require_dependency "api/v<%= api_version %>/application_controller" require 'authorization' class Api::V<%= api_version %>::<%= HorsePower.get_camel_plural(resource_name) %>Controller < Api::V<%= api_version %>::ApplicationController before_action :set_<%= HorsePower.get_singular(resource_name) %>, only: [:show, :update, :destroy] before_action :set_<%= HorsePower.get_plural(resource_name) %>, only: [:updateAll] before_action :set_<%= HorsePower.get_plural(resource_name) %>_from_ids, only: [:showAll, :destroyAll] before_action :index_authorize, only: [:index] before_action :show_authorize, only: [:show] before_action :create_authorize, only: [:create] before_action :update_authorize, only: [:update] before_action :destroy_authorize, only: [:destroy] # GET /api/<%= api_version %>/<%= HorsePower.get_plural(resource_name) %> def index @<%= HorsePower.get_plural(resource_name) %> = ::<%= HorsePower.get_camel(resource_name) %>.all render json: @<%= HorsePower.get_plural(resource_name) %>, each_serializer: ::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>Serializer end # GET /api/<%= api_version %>/<%= HorsePower.get_plural(resource_name) %>/1 def show render json: @<%= HorsePower.get_singular(resource_name) %>, serializer: ::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>Serializer end # POST /api/<%= api_version %>/<%= HorsePower.get_plural(resource_name) %>/showAll def showAll all_<%= HorsePower.get_plural(resource_name) %> = []; ActiveRecord::Base.transaction do @<%= HorsePower.get_plural(resource_name) %>.each do |<%= HorsePower.get_singular(resource_name) %>| if !::Authorization::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>.show?(<%= HorsePower.get_singular(resource_name) %>,current_user) render :json => {errors: "User is not authorized for this action"}, status: :forbidden raise ActiveRecord::Rollback return end all_<%= HorsePower.get_plural(resource_name) %>.push(<%= HorsePower.get_singular(resource_name) %>) end render json: all_<%= HorsePower.get_plural(resource_name) %>, each_serializer: ::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>Serializer end end # POST /api/<%= api_version %>/<%= HorsePower.get_plural(resource_name) %> def create @<%= HorsePower.get_singular(resource_name) %> = ::<%= HorsePower.get_camel(resource_name) %>.new(<%= HorsePower.get_singular(resource_name) %>_params) if @<%= HorsePower.get_singular(resource_name) %>.save render json: @<%= HorsePower.get_singular(resource_name) %>, serializer: ::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>Serializer else render :json => {errors: @<%= HorsePower.get_singular(resource_name) %>.errors.full_messages}, status: :unprocessable_entity end end # PATCH/PUT /api/<%= api_version %>/<%= HorsePower.get_plural(resource_name) %>/1 def update if @<%= HorsePower.get_singular(resource_name) %>.update(<%= HorsePower.get_singular(resource_name) %>_params) render json: @<%= HorsePower.get_singular(resource_name) %>, serializer: ::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>Serializer else render :json => {errors: @<%= HorsePower.get_singular(resource_name) %>.errors.full_messages}, status: :unprocessable_entity end end # POST /api/<%= api_version %>/<%= HorsePower.get_plural(resource_name) %>/updateAll def updateAll all_<%= HorsePower.get_plural(resource_name) %> = []; ActiveRecord::Base.transaction do @<%= HorsePower.get_plural(resource_name) %>.each do |json_<%= HorsePower.get_singular(resource_name) %>| <%= HorsePower.get_singular(resource_name) %> = updateAllLogic(json_<%= HorsePower.get_singular(resource_name) %>) if !<%= HorsePower.get_singular(resource_name) %>.nil? all_<%= HorsePower.get_plural(resource_name) %>.push(<%= HorsePower.get_singular(resource_name) %>) else return end end render json: all_<%= HorsePower.get_plural(resource_name) %>, each_serializer: ::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>Serializer end end # DELETE /api/<%= api_version %>/<%= HorsePower.get_plural(resource_name) %>/1 def destroy @<%= HorsePower.get_singular(resource_name) %>.destroy render json: {} end # POST /api/<%= api_version %>/<%= HorsePower.get_plural(resource_name) %>/destroyAll def destroyAll ActiveRecord::Base.transaction do @<%= HorsePower.get_plural(resource_name) %>.each do |<%= HorsePower.get_singular(resource_name) %>| if !::Authorization::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>.destroy?