2012-11-12 12:59:43 +00:00
class ApiUsersController < ApiController
2012-10-14 02:22:13 +00:00
2013-03-08 06:45:06 +00:00
before_filter :api_signed_in_user , :except = > [ :create , :signup_confirm , :auth_session_create , :complete ]
before_filter :auth_user , :only = > [ :session_settings_show , :session_history_index , :session_user_history_index , :update , :delete ,
2012-12-17 06:02:09 +00:00
:like_create , :like_destroy , # likes
:following_create , :following_destroy , # followings
:recording_update , :recording_destroy , # recordings
:favorite_create , :favorite_destroy , # favorites
2012-12-29 14:29:20 +00:00
:friend_request_index , :friend_request_show , :friend_request_create , :friend_request_update , # friend requests
:friend_index , :friend_destroy , # friends
2013-03-22 00:17:28 +00:00
:notification_index , # notifications
2012-12-29 14:29:20 +00:00
:band_invitation_index , :band_invitation_show , :band_invitation_update , # band invitations
2012-12-17 06:02:09 +00:00
:set_password ]
2012-10-14 02:22:13 +00:00
respond_to :json
def index
2012-11-12 12:59:43 +00:00
# don't return users that aren't yet confirmed
@users = User . where ( 'email_confirmed=TRUE' ) . paginate ( page : params [ :page ] )
2012-11-26 13:37:11 +00:00
respond_with @users , responder : ApiResponder , :status = > 200
2012-10-14 02:22:13 +00:00
end
2012-10-15 12:46:51 +00:00
def show
2012-11-12 12:59:43 +00:00
# don't return users that aren't yet confirmed
@user = User . where ( 'email_confirmed=TRUE' ) . find ( params [ :id ] )
2012-11-26 13:37:11 +00:00
respond_with @user , responder : ApiResponder , :status = > 200
2012-10-15 12:46:51 +00:00
end
2012-11-14 05:37:50 +00:00
# this API call is disabled by virtue of it being commented out in routes.rb
# the reason is that it has no captcha, and is therefore a bit abuseable
# if someone wants to use it, please add in captcha or some other bot-protector
2012-10-14 02:22:13 +00:00
def create
2012-11-14 05:37:50 +00:00
# sends email to email account for confirmation
2012-11-15 03:24:42 +00:00
@user = UserManager . new . signup ( params [ :first_name ] ,
params [ :last_name ] ,
2012-11-14 05:37:50 +00:00
params [ :email ] ,
params [ :password ] ,
params [ :password_confirmation ] ,
params [ :city ] ,
params [ :state ] ,
params [ :country ] ,
params [ :instruments ] ,
2012-11-28 05:26:43 +00:00
params [ :photo_url ] ,
2012-11-14 05:37:50 +00:00
ApplicationHelper . base_uri ( request ) + " /confirm " )
# check for errors
unless @user . errors . any?
render :json = > { } , :status = > :ok # an empty response, but 200 OK
else
response . status = :unprocessable_entity
respond_with @user , responder : ApiResponder
2012-11-12 12:59:43 +00:00
end
end
2012-10-29 10:46:24 +00:00
def update
2012-11-21 19:49:00 +00:00
@user = User . save ( params [ :id ] ,
2012-11-22 08:27:00 +00:00
current_user . id ,
2012-11-21 19:49:00 +00:00
params [ :first_name ] ,
params [ :last_name ] ,
params [ :email ] ,
2012-12-14 03:32:51 +00:00
nil , # Don't allow changing password here, since we want to prompt again for the old password
nil ,
2012-11-21 19:49:00 +00:00
params [ :musician ] ,
params [ :gender ] ,
params [ :birth_date ] ,
params [ :internet_service_provider ] ,
params [ :city ] ,
params [ :state ] ,
params [ :country ] ,
2012-11-28 05:26:43 +00:00
params [ :instruments ] ,
params [ :photo_url ] )
2012-11-03 19:32:57 +00:00
2013-03-08 06:45:06 +00:00
if @user . errors . any?
respond_with @user , :status = > :unprocessable_entity
else
respond_with @user , responder : ApiResponder , :status = > 200
end
end
# a user that is created administratively has an incomplete profile
# when they first visit the confirmation page by clicking the link in their email.
def complete
signup_token = params [ :signup_token ]
user = User . find_by_signup_token ( signup_token )
if user . nil?
