62 lines
1.8 KiB
Ruby
62 lines
1.8 KiB
Ruby
class ApiRetailerInvitationsController < ApiController
|
|
|
|
before_filter :api_signed_in_user
|
|
before_filter :lookup_retailer, :only => [:index, :create]
|
|
before_filter :auth_retailer, :only => [:index, :create]
|
|
before_filter :lookup_retailer_invitation, :only => [:delete, :resend]
|
|
before_filter :auth_retailer_invitation, :only => [:delete, :resend]
|
|
|
|
respond_to :json
|
|
|
|
def index
|
|
data = RetailerInvitation.index(@retailer, params)
|
|
|
|
@retailer_invitations = data[:query]
|
|
|
|
@next = data[:next_page]
|
|
render "api_retailer_invitations/index", :layout => nil
|
|
end
|
|
|
|
def create
|
|
@retailer_invitation = RetailerInvitation.create(current_user, @retailer, params)
|
|
|
|
if @retailer_invitation.errors.any?
|
|
respond_with @retailer_invitation, status: :unprocessable_entity
|
|
return
|
|
end
|
|
end
|
|
|
|
def delete
|
|
@retailer_invitation.destroy
|
|
respond_with responder: ApiResponder, :status => 204
|
|
end
|
|
|
|
def resend
|
|
@retailer_invitation.resend
|
|
end
|
|
|
|
private
|
|
def lookup_retailer_invitation
|
|
@retailer_invitation = RetailerInvitation.find_by_id(params[:invitation_id])
|
|
raise ActiveRecord::RecordNotFound, "Can't find retailer invitation" if @retailer_invitation.nil?
|
|
end
|
|
|
|
def auth_retailer_invitation
|
|
if current_user.id != @retailer_invitation.retailer.owner.id && current_user.id != @retailer_invitation.retailer.owner.id
|
|
raise JamPermissionError, "You do not have access to this retailer"
|
|
end
|
|
end
|
|
|
|
def lookup_retailer
|
|
@retailer = Retailer.find_by_id(params[:id])
|
|
raise ActiveRecord::RecordNotFound, "Can't find retailer" if @retailer.nil?
|
|
end
|
|
|
|
def auth_retailer
|
|
if current_user.id != @retailer.owner.id && current_user.id != @retailer.owner.id
|
|
raise JamPermissionError, "You do not have access to this retailer"
|
|
end
|
|
end
|
|
end
|
|
|