2012-11-12 12:59:43 +00:00
class ApiUsersController < ApiController
2012-10-14 02:22:13 +00:00
2012-11-21 19:49:00 +00:00
before_filter :api_signed_in_user , :except = > [ :create , :signup_confirm , :auth_session_create ]
2012-12-17 06:02:09 +00:00
before_filter :auth_user , :only = > [ :session_settings_show , :update , :delete ,
:like_create , :like_destroy , # likes
:following_create , :following_destroy , # followings
:recording_update , :recording_destroy , # recordings
:favorite_create , :favorite_destroy , # favorites
:friend_request_index , :friend_request_show , :friend_request_create , :friend_destroy , # friends
:band_invitation_index , :band_invitation_show , :band_invitation_update ,
:set_password ]
2012-10-14 02:22:13 +00:00
respond_to :json
def index
2012-11-12 12:59:43 +00:00
# don't return users that aren't yet confirmed
@users = User . where ( 'email_confirmed=TRUE' ) . paginate ( page : params [ :page ] )
2012-11-26 13:37:11 +00:00
respond_with @users , responder : ApiResponder , :status = > 200
2012-10-14 02:22:13 +00:00
end
2012-10-15 12:46:51 +00:00
def show
2012-11-12 12:59:43 +00:00
# don't return users that aren't yet confirmed
@user = User . where ( 'email_confirmed=TRUE' ) . find ( params [ :id ] )
2012-11-26 13:37:11 +00:00
respond_with @user , responder : ApiResponder , :status = > 200
2012-10-15 12:46:51 +00:00
end
2012-11-14 05:37:50 +00:00
# this API call is disabled by virtue of it being commented out in routes.rb
# the reason is that it has no captcha, and is therefore a bit abuseable
# if someone wants to use it, please add in captcha or some other bot-protector
2012-10-14 02:22:13 +00:00
def create
2012-11-14 05:37:50 +00:00
# sends email to email account for confirmation
2012-11-15 03:24:42 +00:00
@user = UserManager . new . signup ( params [ :first_name ] ,
params [ :last_name ] ,
2012-11-14 05:37:50 +00:00
params [ :email ] ,
params [ :password ] ,
params [ :password_confirmation ] ,
params [ :city ] ,
params [ :state ] ,
params [ :country ] ,
params [ :instruments ] ,
2012-11-28 05:26:43 +00:00
params [ :photo_url ] ,
2012-11-14 05:37:50 +00:00
ApplicationHelper . base_uri ( request ) + " /confirm " )
# check for errors
unless @user . errors . any?
render :json = > { } , :status = > :ok # an empty response, but 200 OK
else
response . status = :unprocessable_entity
respond_with @user , responder : ApiResponder
2012-11-12 12:59:43 +00:00
end
end
2012-10-29 10:46:24 +00:00
def update
2012-11-21 19:49:00 +00:00
@user = User . save ( params [ :id ] ,
2012-11-22 08:27:00 +00:00
current_user . id ,
2012-11-21 19:49:00 +00:00
params [ :first_name ] ,
params [ :last_name ] ,
params [ :email ] ,
2012-12-14 03:32:51 +00:00
nil , # Don't allow changing password here, since we want to prompt again for the old password
nil ,
2012-11-21 19:49:00 +00:00
params [ :musician ] ,
params [ :gender ] ,
params [ :birth_date ] ,
params [ :internet_service_provider ] ,
params [ :city ] ,
params [ :state ] ,
params [ :country ] ,
2012-11-28 05:26:43 +00:00
params [ :instruments ] ,
params [ :photo_url ] )
2012-11-03 19:32:57 +00:00
2012-11-26 13:37:11 +00:00
respond_with @user , responder : ApiResponder , :status = > 200
2012-10-29 10:46:24 +00:00
end
2012-12-17 06:02:09 +00:00
def delete
@user . destroy # required to make 'tire' integration work
respond_with responder : ApiResponder , :status = > 204
end
def signup_confirm
@user = UserManager . new . signup_confirm ( params [ :signup_token ] )
unless @user . errors . any?
respond_with @user , responder : ApiResponder , :location = > api_user_detail_url ( @user )
else
response . status = :unprocessable_entity
respond_with @user , responder : ApiResponder
end
end
2012-12-14 03:32:51 +00:00
def set_password
begin
@user . set_password ( params [ :old_password ] , params [ :new_password ] , params [ :new_password_confirm ] )
rescue JamRuby :: JamArgumentError
render :json = > { :message = > ValidationMessages :: OLD_PASSWORD_DOESNT_MATCH } , :status = > 403
end
respond_with responder : ApiResponder , :status = > 204
end
2012-12-17 06:02:09 +00:00
###################### AUTHENTICATION ###################
def auth_session_create
@user = User . authenticate ( params [ :email ] , params [ :password ] )
if @user . nil?
render :json = > { :success = > false } , :status = > 404
else
sign_in @user
render :json = > { :success = > true } , :status = > 200
end
end
def auth_session_delete
sign_out
render :json = > { :success = > true } , :status = > 200
end
###################### SESSION SETTINGS ###################
def session_settings_show
respond_with @user . my_session_settings , responder : ApiResponder
2012-10-14 02:22:13 +00:00
end
2012-12-16 23:24:35 +00:00
###################### LIKERS ########################
def liker_index
# NOTE: liker_index.rabl template references the likers property
@user = User . find ( params [ :id ] )
end
###################### LIKES #########################
def like_index
@user = User . find ( params [ :id ] )
end
def band_like_index
@user = User . find ( params [ :id ] )
end
def like_create
id = params [ :id ]
if ! params [ :user_id ] . nil?
