206 lines
6.7 KiB
Ruby
206 lines
6.7 KiB
Ruby
class ApiBandsController < ApiController
|
|
|
|
before_filter :api_signed_in_user, :except => [:index, :show, :follower_index]
|
|
|
|
respond_to :json
|
|
|
|
def index
|
|
@bands = Band.paginate(page: params[:page])
|
|
end
|
|
|
|
def show
|
|
@band = Band.find(params[:id])
|
|
end
|
|
|
|
def create
|
|
@band = Band.save(params[:id],
|
|
params[:name],
|
|
params[:website],
|
|
params[:biography],
|
|
params[:city],
|
|
params[:state],
|
|
params[:country],
|
|
params[:genres],
|
|
current_user.id)
|
|
|
|
respond_with @band, responder: ApiResponder, :status => 201, :location => api_band_detail_url(@band)
|
|
end
|
|
|
|
def update
|
|
@band = Band.find_by_id(params[:id])
|
|
auth_band_member(@band, current_user)
|
|
|
|
@band = Band.save(params[:id],
|
|
params[:name],
|
|
params[:website],
|
|
params[:biography],
|
|
params[:city],
|
|
params[:state],
|
|
params[:country],
|
|
params[:genres],
|
|
current_user.id,)
|
|
|
|
respond_with @band, responder: ApiResponder, :status => :ok
|
|
end
|
|
|
|
###################### FOLLOWERS ########################
|
|
def follower_index
|
|
# NOTE: follower_index.rabl template references the followers property
|
|
@band = Band.find(params[:id])
|
|
end
|
|
|
|
###################### RECORDINGS #######################
|
|
def recording_index
|
|
hide_private = false
|
|
@band = Band.find(params[:id])
|
|
|
|
# hide private Recordings from anyone who's not in the Band
|
|
unless @band.users.exists? current_user
|
|
hide_private = true
|
|
end
|
|
|
|
if hide_private
|
|
@recordings = Recording.find(:all,
|
|
:joins => :musician_recordings,
|
|
:select => "recordings.id, recordings.description, recordings.public",
|
|
:conditions => ["bands_recordings.band_id='#{params[:id]}' AND public=true"])
|
|
|
|
#.paginate(page: params[:page])
|
|
else
|
|
@recordings = Recording.find(:all,
|
|
:joins => :musician_recordings,
|
|
:select => "recordings.id, recordings.description, recordings.public",
|
|
:conditions => ["bands_recordings.band_id='#{params[:id]}'"])
|
|
end
|
|
|
|
respond_with @recordings, responder: ApiResponder, :status => 200
|
|
end
|
|
|
|
def recording_show
|
|
hide_private = false
|
|
band = Band.find(params[:id])
|
|
|
|
# hide private Recordings from anyone who's not in the Band
|
|
unless band.users.exists? current_user
|
|
hide_private = true
|
|
end
|
|
|
|
@recording = Recording.find(params[:recording_id])
|
|
if !@recording.public && hide_private
|
|
render :json => { :message => "You are not allowed to access this recording." }, :status => 403
|
|
#respond_with "You are not allowed to view this recording.", responder: ApiResponder, :status => 403
|
|
else
|
|
respond_with @recording, responder: ApiResponder, :status => 200
|
|
end
|
|
end
|
|
|
|
def recording_create
|
|
@band = Band.find_by_id(params[:id])
|
|
auth_band_member(@band, current_user)
|
|
|
|
@recording = Recording.save(params[:recording_id],
|
|
params[:public],
|
|
params[:description],
|
|
params[:id],
|
|
params[:id],
|
|
true)
|
|
|
|
respond_with @recording, responder: ApiResponder, :status => 201, :location => api_band_recording_detail_url(@band, @recording)
|
|
end
|
|
|
|
def recording_update
|
|
@recording = Recording.save(params[:recording_id],
|
|
params[:public],
|
|
params[:description],
|
|
current_user.id,
|
|
params[:id],
|
|
false)
|
|
|
|
respond_with @recording, responder: ApiResponder, :status => 200
|
|
end
|
|
|
|
def recording_destroy
|
|
@band = Band.find_by_id(params[:id])
|
|
auth_band_member(@band, current_user)
|
|
|
|
@recording = Recording.find(params[:recording_id])
|
|
|
|
unless @recording.nil?
|
|
@recording.delete
|
|
respond_with responder: ApiResponder, :status => 204
|
|
end
|
|
|
|
# no recording was found with this ID
|
|
render :json => { :message => ValidationMessages::RECORDING_NOT_FOUND }, :status => 404
|
|
end
|
|
|
|
###################### INVITATIONS ######################
|
|
def invitation_index
|
|
@band = Band.find_by_id(params[:id])
|
|
auth_band_member(@band, current_user)
|
|
@invitations = @band.invitations #BandInvitation.find_by_band_id(params[:id])
|
|
respond_with @invitations, responder: ApiResponder, :status => 200
|
|
end
|
|
|
|
def invitation_show
|
|
@band = Band.find_by_id(params[:id])
|
|
auth_band_member(@band, current_user)
|
|
@invitation = BandInvitation.find(params[:invitation_id])
|
|
end
|
|
|
|
def invitation_create
|
|
@band = Band.find_by_id(params[:id])
|
|
auth_band_member(@band, current_user)
|
|
|
|
@invitation = BandInvitation.save(params[:invitation_id],
|
|
params[:id],
|
|
params[:user_id],
|
|
current_user.id,
|
|
params[:accepted])
|
|
|
|
respond_with @invitation, responder: ApiResponder, :status => 201, :location => api_band_invitation_detail_url(@band, @invitation)
|
|
end
|
|
|
|
=begin
|
|
def invitation_update
|
|
@user = current_user
|
|
invitation = @user.received_band_invitations.find_by_band_id(params[:id])
|
|
|
|
unless invitation.nil?
|
|
@invitation = BandInvitation.save(params[:recording_id],
|
|
params[:id],
|
|
current_user.id,
|
|
current_user.id,
|
|
params[:accepted])
|
|
|
|
respond_with @invitation, responder: ApiResponder, :status => 200
|
|
end
|
|
|
|
# no invitation was found for this user and band
|
|
render :json => { :message => ValidationMessages::BAND_INVITATION_NOT_FOUND }, :status => 404
|
|
end
|
|
=end
|
|
|
|
def invitation_destroy
|
|
@band = Band.find_by_id(params[:id])
|
|
auth_band_member(@band, current_user)
|
|
|
|
@invitation = BandInvitation.find(params[:invitation_id])
|
|
|
|
unless @invitation.nil?
|
|
@invitation.delete
|
|
respond_with responder: ApiResponder, :status => 204
|
|
end
|
|
|
|
render :json => { :message => ValidationMessages::BAND_INVITATION_NOT_FOUND }, :status => 404
|
|
end
|
|
|
|
#############################################################################
|
|
protected
|
|
# ensures user is a member of the band
|
|
def auth_band_member(band, user)
|
|
unless band.users.exists? user
|
|
raise PermissionError, ValidationMessages::PERMISSION_VALIDATION_ERROR
|
|
end
|
|
end
|
|
end |