class ApiUsersController < ApiController before_filter :api_signed_in_user, :except => [:create, :signup_confirm, :auth_session_create] respond_to :json def index # don't return users that aren't yet confirmed @users = User.where('email_confirmed=TRUE').paginate(page: params[:page]) respond_with @users, responder: ApiResponder, :status => 200 end def show # don't return users that aren't yet confirmed @user = User.where('email_confirmed=TRUE').find(params[:id]) respond_with @user, responder: ApiResponder, :status => 200 end # this API call is disabled by virtue of it being commented out in routes.rb # the reason is that it has no captcha, and is therefore a bit abuseable # if someone wants to use it, please add in captcha or some other bot-protector def create # sends email to email account for confirmation @user = UserManager.new.signup(params[:first_name], params[:last_name], params[:email], params[:password], params[:password_confirmation], params[:city], params[:state], params[:country], params[:instruments], params[:photo_url], ApplicationHelper.base_uri(request) + "/confirm") # check for errors unless @user.errors.any? render :json => {}, :status => :ok # an empty response, but 200 OK else response.status = :unprocessable_entity respond_with @user, responder: ApiResponder end end def signup_confirm @user = UserManager.new.signup_confirm(params[:signup_token]) unless @user.errors.any? respond_with @user, responder: ApiResponder, :location => api_user_detail_url(@user) else response.status = :unprocessable_entity respond_with @user, responder: ApiResponder end end def update auth_user(params[:id]) @user = User.save(params[:id], current_user.id, params[:first_name], params[:last_name], params[:email], params[:password], params[:password_confirmation], params[:musician], params[:gender], params[:birth_date], params[:internet_service_provider], params[:city], params[:state], params[:country], params[:instruments], params[:photo_url]) respond_with @user, responder: ApiResponder, :status => 200 end def delete @user = User.find(params[:id]) auth_user @user.destroy # required to make 'tire' integration work respond_with responder: ApiResponder, :status => 204 end ###################### FOLLOWERS ######################## def follower_index # NOTE: follower_index.rabl template references the followers property @user = User.find(params[:id]) end ###################### FOLLOWINGS ####################### def following_index @user = User.find(params[:id]) end def band_following_index @user = User.find(params[:id]) end def following_create id = params[:id] auth_user(id) @user = User.find(id) if !params[:user_id].nil? User.create_user_following(params[:user_id], id) respond_with @user, responder: ApiResponder, :location => api_user_following_index_url(@user) elsif !params[:band_id].nil? User.create_band_following(params[:band_id], id) respond_with @user, responder: ApiResponder, :location => api_band_following_index_url(@user) end end def following_destroy auth_user(params[:id]) User.delete_user_following(params[:user_id], params[:id]) respond_with responder: ApiResponder, :status => 204 end ###################### RECORDINGS ####################### def recording_index hide_private = false # hide private recordings from anyone but the current user if current_user.id != params[:id] hide_private = true end select_list = "recordings.id, recordings.description, recordings.public, genres.id, genres.description" if hide_private @recordings = Recording.joins(:musician_recordings) .where(:musicians_recordings => {:user_id => "#{params[:id]}"}, :public => true) else @recordings = Recording.joins(:musician_recordings) .where(:musicians_recordings => {:user_id => "#{params[:id]}"}) end respond_with @recordings, responder: ApiResponder, :status => 200 end def recording_show hide_private = false # hide private recordings from anyone but the current user if current_user.id != params[:id] hide_private = true end @recording = Recording.find(params[:recording_id]) if !