class ApiUsersController < ApiController before_filter :api_signed_in_user, :except => [:create, :signup_confirm, :auth_session_create] before_filter :auth_user, :only => [:session_settings_show, :update, :delete, :like_create, :like_destroy, # likes :following_create, :following_destroy, # followings :recording_update, :recording_destroy, # recordings :favorite_create, :favorite_destroy, # favorites :friend_request_index, :friend_request_show, :friend_request_create, :friend_destroy, # friends :band_invitation_index, :band_invitation_show, :band_invitation_update, :set_password] respond_to :json def index # don't return users that aren't yet confirmed @users = User.where('email_confirmed=TRUE').paginate(page: params[:page]) respond_with @users, responder: ApiResponder, :status => 200 end def show # don't return users that aren't yet confirmed @user = User.where('email_confirmed=TRUE').find(params[:id]) respond_with @user, responder: ApiResponder, :status => 200 end # this API call is disabled by virtue of it being commented out in routes.rb # the reason is that it has no captcha, and is therefore a bit abuseable # if someone wants to use it, please add in captcha or some other bot-protector def create # sends email to email account for confirmation @user = UserManager.new.signup(params[:first_name], params[:last_name], params[:email], params[:password], params[:password_confirmation], params[:city], params[:state], params[:country], params[:instruments], params[:photo_url], ApplicationHelper.base_uri(request) + "/confirm") # check for errors unless @user.errors.any? render :json => {}, :status => :ok # an empty response, but 200 OK else response.status = :unprocessable_entity respond_with @user, responder: ApiResponder end end def update @user = User.save(params[:id], current_user.id, params[:first_name], params[:last_name], params[:email], nil, # Don't allow changing password here, since we want to prompt again for the old password nil, params[:musician], params[:gender], params[:birth_date], params[:internet_service_provider], params[:city], params[:state], params[:country], params[:instruments], params[:photo_url]) respond_with @user, responder: ApiResponder, :status => 200 end def delete @user.destroy # required to make 'tire' integration work respond_with responder: ApiResponder, :status => 204 end def signup_confirm @user = UserManager.new.signup_confirm(params[:signup_token]) unless @user.errors.any? respond_with @user, responder: ApiResponder, :location => api_user_detail_url(@user) else response.status = :unprocessable_entity respond_with @user, responder: ApiResponder end end def set_password begin @user.set_password(params[:old_password], params[:new_password], params[:new_password_confirm]) rescue JamRuby::JamArgumentError render :json => { :message => ValidationMessages::OLD_PASSWORD_DOESNT_MATCH }, :status => 403 end respond_with responder: ApiResponder, :status => 204 end ###################### AUTHENTICATION ################### def auth_session_create @user = User.authenticate(params[:email], params[:password]) if @user.nil? render :json => { :success => false }, :status => 404 else sign_in @user render :json => { :success => true }, :status => 200 end end def auth_session_delete sign_out render :json => { :success => true }, :status => 200 end ###################### SESSION SETTINGS ################### def session_settings_show respond_with @user.my_session_settings, responder: ApiResponder end ###################### LIKERS ######################## def liker_index # NOTE: liker_index.rabl template references the likers property @user = User.find(params[:id]) end ###################### LIKES ######################### def like_index @user = User.find(params[:id]) end def band_like_index @user = User.find(params[:id]) end def like_create id = params[:id] if !params[:user_id].nil? User.create_user_like(params[:user_id], id) respond_with @user, responder: ApiResponder, :location => api_user_like_index_url(@user) elsif !params[:band_id].nil? User.create_band_like(params[:band_id], id) respond_with @user, responder: ApiResponder, :location => api_band_like_index_url(@user) end end def like_destroy if !params[:user_id].nil? User.delete_like(params[:user_id], nil, params[:id]) elsif !params[:band_id].nil? User.delete_like(nil, params[:band_id], params[:id]) end respond_with responder: ApiResponder, :status => 204 end ###################### FOLLOWERS ######################## def follower_index # NOTE: follower_index.rabl template references the followers property @user = User.find(params[:id]) end ###################### FOLLOWINGS ####################### def following_index @user = User.find(params[:id]) end def band_following_index @user = User.find(params[:id]) end def following_create id = params[:id] @user = User.find(id) if !params[:user_id].nil? User.create_user_following(params[:user_id], id) respond_with @user, responder: ApiResponder, :location => api_user_following_index_url(@user) elsif !params[:band_id].nil? User.create_band_following(params[:band_id], id) respond_with @user, responder: ApiResponder, :location => api_band_following_index_url(@user) end end def following_destroy if !params[:user_id].nil? User.delete_following(params[:user_id], nil, params[:id]) elsif !params[:band_id].nil? User.delete_following(nil, params[:band_id], params[:id]) end respond_with responder: ApiResponder, :status => 204 end ###################### FAVORITES ######################## def favorite_index @user = User.find(params[:id]) end def favorite_create @favorite = UserFavorite.new() User.create_favorite(params[:id], params[:recording_id]) @user = User.find(params[:id]) respond_with @user, responder: ApiResponder, :location => api_favorite_index_url(@user) end def favorite_destroy User.delete_favorite(params[:id], params[:recording_id]) respond_with responder: ApiResponder, :status => 204 end ###################### FRIENDS ########################## def friend_request_index # get all outgoing and incoming friend requests @friend_requests = FriendRequest.where("(friend_id='#{params[:id]}' OR user_id='#{params[:id]}') AND accepted is null") end def friend_request_show @friend_request = FriendRequest.find(params[:id]) end def friend_request_create @friend_request = FriendRequest.new() @friend_request.user_id = params[:id] @friend_request.friend_id = params[:friend_id] @friend_request.save respond_with @friend_request, responder: ApiResponder, :location => api_friend_request_detail_url(@friend_request) end def friend_request_update ActiveRecord::Base.transaction do @friend_request = FriendRequest.find(params[:id]) @friend_request.accepted = params[:accepted] @friend_request.save # create both records for this friendship if @friend_request.accepted? @friendship = Friendship.new() @friendship.user_id = @friend_request.user_id @friendship.friend_id = @friend_request.friend_id @friendship.save @friendship = Friendship.new() @friendship.user_id = @friend_request.friend_id @friendship.friend_id = @friend_request.user_id @friendship.save end end respond_with @friend_request, responder: ApiResponder end def friend_index # NOTE: friend_index.rabl template references the friends property @user = User.find(params[:id]) end def friend_destroy # clean up both records representing this "friendship" JamRuby::Friendship.delete_all "(user_id = '#{params[:id]}' AND friend_id = '#{params[:friend_id]}') OR (user_id = '#{params[:friend_id]}' AND friend_id = '#{params[:id]}')" respond_with responder: ApiResponder, :status => 204 end ##################### BAND INVITATIONS ################## def band_invitation_index @user = current_user @invitations = @user.received_band_invitations respond_with @invitations, responder: ApiResponder, :status => 200 end def band_invitation_show begin @invitation = BandInvitation.find(params[:invitation_id]) respond_with @invitation, responder: ApiResponder, :status => 200 rescue ActiveRecord::RecordNotFound render :json => { :message => ValidationMessages::BAND_INVITATION_NOT_FOUND }, :status => 404 end end def band_invitation_update begin @invitation = BandInvitation.save(params[:invitation_id], nil, nil, nil, params[:accepted]) respond_with @invitation, responder: ApiResponder, :status => 200 rescue ActiveRecord::RecordNotFound render :json => { :message => ValidationMessages::BAND_INVITATION_NOT_FOUND }, :status => 404 end end ###################### RECORDINGS ####################### def recording_index hide_private = false # hide private recordings from anyone but the current user if current_user.id != params[:id] hide_private = true end if hide_private @recordings = Recording.joins(:musician_recordings) .where(:musicians_recordings => {:user_id => "#{params[:id]}"}, :public => true) else @recordings = Recording.joins(:musician_recordings) .where(:musicians_recordings => {:user_id => "#{params[:id]}"}) end respond_with @recordings, responder: ApiResponder, :status => 200 end def recording_show hide_private = false # hide private recordings from anyone but the current user if current_user.id != params[:id] hide_private = true end @recording = Recording.find(params[:recording_id]) if !@recording.public && hide_private render :json => { :message => "You are not allowed to access this recording." }, :status => 403 #respond_with "You are not allowed to access this recording.", responder: ApiResponder, :status => 403 else respond_with @recording, responder: ApiResponder, :status => 200 end end def recording_create @recording = Recording.save(params[:recording_id], params[:public], params[:description], params[:genres], current_user.id, params[:id], false) @user = current_user respond_with @recording, responder: ApiResponder, :status => 201, :location => api_recording_detail_url(@user, @recording) end def recording_update @recording = Recording.save(params[:recording_id], params[:public], params[:description], params[:genres], current_user.id, params[:id], false) respond_with @recording, responder: ApiResponder, :status => 200 end def recording_destroy @recording = Recording.find(params[:recording_id]) @recording.delete respond_with responder: ApiResponder, :status => 204 end end