return
end
user . updating_password = true
user . easy_save (
params [ :first_name ] ,
params [ :last_name ] ,
nil , # email can't be edited at this phase. We need to get them into the site, and they can edit on profile page if they really want
params [ :password ] ,
params [ :password_confirmation ] ,
true , # musician
params [ :gender ] ,
params [ :birth_date ] ,
params [ :isp ] ,
params [ :city ] ,
params [ :state ] ,
params [ :country ] ,
params [ :instruments ] ,
params [ :photo_url ] )
if user . errors . any?
render :json = > user . errors . full_messages ( ) , :status = > :unprocessable_entity
else
# log the user in automatically
user . signup_confirm
sign_in ( user )
respond_with user , responder : ApiResponder , :status = > 200
end
2012-10-29 10:46:24 +00:00
end
2012-12-17 06:02:09 +00:00
def delete
2013-01-14 04:51:15 +00:00
@user . destroy
2012-12-17 06:02:09 +00:00
respond_with responder : ApiResponder , :status = > 204
end
def signup_confirm
@user = UserManager . new . signup_confirm ( params [ :signup_token ] )
unless @user . errors . any?
respond_with @user , responder : ApiResponder , :location = > api_user_detail_url ( @user )
else
response . status = :unprocessable_entity
respond_with @user , responder : ApiResponder
end
end
2012-12-14 03:32:51 +00:00
def set_password
begin
@user . set_password ( params [ :old_password ] , params [ :new_password ] , params [ :new_password_confirm ] )
rescue JamRuby :: JamArgumentError
render :json = > { :message = > ValidationMessages :: OLD_PASSWORD_DOESNT_MATCH } , :status = > 403
end
2012-12-22 06:32:24 +00:00
set_remember_token ( @user )
2012-12-14 03:32:51 +00:00
respond_with responder : ApiResponder , :status = > 204
end
2012-12-22 00:56:49 +00:00
def reset_password
begin
User . reset_password ( params [ :email ] )
rescue JamRuby :: JamArgumentError
render :json = > { :message = > ValidationMessages :: EMAIL_NOT_FOUND } , :status = > 403
end
respond_with responder : ApiResponder , :status = > 204
end
def change_password_token
begin
User . set_password_from_token ( params [ :email ] , params [ :token ] , params [ :new_password ] , params [ :new_password_confirm ] )
rescue JamRuby :: JamArgumentError
# FIXME
# There are some other errors that can happen here, besides just EMAIL_NOT_FOUND
render :json = > { :message = > ValidationMessages :: EMAIL_NOT_FOUND } , :status = > 403
end
2012-12-22 06:32:24 +00:00
set_remember_token ( @user )
2012-12-22 00:56:49 +00:00
respond_with responder : ApiResponder , :status = > 204
end
2012-12-17 06:02:09 +00:00
###################### AUTHENTICATION ###################
def auth_session_create
@user = User . authenticate ( params [ :email ] , params [ :password ] )
if @user . nil?
render :json = > { :success = > false } , :status = > 404
else
sign_in @user
render :json = > { :success = > true } , :status = > 200
end
end
def auth_session_delete
sign_out
render :json = > { :success = > true } , :status = > 200
end
###################### SESSION SETTINGS ###################
def session_settings_show
respond_with @user . my_session_settings , responder : ApiResponder
2012-10-14 02:22:13 +00:00
end
2013-01-06 20:47:56 +00:00
###################### SESSION HISTORY ###################
def session_history_index
@session_history = @user . session_history ( params [ :id ] , params [ :band_id ] , params [ :genre ] )
end
def session_user_history_index
@session_user_history = @user . session_user_history ( params [ :id ] , params [ :session_id ] )
end
2012-12-17 06:24:23 +00:00
###################### BANDS ########################
def band_index
2012-12-17 06:58:50 +00:00
@bands = User . band_index ( params [ :id ] )
2012-12-17 06:24:23 +00:00
end
2012-12-16 23:24:35 +00:00
###################### LIKERS ########################
def liker_index
# NOTE: liker_index.rabl template references the likers property
@user = User . find ( params [ :id ] )
end
###################### LIKES #########################
def like_index
@user = User . find ( params [ :id ] )
end
def band_like_index
@user = User . find ( params [ :id ] )
end
def like_create
id = params [ :id ]
if ! params [ :user_id ] . nil?