@recording.public && hide_private render :json => { :message => "You are not allowed to access this recording." }, :status => 403 #respond_with "You are not allowed to access this recording.", responder: ApiResponder, :status => 403 else respond_with @recording, responder: ApiResponder, :status => 200 end end def recording_create @recording = Recording.save(params[:recording_id], params[:public], params[:description], params[:genres], current_user.id, params[:id], false) @user = current_user respond_with @recording, responder: ApiResponder, :status => 201, :location => api_recording_detail_url(@user, @recording) end def recording_update @recording = Recording.save(params[:recording_id], params[:public], params[:description], params[:genres], current_user.id, params[:id], false) respond_with @recording, responder: ApiResponder, :status => 200 end def recording_destroy auth_user(params[:id]) @recording = Recording.find(params[:recording_id]) @recording.delete respond_with responder: ApiResponder, :status => 204 end ###################### FAVORITES ######################## def favorite_index @user = User.find(params[:id]) # TODO: get band followings and merge (@user.band_followings) end def favorite_create auth_user(params[:id]) @favorite = UserFavorite.new() User.create_favorite(params[:id], params[:recording_id]) @user = User.find(params[:id]) respond_with @user, responder: ApiResponder, :location => api_favorite_index_url(@user) end def favorite_destroy auth_user(params[:id]) User.delete_favorite(params[:id], params[:recording_id]) respond_with responder: ApiResponder, :status => 204 end ###################### FRIENDS (TODO: refactor resource paths) ########################## def friend_request_index auth_user(params[:id]) # get all outgoing and incoming friend requests @friend_requests = FriendRequest.where("(friend_id='#{params[:id]}' OR user_id='#{params[:id]}') AND accepted is null") end def friend_request_show auth_user(params[:id]) @friend_request = FriendRequest.find(params[:id]) end def friend_request_create auth_user(params[:user_id]) @friend_request = FriendRequest.new() @friend_request.user_id = params[:user_id] @friend_request.friend_id = params[:friend_id] @friend_request.save respond_with @friend_request, responder: ApiResponder, :location => api_friend_request_detail_url(@friend_request) end def friend_request_update ActiveRecord::Base.transaction do @friend_request = FriendRequest.find(params[:id]) @friend_request.accepted = params[:accepted] @friend_request.save # create both records for this friendship if @friend_request.accepted? @friendship = Friendship.new() @friendship.user_id = @friend_request.user_id @friendship.friend_id = @friend_request.friend_id @friendship.save @friendship = Friendship.new() @friendship.user_id = @friend_request.friend_id @friendship.friend_id = @friend_request.user_id @friendship.save end end respond_with @friend_request, responder: ApiResponder end def friend_index # NOTE: friend_index.rabl template references the friends property @user = User.find(params[:id]) end def friend_destroy auth_user(params[:id]) # clean up both records representing this "friendship" JamRuby::Friendship.delete_all "(user_id = '#{params[:id]}' AND friend_id = '#{params[:friend_id]}') OR (user_id = '#{params[:friend_id]}' AND friend_id = '#{params[:id]}')" respond_with responder: ApiResponder, :status => 204 end ##################### BAND INVITATIONS ################## def band_invitation_index auth_user(params[:id]) @user = current_user @invitations = @user.received_band_invitations#.merge(@user.sent_band_invitations) respond_with @invitations, responder: ApiResponder, :status => 200 end def band_invitation_show auth_user(params[:id]) begin @invitation = BandInvitation.find(params[:invitation_id]) respond_with @invitation, responder: ApiResponder, :status => 200 rescue ActiveRecord::RecordNotFound render :json => { :message => ValidationMessages::BAND_INVITATION_NOT_FOUND }, :status => 404 end end def band_invitation_update auth_user(params[:id]) begin @invitation = BandInvitation.save(params[:invitation_id], nil, nil, nil, params[:accepted]) respond_with @invitation, responder: ApiResponder, :status => 200 rescue ActiveRecord::RecordNotFound render :json => { :message => ValidationMessages::BAND_INVITATION_NOT_FOUND }, :status => 404 end end ###################### AUTHENTICATION ################### def auth_session_create @user = User.authenticate(params[:email], params[:password]) if @user.nil? render :json => { :success => false }, :status => 404 else sign_in @user render :json => { :success => true }, :status => 200 end end def auth_session_delete sign_out render :json => { :success => true }, :status => 200 end end