67 lines
1.7 KiB
Ruby
67 lines
1.7 KiB
Ruby
class ApiTeachersController < ApiController
|
|
|
|
before_filter :api_signed_in_user, :except => [:index, :detail]
|
|
before_filter :auth_teacher, :only => [:update, :delete]
|
|
before_filter :auth_user, :only => [:create, :update]
|
|
|
|
respond_to :json
|
|
|
|
def index
|
|
@teachers = Teacher.paginate(page: params[:page])
|
|
end
|
|
|
|
def detail
|
|
teacher_id=(params[:teacher_id].present?) ? params[:teacher_id] : (current_user.teacher && current_user.teacher.id)
|
|
@teacher = Teacher.find(teacher_id)
|
|
|
|
respond_with_model(@teacher)
|
|
end
|
|
|
|
def delete
|
|
@teacher.try(:destroy)
|
|
respond_with @teacher, responder => ApiResponder
|
|
end
|
|
|
|
def create
|
|
@teacher = Teacher.save_teacher(@user, params)
|
|
respond_with_model(@teacher, new: true, location: lambda { return api_teacher_detail_url(@teacher.id) })
|
|
end
|
|
|
|
def update
|
|
@teacher = Teacher.save_teacher(@user, params)
|
|
respond_with_model(@teacher)
|
|
end
|
|
|
|
private
|
|
def auth_teacher
|
|
if current_user.admin
|
|
@teacher = Teacher.find(params[:id])
|
|
else
|
|
@teacher = Teacher.where("user_id=? AND id=?", current_user.id, params[:id]).first
|
|
end
|
|
|
|
unless @teacher
|
|
Rails.logger.info("Could not find teacher #{params[:id]} for #{current_user}")
|
|
raise JamPermissionError, ValidationMessages::PERMISSION_VALIDATION_ERROR
|
|
end
|
|
end
|
|
|
|
def auth_user
|
|
if params[:user_id].present?
|
|
if params[:user_id]==current_user.id
|
|
@user=current_user
|
|
else
|
|
if current_user.admin
|
|
@user=User.find(params[:user_id])
|
|
else
|
|
# Can't specify other user:
|
|
raise JamPermissionError, ValidationMessages::PERMISSION_VALIDATION_ERROR
|
|
end
|
|
end
|
|
else
|
|
@user=current_user
|
|
end
|
|
|
|
end
|
|
end
|