User . create_user_like ( params [ :user_id ] , id )
respond_with @user , responder : ApiResponder , :location = > api_user_like_index_url ( @user )
elsif ! params [ :band_id ] . nil?
User . create_band_like ( params [ :band_id ] , id )
respond_with @user , responder : ApiResponder , :location = > api_band_like_index_url ( @user )
end
end
def like_destroy
if ! params [ :user_id ] . nil?
User . delete_like ( params [ :user_id ] , nil , params [ :id ] )
elsif ! params [ :band_id ] . nil?
User . delete_like ( nil , params [ :band_id ] , params [ :id ] )
end
respond_with responder : ApiResponder , :status = > 204
end
2012-11-18 21:52:22 +00:00
###################### FOLLOWERS ########################
2012-11-04 13:34:59 +00:00
def follower_index
# NOTE: follower_index.rabl template references the followers property
@user = User . find ( params [ :id ] )
end
2012-11-18 21:52:22 +00:00
###################### FOLLOWINGS #######################
2012-11-04 13:34:59 +00:00
def following_index
@user = User . find ( params [ :id ] )
2012-11-21 19:49:00 +00:00
end
2012-11-06 12:15:02 +00:00
2012-11-21 19:49:00 +00:00
def band_following_index
@user = User . find ( params [ :id ] )
2012-11-04 13:34:59 +00:00
end
def following_create
2012-11-21 19:49:00 +00:00
id = params [ :id ]
2012-12-04 03:40:40 +00:00
2012-11-06 12:15:02 +00:00
if ! params [ :user_id ] . nil?
2012-11-21 19:49:00 +00:00
User . create_user_following ( params [ :user_id ] , id )
respond_with @user , responder : ApiResponder , :location = > api_user_following_index_url ( @user )
2012-11-06 12:15:02 +00:00
elsif ! params [ :band_id ] . nil?
2012-11-21 19:49:00 +00:00
User . create_band_following ( params [ :band_id ] , id )
respond_with @user , responder : ApiResponder , :location = > api_band_following_index_url ( @user )
2012-11-06 12:15:02 +00:00
end
2012-11-04 13:34:59 +00:00
end
def following_destroy
2012-12-04 03:40:40 +00:00
if ! params [ :user_id ] . nil?
User . delete_following ( params [ :user_id ] , nil , params [ :id ] )
elsif ! params [ :band_id ] . nil?
User . delete_following ( nil , params [ :band_id ] , params [ :id ] )
end
2012-11-24 18:23:13 +00:00
respond_with responder : ApiResponder , :status = > 204
2012-11-04 13:34:59 +00:00
end
2012-11-18 21:52:22 +00:00
###################### FAVORITES ########################
def favorite_index
@user = User . find ( params [ :id ] )
end
def favorite_create
2012-11-21 19:49:00 +00:00
@favorite = UserFavorite . new ( )
User . create_favorite ( params [ :id ] , params [ :recording_id ] )
2012-11-18 21:52:22 +00:00
@user = User . find ( params [ :id ] )
respond_with @user , responder : ApiResponder , :location = > api_favorite_index_url ( @user )
end
def favorite_destroy
2012-11-21 19:49:00 +00:00
User . delete_favorite ( params [ :id ] , params [ :recording_id ] )
2012-11-24 18:23:13 +00:00
respond_with responder : ApiResponder , :status = > 204
2012-11-18 21:52:22 +00:00
end
2012-12-15 07:10:42 +00:00
###################### FRIENDS ##########################
2012-10-14 02:22:13 +00:00
def friend_request_index
2012-10-15 12:46:51 +00:00
# get all outgoing and incoming friend requests
2012-12-29 14:29:20 +00:00
@friend_requests = FriendRequest . where ( " (friend_id=' #{ params [ :id ] } ' AND status is null) OR user_id=' #{ params [ :id ] } ' " )
2012-10-14 02:22:13 +00:00
end
2012-10-15 12:46:51 +00:00
def friend_request_show
2012-12-29 14:29:20 +00:00
@friend_request = FriendRequest . find ( params [ :friend_request_id ] )
respond_with @friend_request , responder : ApiResponder , :status = > 200
2012-10-14 02:22:13 +00:00
end
2012-10-15 12:46:51 +00:00
def friend_request_create
2012-12-30 14:39:59 +00:00
@friend_request = FriendRequest . save ( nil ,
params [ :id ] ,
params [ :friend_id ] ,
nil ,
params [ :message ] )
respond_with @friend_request , responder : ApiResponder , :status = > 201 , :location = > api_friend_request_detail_url ( @user , @friend_request )
2012-10-14 02:22:13 +00:00
