104 lines
2.9 KiB
Ruby
104 lines
2.9 KiB
Ruby
class ApiSchoolsController < ApiController
|
|
|
|
before_filter :api_signed_in_user
|
|
before_filter :lookup_school, :only => [:show, :update, :update_avatar, :delete_avatar, :generate_filepicker_policy, :remove_student, :remove_teacher]
|
|
before_filter :auth_school, :only => [:show, :update, :update_avatar, :delete_avatar, :generate_filepicker_policy, :remove_student, :remove_teacher]
|
|
|
|
respond_to :json
|
|
|
|
def show
|
|
@owner_viewing = @school.owner == current_user
|
|
end
|
|
|
|
def update
|
|
@school.update_from_params(params)
|
|
|
|
respond_with_model(@school)
|
|
end
|
|
|
|
def update_avatar
|
|
original_fpfile = params[:original_fpfile]
|
|
cropped_fpfile = params[:cropped_fpfile]
|
|
cropped_large_fpfile = params[:cropped_large_fpfile]
|
|
crop_selection = params[:crop_selection]
|
|
|
|
# public bucket to allow images to be available to public
|
|
@school.update_avatar(original_fpfile, cropped_fpfile, cropped_large_fpfile, crop_selection, Rails.application.config.aws_bucket_public)
|
|
|
|
if @school.errors.any?
|
|
respond_with @school, status: :unprocessable_entity
|
|
return
|
|
end
|
|
|
|
|
|
end
|
|
|
|
def delete_avatar
|
|
@school.delete_avatar(Rails.application.config.aws_bucket_public)
|
|
|
|
if @school.errors.any?
|
|
respond_with @school, status: :unprocessable_entity
|
|
return
|
|
end
|
|
end
|
|
|
|
def generate_filepicker_policy
|
|
# generates a soon-expiring filepicker policy so that a user can only upload to their own folder in their bucket
|
|
|
|
handle = params[:handle]
|
|
|
|
call = 'pick,convert,store'
|
|
|
|
policy = { :expiry => (DateTime.now + 5.minutes).to_i(),
|
|
:call => call,
|
|
#:path => 'avatars/' + @user.id + '/.*jpg'
|
|
}
|
|
|
|
# if the caller specifies a handle, add it to the hash
|
|
unless handle.nil?
|
|
start = handle.rindex('/') + 1
|
|
policy[:handle] = handle[start..-1]
|
|
end
|
|
|
|
policy = Base64.urlsafe_encode64( policy.to_json )
|
|
digest = OpenSSL::Digest::Digest.new('sha256')
|
|
signature = OpenSSL::HMAC.hexdigest(digest, Rails.application.config.fp_secret, policy)
|
|
|
|
render :json => {
|
|
:signature => signature,
|
|
:policy => policy
|
|
}, :status => :ok
|
|
end
|
|
|
|
def remove_student
|
|
user = User.find(params[:user_id])
|
|
user.school_id = nil
|
|
if !user.save
|
|
respond_with user, status: :unprocessable_entity
|
|
return
|
|
end
|
|
end
|
|
|
|
def remove_teacher
|
|
teacher = User.find(params[:teacher_id])
|
|
teacher.teacher.school_id = nil
|
|
if !teacher.teacher.save
|
|
respond_with teacher.teacher, status: :unprocessable_entity
|
|
return
|
|
end
|
|
end
|
|
|
|
private
|
|
def lookup_school
|
|
@school = School.find_by_id(params[:id])
|
|
raise ActiveRecord::RecordNotFound, "Can't find school" if @school.nil?
|
|
end
|
|
|
|
def auth_school
|
|
if current_user.id != @school.owner.id && current_user.id != @school.owner.id
|
|
raise JamPermissionError, "You do not have access to this school"
|
|
end
|
|
end
|
|
end
|
|
|