require_dependency "people/api/v1/application_controller" require 'authorization' module People class Api::V1::UsersController < Api::V1::ApplicationController <% if options.arcadex? %> skip_before_filter :authenticate_user, :only => [:register, :login] <% end %> before_action :set_user, only: [:show, :edit, :update] before_action :register_authorize, only: [:register] before_action :login_authorize, only: [:login] before_action :logout_authorize, only: [:logout] before_action :index_authorize, only: [:index] before_action :show_authorize, only: [:show] before_action :update_authorize, only: [:update] <% if options.arcadex? %> # POST /api/1/users/register def register #Create a new user user = ::People::V1::User.new(user_params) if user.save #If the user is saved, return a token token = user.tokens[0] render :json => {user: user, token: token} else #Return an error if not saved render :json => {errors: user.errors}, status: :unprocessable_entity end end # POST /api/1/users/login def login #Should I delete the current token or ignore it? #Find user from email and password. Create and return a new token user = ::People::V1::User.find_by(email: params[:email]) if user && user.authenticate(params[:password]) token = user.tokens.create render :json => {user: user, token: token} else render :json => {errors: "Email and/or Password is incorrect"}, status: :unauthorized end end # GET /api/1/users/logout def logout #Destroy the current token token = current_token token.destroy render json: {} end <% end %> # GET /api/1/users def index @users = ::People::V1::User.all render json: @users end # GET /api/1/users/1 def show render json: @user end # PATCH/PUT /api/1/users/1 def update if @user.update(user_params) render json: @user else render :json => {errors: @user.errors}, status: :unprocessable_entity end end private # Use callbacks to share common setup or constraints between actions. def set_user @user = ::People::V1::User.find_by_id(params[:id]) if @user.nil? render :json => {errors: "User was not found"}, status: :not_found end end # Only allow a trusted parameter "white list" through. def user_params params.require(:user).permit(:username, :email, :password, :password_confirmation) end # Authorizations below here <% if options.arcadex? %> def register_authorize if !::Authorization::People::V1::User.register? render :json => {errors: "User is not authorized for this action"}, status: :forbidden end end def login_authorize if !::Authorization::People::V1::User.login? render :json => {errors: "User is not authorized for this action"}, status: :forbidden end end def logout_authorize if !::Authorization::People::V1::User.logout?(current_user) render :json => {errors: "User is not authorized for this action"}, status: :forbidden end end <% end %> def index_authorize if !::Authorization::People::V1::User.index?(current_user) render :json => {errors: "User is not authorized for this action"}, status: :forbidden end end def show_authorize if !::Authorization::People::V1::User.show?(@user,current_user) render :json => {errors: "User is not authorized for this action"}, status: :forbidden end end def update_authorize if !::Authorization::People::V1::User.update?(@user,current_user) render :json => {errors: "User is not authorized for this action"}, status: :forbidden end end end end