end
2012-10-14 04:29:49 +00:00
def friend_request_update
2012-12-29 14:29:20 +00:00
@friend_request = FriendRequest . save ( params [ :friend_request_id ] ,
params [ :id ] ,
params [ :friend_id ] ,
params [ :status ] ,
nil )
respond_with @friend_request , responder : ApiResponder , :status = > 200
2012-10-14 02:22:13 +00:00
end
2012-10-14 04:29:49 +00:00
def friend_index
# NOTE: friend_index.rabl template references the friends property
@user = User . find ( params [ :id ] )
2012-10-14 02:22:13 +00:00
end
def friend_destroy
2012-12-29 14:29:20 +00:00
if current_user . id != params [ :id ] && current_user . id != params [ :friend_id ]
render :json = > { :message = > " You are not allowed to delete this friendship. " } , :status = > 403
end
2012-10-15 12:46:51 +00:00
# clean up both records representing this "friendship"
2012-10-14 04:29:49 +00:00
JamRuby :: Friendship . delete_all " (user_id = ' #{ params [ :id ] } ' AND friend_id = ' #{ params [ :friend_id ] } ') OR (user_id = ' #{ params [ :friend_id ] } ' AND friend_id = ' #{ params [ :id ] } ') "
2012-11-24 18:23:13 +00:00
respond_with responder : ApiResponder , :status = > 204
2012-10-14 02:22:13 +00:00
end
2013-03-22 00:17:28 +00:00
###################### NOTIFICATIONS ####################
def notification_index
@notifications = @user . formatted_notifications
respond_with @notifications , responder : ApiResponder , :status = > 200
end
2012-11-26 13:37:11 +00:00
##################### BAND INVITATIONS ##################
def band_invitation_index
2012-12-15 07:10:42 +00:00
@invitations = @user . received_band_invitations
2012-11-26 13:37:11 +00:00
respond_with @invitations , responder : ApiResponder , :status = > 200
end
def band_invitation_show
begin
@invitation = BandInvitation . find ( params [ :invitation_id ] )
respond_with @invitation , responder : ApiResponder , :status = > 200
rescue ActiveRecord :: RecordNotFound
render :json = > { :message = > ValidationMessages :: BAND_INVITATION_NOT_FOUND } , :status = > 404
end
end
def band_invitation_update
begin
@invitation = BandInvitation . save ( params [ :invitation_id ] ,
nil ,
nil ,
nil ,
params [ :accepted ] )
respond_with @invitation , responder : ApiResponder , :status = > 200
rescue ActiveRecord :: RecordNotFound
render :json = > { :message = > ValidationMessages :: BAND_INVITATION_NOT_FOUND } , :status = > 404
end
end
2012-12-17 06:02:09 +00:00
###################### RECORDINGS #######################
2013-02-16 21:19:08 +00:00
# def recording_index
# @recordings = User.recording_index(current_user, params[:id])
# respond_with @recordings, responder: ApiResponder, :status => 200
# end
# def recording_show
# hide_private = false
# # hide private recordings from anyone but the current user
# if current_user.id != params[:id]
# hide_private = true
# end
# @recording = Recording.find(params[:recording_id])
# if !@recording.public && hide_private
# render :json => { :message => "You are not allowed to access this recording." }, :status => 403
# #respond_with "You are not allowed to access this recording.", responder: ApiResponder, :status => 403
# else
# respond_with @recording, responder: ApiResponder, :status => 200
# end
# end
# def recording_create
# @recording = Recording.save(params[:recording_id],
# params[:public],
# params[:description],
# params[:genres],
# current_user.id,
# params[:id],
# false)
# @user = current_user
# respond_with @recording, responder: ApiResponder, :status => 201, :location => api_recording_detail_url(@user, @recording)
# end
# def recording_update
# @recording = Recording.save(params[:recording_id],
# params[:public],
# params[:description],
# params[:genres],
# current_user.id,
# params[:id],
# false)
# respond_with @recording, responder: ApiResponder, :status => 200
# end
# def recording_destroy
# @recording = Recording.find(params[:recording_id])
# @recording.delete
# respond_with responder: ApiResponder, :status => 204
# end
2012-12-22 00:56:49 +00:00
end