User . create_user_like ( params [ :user_id ] , id )
respond_with @user , responder : ApiResponder , :location = > api_user_like_index_url ( @user )
elsif ! params [ :band_id ] . nil?
User . create_band_like ( params [ :band_id ] , id )
respond_with @user , responder : ApiResponder , :location = > api_band_like_index_url ( @user )
end
end
def like_destroy
if ! params [ :user_id ] . nil?
User . delete_like ( params [ :user_id ] , nil , params [ :id ] )
elsif ! params [ :band_id ] . nil?
User . delete_like ( nil , params [ :band_id ] , params [ :id ] )
end
respond_with responder : ApiResponder , :status = > 204
end
2012-11-18 21:52:22 +00:00
###################### FOLLOWERS ########################
2012-11-04 13:34:59 +00:00
def follower_index
# NOTE: follower_index.rabl template references the followers property
@user = User . find ( params [ :id ] )
end
2012-11-18 21:52:22 +00:00
###################### FOLLOWINGS #######################
2012-11-04 13:34:59 +00:00
def following_index
@user = User . find ( params [ :id ] )
2012-11-21 19:49:00 +00:00
end
2012-11-06 12:15:02 +00:00
2012-11-21 19:49:00 +00:00
def band_following_index
@user = User . find ( params [ :id ] )
2012-11-04 13:34:59 +00:00
end
def following_create
2012-11-21 19:49:00 +00:00
id = params [ :id ]
2012-12-17 06:02:09 +00:00
@user = User . find ( id )
2012-12-04 03:40:40 +00:00
2012-11-06 12:15:02 +00:00
if ! params [ :user_id ] . nil?
2012-11-21 19:49:00 +00:00
User . create_user_following ( params [ :user_id ] , id )
respond_with @user , responder : ApiResponder , :location = > api_user_following_index_url ( @user )
2012-11-06 12:15:02 +00:00
elsif ! params [ :band_id ] . nil?
2012-11-21 19:49:00 +00:00
User . create_band_following ( params [ :band_id ] , id )
respond_with @user , responder : ApiResponder , :location = > api_band_following_index_url ( @user )
2012-11-06 12:15:02 +00:00
end
2012-11-04 13:34:59 +00:00
end
def following_destroy
2012-12-04 03:40:40 +00:00
if ! params [ :user_id ] . nil?
User . delete_following ( params [ :user_id ] , nil , params [ :id ] )
elsif ! params [ :band_id ] . nil?
User . delete_following ( nil , params [ :band_id ] , params [ :id ] )
end
2012-11-24 18:23:13 +00:00
respond_with responder : ApiResponder , :status = > 204
2012-11-04 13:34:59 +00:00
end
2012-11-18 21:52:22 +00:00
###################### FAVORITES ########################
def favorite_index
@user = User . find ( params [ :id ] )
end
def favorite_create
2012-11-21 19:49:00 +00:00
@favorite = UserFavorite . new ( )
User . create_favorite ( params [ :id ] , params [ :recording_id ] )
2012-11-18 21:52:22 +00:00
@user = User . find ( params [ :id ] )
respond_with @user , responder : ApiResponder , :location = > api_favorite_index_url ( @user )
end
def favorite_destroy
2012-11-21 19:49:00 +00:00
User . delete_favorite ( params [ :id ] , params [ :recording_id ] )
2012-11-24 18:23:13 +00:00
respond_with responder : ApiResponder , :status = > 204
2012-11-18 21:52:22 +00:00
end
2012-12-15 07:10:42 +00:00
###################### FRIENDS ##########################
2012-10-14 02:22:13 +00:00
def friend_request_index
2012-10-15 12:46:51 +00:00
# get all outgoing and incoming friend requests
@friend_requests = FriendRequest . where ( " (friend_id=' #{ params [ :id ] } ' OR user_id=' #{ params [ :id ] } ') AND accepted is null " )
2012-10-14 02:22:13 +00:00
end
2012-10-15 12:46:51 +00:00
def friend_request_show
@friend_request = FriendRequest . find ( params [ :id ] )
2012-10-14 02:22:13 +00:00
end
2012-10-15 12:46:51 +00:00
def friend_request_create
@friend_request = FriendRequest . new ( )
2012-12-14 03:32:51 +00:00
@friend_request . user_id = params [ :id ]
2012-10-15 12:46:51 +00:00
@friend_request . friend_id = params [ :friend_id ]
@friend_request . save
respond_with @friend_request , responder : ApiResponder , :location = > api_friend_request_detail_url ( @friend_request )
2012-10-14 02:22:13 +00:00
end
2012-10-14 04:29:49 +00:00
def friend_request_update
2012-10-25 00:18:26 +00:00
ActiveRecord :: Base . transaction do
@friend_request = FriendRequest . find ( params [ :id ] )
@friend_request . accepted = params [ :accepted ]
@friend_request . save
# create both records for this friendship
if @friend_request . accepted?
