module Mks module Auth class UsersController < ApplicationController skip_before_action :authenticate, raise: false, only: %i[login] before_action :set_user, only: %i[update user_roles save_selected_roles] def index @users = ApplicationModule.find_by(code: app_code).users response = { success: true, data: @users } render json: response end def roles user = User.find(params[:id]) data = user.roles response = { success: true, data: data } render json: response end # A method to fetch all roles, with roles of # a user marked as selected def user_roles all_roles = UserRole.joins(:application_module).where(mks_auth_application_modules: { code: app_code }) roles = all_roles.map { |r| { id: r.id, name: r.name, selected: @user.roles.include?(r) } } render json: roles end def save_selected_roles @user.roles.delete_all selected = save_selected_roles_params['roles'].select { |r| r['selected'] }.map{ |r| r['id'] } roles = UserRole.where(id: selected) @user.roles << roles render json: { success: true } end def create @user = User.new(user_params) app_module = ApplicationModule.find_by(code: app_code) @user.application_module_id = app_module.id if @user.save response = { success: true, message: 'User saved successfully' } else errors = Mks::Common::Util.error_messages @user, 'User' response = { success: false, errors: errors } end render json: response end def update if @user.update(user_params) response = { success: true, message: 'User updated successfully' } else errors = Mks::Common::Util.error_messages @user, 'User' response = { success: false, errors: errors } end render json: response end def login user = User.find_by(email: auth_params[:email]) if user.authenticate(auth_params[:password]) && user.has_module(auth_params[:app_module]) jwt = TokenAuth.issue(user.to_token_payload) render json: { jwt: jwt } else render json: {}, status: 400 end end private # Use callbacks to share common setup or constraints between actions. def set_user @user = User.find(params[:id]) end # Never trust parameters from the scary internet, only allow the white list through. def user_params params.require(:user).permit(:first_name, :last_name, :email, :password) end def auth_params params.require(:auth).permit(:email, :password, :app_module) end def save_selected_roles_params params.permit(roles: %i[id selected]) end end end end