71 lines
1.8 KiB
Ruby
71 lines
1.8 KiB
Ruby
class ApiTeachersController < ApiController
|
|
|
|
before_filter :api_signed_in_user, :except => [:index, :detail, :search]
|
|
before_filter :auth_teacher, :only => [:update, :delete]
|
|
before_filter :auth_user, :only => [:create, :update]
|
|
|
|
respond_to :json
|
|
|
|
def index
|
|
data = Teacher.index(current_user, params)
|
|
|
|
@show_profile = true
|
|
@show_teacher = true
|
|
|
|
@users = data[:query]
|
|
|
|
@next = data[:next_page]
|
|
render "api_teachers/index", :layout => nil
|
|
end
|
|
|
|
def detail
|
|
teacher_id=(params[:teacher_id].present?) ? params[:teacher_id] : (current_user.teacher && current_user.teacher.id)
|
|
@teacher = Teacher.find(teacher_id)
|
|
|
|
respond_with_model(@teacher)
|
|
end
|
|
|
|
def delete
|
|
@teacher.try(:destroy)
|
|
respond_with @teacher, responder => ApiResponder
|
|
end
|
|
|
|
def create
|
|
@teacher = Teacher.save_teacher(@user, params)
|
|
respond_with_model(@teacher, new: true, location: lambda { return api_teacher_detail_url(@teacher.id) })
|
|
end
|
|
|
|
def update
|
|
@teacher = Teacher.save_teacher(@user, params)
|
|
respond_with_model(@teacher)
|
|
end
|
|
|
|
private
|
|
def auth_teacher
|
|
@teacher = Teacher.find(params[:id])
|
|
|
|
if !current_user.admin && !@teacher.user == current_user
|
|
Rails.logger.info("Could not find teacher #{params[:id]} for #{current_user}")
|
|
raise JamPermissionError, ValidationMessages::PERMISSION_VALIDATION_ERROR
|
|
end
|
|
end
|
|
|
|
def auth_user
|
|
if params[:user_id].present?
|
|
if params[:user_id]==current_user.id
|
|
@user=current_user
|
|
else
|
|
if current_user.admin
|
|
@user=User.find(params[:user_id])
|
|
else
|
|
# Can't specify other user:
|
|
raise JamPermissionError, ValidationMessages::PERMISSION_VALIDATION_ERROR
|
|
end
|
|
end
|
|
else
|
|
@user=current_user
|
|
end
|
|
|
|
end
|
|
end
|