@friendship = Friendship . new ( )
@friendship . user_id = @friend_request . user_id
@friendship . friend_id = @friend_request . friend_id
@friendship . save
@friendship = Friendship . new ( )
@friendship . user_id = @friend_request . friend_id
@friendship . friend_id = @friend_request . user_id
@friendship . save
end
2012-10-15 12:46:51 +00:00
end
respond_with @friend_request , responder : ApiResponder
2012-10-14 02:22:13 +00:00
end
2012-10-14 04:29:49 +00:00
def friend_index
# NOTE: friend_index.rabl template references the friends property
@user = User . find ( params [ :id ] )
2012-10-14 02:22:13 +00:00
end
def friend_destroy
2012-10-15 12:46:51 +00:00
# clean up both records representing this "friendship"
2012-10-14 04:29:49 +00:00
JamRuby :: Friendship . delete_all " (user_id = ' #{ params [ :id ] } ' AND friend_id = ' #{ params [ :friend_id ] } ') OR (user_id = ' #{ params [ :friend_id ] } ' AND friend_id = ' #{ params [ :id ] } ') "
2012-11-24 18:23:13 +00:00
respond_with responder : ApiResponder , :status = > 204
2012-10-14 02:22:13 +00:00
end
2012-11-26 13:37:11 +00:00
##################### BAND INVITATIONS ##################
def band_invitation_index
@user = current_user
2012-12-15 07:10:42 +00:00
@invitations = @user . received_band_invitations
2012-11-26 13:37:11 +00:00
respond_with @invitations , responder : ApiResponder , :status = > 200
end
def band_invitation_show
begin
@invitation = BandInvitation . find ( params [ :invitation_id ] )
respond_with @invitation , responder : ApiResponder , :status = > 200
rescue ActiveRecord :: RecordNotFound
render :json = > { :message = > ValidationMessages :: BAND_INVITATION_NOT_FOUND } , :status = > 404
end
end
def band_invitation_update
begin
@invitation = BandInvitation . save ( params [ :invitation_id ] ,
nil ,
nil ,
nil ,
params [ :accepted ] )
respond_with @invitation , responder : ApiResponder , :status = > 200
rescue ActiveRecord :: RecordNotFound
render :json = > { :message = > ValidationMessages :: BAND_INVITATION_NOT_FOUND } , :status = > 404
end
end
2012-12-17 06:02:09 +00:00
###################### RECORDINGS #######################
def recording_index
hide_private = false
# hide private recordings from anyone but the current user
if current_user . id != params [ :id ]
hide_private = true
end
if hide_private
@recordings = Recording . joins ( :musician_recordings )
. where ( :musicians_recordings = > { :user_id = > " #{ params [ :id ] } " } , :public = > true )
2012-11-14 05:37:50 +00:00
else
2012-12-17 06:02:09 +00:00
@recordings = Recording . joins ( :musician_recordings )
. where ( :musicians_recordings = > { :user_id = > " #{ params [ :id ] } " } )
end
respond_with @recordings , responder : ApiResponder , :status = > 200
end
def recording_show
hide_private = false
# hide private recordings from anyone but the current user
if current_user . id != params [ :id ]
hide_private = true
end
@recording = Recording . find ( params [ :recording_id ] )
if ! @recording . public && hide_private
render :json = > { :message = > " You are not allowed to access this recording. " } , :status = > 403
#respond_with "You are not allowed to access this recording.", responder: ApiResponder, :status => 403
else
respond_with @recording , responder : ApiResponder , :status = > 200
2012-11-14 05:37:50 +00:00
end
end
2012-12-17 06:02:09 +00:00
def recording_create
@recording = Recording . save ( params [ :recording_id ] ,
params [ :public ] ,
params [ :description ] ,
params [ :genres ] ,
current_user . id ,
params [ :id ] ,
false )
@user = current_user
respond_with @recording , responder : ApiResponder , :status = > 201 , :location = > api_recording_detail_url ( @user , @recording )
end
def recording_update
@recording = Recording . save ( params [ :recording_id ] ,
params [ :public ] ,
params [ :description ] ,
params [ :genres ] ,
current_user . id ,
params [ :id ] ,
false )
respond_with @recording , responder : ApiResponder , :status = > 200
end
def recording_destroy
@recording = Recording . find ( params [ :recording_id ] )
@recording . delete
respond_with responder : ApiResponder , :status = > 204
2012-11-25 19:38:24 +00:00
end
2012-10-14 02:22:13 +00:00
end