(<%= HorsePower.get_singular(resource_name) %>,current_user) render :json => {errors: "User is not authorized for this action"}, status: :forbidden raise ActiveRecord::Rollback return end <%= HorsePower.get_singular(resource_name) %>.destroy end render json: {} end end private # Use callbacks to share common setup or constraints between actions. def set_<%= HorsePower.get_singular(resource_name) %> @<%= HorsePower.get_singular(resource_name) %> = ::<%= HorsePower.get_camel(resource_name) %>.find_by_id(params[:id]) if @<%= HorsePower.get_singular(resource_name) %>.nil? render :json => {errors: "<%= HorsePower.get_camel(resource_name) %> was not found"}, status: :not_found end end def set_<%= HorsePower.get_plural(resource_name) %> @<%= HorsePower.get_plural(resource_name) %> = params[:<%= HorsePower.get_plural(resource_name) %>] if @<%= HorsePower.get_plural(resource_name) %>.nil? render :json => {errors: "<%= HorsePower.get_camel_plural(resource_name) %> were not found"}, status: :not_found end end def set_<%= HorsePower.get_plural(resource_name) %>_from_ids ids = params[:ids] if ids.nil? render :json => {errors: "Ids were not found"}, status: :not_found end @<%= HorsePower.get_plural(resource_name) %> = [] ActiveRecord::Base.transaction do ids.each do |id| <%= HorsePower.get_singular(resource_name) %> = ::<%= HorsePower.get_camel(resource_name) %>.find_by_id(id) if !<%= HorsePower.get_singular(resource_name) %>.nil? @<%= HorsePower.get_plural(resource_name) %>.push(<%= HorsePower.get_singular(resource_name) %>) else render :json => {errors: "<%= HorsePower.get_camel(resource_name) %> with id #{id} was not found"}, status: :not_found raise ActiveRecord::Rollback return end end end end # Only allow a trusted parameter "white list" through. def <%= HorsePower.get_singular(resource_name) %>_params params.require(:<%= HorsePower.get_singular(resource_name) %>).permit(<%= HorsePower.params_list(attributes) %>) end def <%= HorsePower.get_singular(resource_name) %>_values(json_<%= HorsePower.get_singular(resource_name) %>) hash = ActionController::Parameters.new({<%= HorsePower.get_singular(resource_name) %>: json_<%= HorsePower.get_singular(resource_name) %>}) hash.require(:<%= HorsePower.get_singular(resource_name) %>).permit(<%= HorsePower.params_list(attributes) %>) end # Batch logic def updateAllLogic(json_<%= HorsePower.get_singular(resource_name) %>) <%= HorsePower.get_singular(resource_name) %> = ::<%= HorsePower.get_camel(resource_name) %>.find_by_id(json_<%= HorsePower.get_singular(resource_name) %>[:id]) if <%= HorsePower.get_singular(resource_name) %>.nil? render :json => {errors: "<%= HorsePower.get_camel(resource_name) %> with id #{json_<%= HorsePower.get_singular(resource_name) %>[:id]} was not found"}, status: :not_found return nil end if !::Authorization::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>.update?(<%= HorsePower.get_singular(resource_name) %>,<%= HorsePower.get_singular(resource_name) %>_values(json_<%= HorsePower.get_singular(resource_name) %>),current_user) render :json => {errors: "User is not authorized for this action"}, status: :forbidden return nil end if <%= HorsePower.get_singular(resource_name) %>.update(<%= HorsePower.get_singular(resource_name) %>_values(json_<%= HorsePower.get_singular(resource_name) %>)) return <%= HorsePower.get_singular(resource_name) %> else render :json => {errors: <%= HorsePower.get_singular(resource_name) %>.errors.full_messages}, status: :unprocessable_entity raise ActiveRecord::Rollback return nil end end # Authorizations below here def index_authorize if !::Authorization::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>.index?(current_user) render :json => {errors: "User is not authorized for this action"}, status: :forbidden end end def show_authorize if !::Authorization::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>.show?(@<%= HorsePower.get_singular(resource_name) %>,current_user) render :json => {errors: "User is not authorized for this action"}, status: :forbidden end end def create_authorize if !::Authorization::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>.create?(<%= HorsePower.get_singular(resource_name) %>_params,current_user) render :json => {errors: "User is not authorized for this action"}, status: :forbidden end end def update_authorize if !::Authorization::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>.update?(@<%= HorsePower.get_singular(resource_name) %>,<%= HorsePower.get_singular(resource_name) %>_params,current_user) render :json => {errors: "User is not authorized for this action"}, status: :forbidden end end def destroy_authorize if !::Authorization::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>.destroy?(@<%= HorsePower.get_singular(resource_name) %>,current_user) render :json => {errors: "User is not authorized for this action"}, status: :forbidden end end end