seth
/
jam-cloud
mirror of https://bitbucket.org/jamkazam/jam-cloud.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

set_password and some refactoring

This commit is contained in:
Mike Slemmer 2012-12-13 19:32:51 -08:00
parent b3acb39de4
commit 8428ca36d2
3 changed files with 22 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/api_controller.rb
View File

@ -29,9 +29,11 @@ class ApiController < ApplicationController
end
protected
def auth_user(id)
unless current_user.id == id
def auth_user
unless current_user.id == params[:id]
raise PermissionError, ValidationMessages::PERMISSION_VALIDATION_ERROR
end
@user = User.find(params[:id])
end
end

41
app/controllers/api_users_controller.rb
View File

@ -1,6 +1,10 @@
class ApiUsersController < ApiController
before_filter :api_signed_in_user, :except => [:create, :signup_confirm, :auth_session_create]
before_filter :auth_user, :only => [:session_settings_show, :update, :delete, :following_create, :following_destroy,
:recording_destroy, :favorite_create, :favorite_destroy, :friend_request_index, :friend_request_show,
:friend_request_create, :friend_destroy, :band_invitation_index, :band_invitation_show,
:band_invitation_update, :set_password]
respond_to :json
@ -54,20 +58,17 @@ class ApiUsersController < ApiController
end
def session_settings_show
auth_user(params[:id])
@user = User.find(params[:id])
respond_with @user.my_session_settings, responder: ApiResponder
end
def update
auth_user(params[:id])
@user = User.save(params[:id],
current_user.id,
params[:first_name],
params[:last_name],
params[:email],
params[:password],
params[:password_confirmation],
nil, # Don't allow changing password here, since we want to prompt again for the old password
nil,
params[:musician],
params[:gender],
params[:birth_date],
@ -81,9 +82,17 @@ class ApiUsersController < ApiController
respond_with @user, responder: ApiResponder, :status => 200
end
def set_password
begin
@user.set_password(params[:old_password], params[:new_password], params[:new_password_confirm])
rescue JamRuby::JamArgumentError
render :json => { :message => ValidationMessages::OLD_PASSWORD_DOESNT_MATCH }, :status => 403
end
respond_with responder: ApiResponder, :status => 204
end
def delete
@user = User.find(params[:id])
auth_user @user.destroy # required to make 'tire' integration work
@user.destroy # required to make 'tire' integration work
respond_with responder: ApiResponder, :status => 204
end
@ -104,8 +113,6 @@ class ApiUsersController < ApiController
def following_create
id = params[:id]
auth_user(id)
@user = User.find(id)
if !params[:user_id].nil?
User.create_user_following(params[:user_id], id)
@ -118,8 +125,6 @@ class ApiUsersController < ApiController
end
def following_destroy
auth_user(params[:id])
if !params[:user_id].nil?
User.delete_following(params[:user_id], nil, params[:id])
@ -197,7 +202,6 @@ class ApiUsersController < ApiController
end
def recording_destroy
auth_user(params[:id])
@recording = Recording.find(params[:recording_id])
@recording.delete
respond_with responder: ApiResponder, :status => 204
@ -211,7 +215,6 @@ class ApiUsersController < ApiController
end
def favorite_create
auth_user(params[:id])
@favorite = UserFavorite.new()
User.create_favorite(params[:id], params[:recording_id])
@ -220,27 +223,23 @@ class ApiUsersController < ApiController
end
def favorite_destroy
auth_user(params[:id])
User.delete_favorite(params[:id], params[:recording_id])
respond_with responder: ApiResponder, :status => 204
end
###################### FRIENDS (TODO: refactor resource paths) ##########################
def friend_request_index
auth_user(params[:id])
# get all outgoing and incoming friend requests
@friend_requests = FriendRequest.where("(friend_id='#{params[:id]}' OR user_id='#{params[:id]}') AND accepted is null")
end
def friend_request_show
auth_user(params[:id])
@friend_request = FriendRequest.find(params[:id])
end
def friend_request_create
auth_user(params[:user_id])
@friend_request = FriendRequest.new()
@friend_request.user_id = params[:user_id]
@friend_request.user_id = params[:id]
@friend_request.friend_id = params[:friend_id]
@friend_request.save
respond_with @friend_request, responder: ApiResponder, :location => api_friend_request_detail_url(@friend_request)
@ -275,7 +274,6 @@ class ApiUsersController < ApiController
end
def friend_destroy
auth_user(params[:id])
# clean up both records representing this "friendship"
JamRuby::Friendship.delete_all "(user_id = '#{params[:id]}' AND friend_id = '#{params[:friend_id]}') OR (user_id = '#{params[:friend_id]}' AND friend_id = '#{params[:id]}')"
respond_with responder: ApiResponder, :status => 204
@ -283,15 +281,12 @@ class ApiUsersController < ApiController
##################### BAND INVITATIONS ##################
def band_invitation_index
auth_user(params[:id])
@user = current_user
@invitations = @user.received_band_invitations#.merge(@user.sent_band_invitations)
respond_with @invitations, responder: ApiResponder, :status => 200
end
def band_invitation_show
auth_user(params[:id])
begin
@invitation = BandInvitation.find(params[:invitation_id])
respond_with @invitation, responder: ApiResponder, :status => 200
@ -302,8 +297,6 @@ class ApiUsersController < ApiController
end
def band_invitation_update
auth_user(params[:id])
begin
@invitation = BandInvitation.save(params[:invitation_id],
nil,

1
config/routes.rb
View File

@ -50,6 +50,7 @@ SampleApp::Application.routes.draw do
match '/users' => 'api_users#index', :via => :get
match '/users/:id' => 'api_users#show', :via => :get, :as => 'api_user_detail'
#match '/users' => 'api_users#create', :via => :post
match '/users/:id/set_password' => 'api_users#set_password', :via => :put
match '/users/:id' => 'api_users#update', :via => :post
match '/users/:id' => 'api_users#destroy', :via => :delete
match '/users/confirm/:signup_token' => 'api_users#signup_confirm', :via => :post, :as => 'api_signup_confirmation'