ :public ] ,
params [ :description ] ,
2012-11-22 08:27:00 +00:00
current_user . id ,
2012-11-21 19:49:00 +00:00
params [ :id ] ,
false )
# check for errors
if @recording . errors . nil? || @recording . errors . size == 0
respond_with @recording , responder : ApiResponder , :status = > 200
else
raise ActiveRecord :: Rollback
response . status = :unprocessable_entity
respond_with @recording
end
end
def recording_destroy
auth_user ( params [ :id ] )
2012-11-22 08:27:00 +00:00
recording = Recording . find ( params [ :recording_id ] )
recording . delete
#Recording.delete(params[:recording_id], params[:id], false)
2012-11-21 19:49:00 +00:00
end
2012-11-18 21:52:22 +00:00
###################### FAVORITES ########################
def favorite_index
@user = User . find ( params [ :id ] )
# TODO: get band followings and merge (@user.band_followings)
end
def favorite_create
2012-11-21 19:49:00 +00:00
auth_user ( params [ :id ] )
@favorite = UserFavorite . new ( )
User . create_favorite ( params [ :id ] , params [ :recording_id ] )
2012-11-18 21:52:22 +00:00
@user = User . find ( params [ :id ] )
respond_with @user , responder : ApiResponder , :location = > api_favorite_index_url ( @user )
end
def favorite_destroy
2012-11-21 19:49:00 +00:00
auth_user ( params [ :id ] )
User . delete_favorite ( params [ :id ] , params [ :recording_id ] )
2012-11-18 21:52:22 +00:00
respond_with responder : ApiResponder
end
###################### FRIENDS ##########################
2012-10-14 02:22:13 +00:00
def friend_request_index
2012-11-21 19:49:00 +00:00
auth_user ( params [ :id ] )
2012-10-15 12:46:51 +00:00
# get all outgoing and incoming friend requests
@friend_requests = FriendRequest . where ( " (friend_id=' #{ params [ :id ] } ' OR user_id=' #{ params [ :id ] } ') AND accepted is null " )
2012-10-14 02:22:13 +00:00
end
2012-10-15 12:46:51 +00:00
def friend_request_show
2012-11-21 19:49:00 +00:00
auth_user ( params [ :id ] )
2012-10-15 12:46:51 +00:00
@friend_request = FriendRequest . find ( params [ :id ] )
2012-10-14 02:22:13 +00:00
end
2012-10-15 12:46:51 +00:00
def friend_request_create
2012-11-21 19:49:00 +00:00
auth_user ( params [ :user_id ] )
2012-10-15 12:46:51 +00:00
@friend_request = FriendRequest . new ( )
@friend_request . user_id = params [ :user_id ]
@friend_request . friend_id = params [ :friend_id ]
@friend_request . save
respond_with @friend_request , responder : ApiResponder , :location = > api_friend_request_detail_url ( @friend_request )
2012-10-14 02:22:13 +00:00
end
2012-10-14 04:29:49 +00:00
def friend_request_update
2012-10-25 00:18:26 +00:00
ActiveRecord :: Base . transaction do
@friend_request = FriendRequest . find ( params [ :id ] )
@friend_request . accepted = params [ :accepted ]
@friend_request . save
# create both records for this friendship
if @friend_request . accepted?
@friendship = Friendship . new ( )
@friendship . user_id = @friend_request . user_id
@friendship . friend_id = @friend_request . friend_id
@friendship . save
@friendship = Friendship . new ( )
@friendship . user_id = @friend_request . friend_id
@friendship . friend_id = @friend_request . user_id
@friendship . save
end
2012-10-15 12:46:51 +00:00
end
respond_with @friend_request , responder : ApiResponder
2012-10-14 02:22:13 +00:00
end
2012-10-14 04:29:49 +00:00
def friend_index
# NOTE: friend_index.rabl template references the friends property
@user = User . find ( params [ :id ] )
2012-10-14 02:22:13 +00:00
end
def friend_destroy
2012-11-21 19:49:00 +00:00
auth_user ( params [ :id ] )
2012-10-15 12:46:51 +00:00
# clean up both records representing this "friendship"
2012-10-14 04:29:49 +00:00
JamRuby :: Friendship . delete_all " (user_id = ' #{ params [ :id ] } ' AND friend_id = ' #{ params [ :friend_id ] } ') OR (user_id = ' #{ params [ :friend_id ] } ' AND friend_id = ' #{ params [ :id ] } ') "
2012-10-15 12:46:51 +00:00
respond_with responder : ApiResponder
2012-10-14 02:22:13 +00:00
end
2012-11-22 08:27:00 +00:00
###################### AUTHENTICATION ###################
2012-11-14 05:37:50 +00:00
def auth_session_create
@user = User . authenticate ( params [ :email ] , params [ :password ] )
if @user . nil?
render :json = > { :success = > false } , :status = > 404
else
sign_in @user
render :json = > { :success = > true } , :status = > 200
end
end
def auth_session_delete
sign_out
render :json = > { :success = > true } , :status = > 200
end
2012-11-21 19:49:00 +00:00
protected
def auth_user ( id )
if current_user . id != id
2012-11-22 08:27:00 +00:00
#respond_with "You do not have permissions to perform this action.", responder: ApiResponder, :status => 403
2012-11-21 19:49:00 +00:00
raise PermissionError , " You do not have permissions to perform this action. "
end
end
2012-10-14 02:22:13 +00:00
end
