331 lines
11 KiB
Ruby
331 lines
11 KiB
Ruby
class ApiUsersController < ApiController
|
|
|
|
before_filter :api_signed_in_user, :except => [:create, :signup_confirm, :auth_session_create]
|
|
|
|
respond_to :json
|
|
|
|
def index
|
|
# don't return users that aren't yet confirmed
|
|
@users = User.where('email_confirmed=TRUE').paginate(page: params[:page])
|
|
respond_with @users, responder: ApiResponder, :status => 200
|
|
end
|
|
|
|
def show
|
|
# don't return users that aren't yet confirmed
|
|
@user = User.where('email_confirmed=TRUE').find(params[:id])
|
|
respond_with @user, responder: ApiResponder, :status => 200
|
|
end
|
|
|
|
# this API call is disabled by virtue of it being commented out in routes.rb
|
|
# the reason is that it has no captcha, and is therefore a bit abuseable
|
|
# if someone wants to use it, please add in captcha or some other bot-protector
|
|
def create
|
|
# sends email to email account for confirmation
|
|
@user = UserManager.new.signup(params[:first_name],
|
|
params[:last_name],
|
|
params[:email],
|
|
params[:password],
|
|
params[:password_confirmation],
|
|
params[:city],
|
|
params[:state],
|
|
params[:country],
|
|
params[:instruments],
|
|
params[:photo_url],
|
|
ApplicationHelper.base_uri(request) + "/confirm")
|
|
|
|
# check for errors
|
|
unless @user.errors.any?
|
|
render :json => {}, :status => :ok # an empty response, but 200 OK
|
|
else
|
|
response.status = :unprocessable_entity
|
|
respond_with @user, responder: ApiResponder
|
|
end
|
|
end
|
|
|
|
def signup_confirm
|
|
@user = UserManager.new.signup_confirm(params[:signup_token])
|
|
|
|
unless @user.errors.any?
|
|
respond_with @user, responder: ApiResponder, :location => api_user_detail_url(@user)
|
|
else
|
|
response.status = :unprocessable_entity
|
|
respond_with @user, responder: ApiResponder
|
|
end
|
|
end
|
|
|
|
def update
|
|
auth_user(params[:id])
|
|
@user = User.save(params[:id],
|
|
current_user.id,
|
|
params[:first_name],
|
|
params[:last_name],
|
|
params[:email],
|
|
params[:password],
|
|
params[:password_confirmation],
|
|
params[:musician],
|
|
params[:gender],
|
|
params[:birth_date],
|
|
params[:internet_service_provider],
|
|
params[:city],
|
|
params[:state],
|
|
params[:country],
|
|
params[:instruments],
|
|
params[:photo_url])
|
|
|
|
respond_with @user, responder: ApiResponder, :status => 200
|
|
end
|
|
|
|
def delete
|
|
@user = User.find(params[:id])
|
|
auth_user @user.destroy # required to make 'tire' integration work
|
|
respond_with responder: ApiResponder, :status => 204
|
|
end
|
|
|
|
###################### FOLLOWERS ########################
|
|
def follower_index
|
|
# NOTE: follower_index.rabl template references the followers property
|
|
@user = User.find(params[:id])
|
|
end
|
|
|
|
###################### FOLLOWINGS #######################
|
|
def following_index
|
|
@user = User.find(params[:id])
|
|
end
|
|
|
|
def band_following_index
|
|
@user = User.find(params[:id])
|
|
end
|
|
|
|
def following_create
|
|
id = params[:id]
|
|
auth_user(id)
|
|
@user = User.find(id)
|
|
|
|
if !params[:user_id].nil?
|
|
User.create_user_following(params[:user_id], id)
|
|
respond_with @user, responder: ApiResponder, :location => api_user_following_index_url(@user)
|
|
|
|
elsif !params[:band_id].nil?
|
|
User.create_band_following(params[:band_id], id)
|
|
respond_with @user, responder: ApiResponder, :location => api_band_following_index_url(@user)
|
|
end
|
|
end
|
|
|
|
def following_destroy
|
|
auth_user(params[:id])
|
|
|
|
if !params[:user_id].nil?
|
|
User.delete_following(params[:user_id], nil, params[:id])
|
|
|
|
elsif !params[:band_id].nil?
|
|
User.delete_following(nil, params[:band_id], params[:id])
|
|
end
|
|
|
|
respond_with responder: ApiResponder, :status => 204
|
|
end
|
|
|
|
###################### RECORDINGS #######################
|
|
def recording_index
|
|
|
|
hide_private = false
|
|
|
|
# hide private recordings from anyone but the current user
|
|
if current_user.id != params[:id]
|
|
hide_private = true
|
|
end
|
|
|
|
select_list = "recordings.id, recordings.description, recordings.public, genres.id, genres.description"
|
|
|
|
if hide_private
|
|
@recordings = Recording.joins(:musician_recordings)
|
|
.where(:musicians_recordings => {:user_id => "#{params[:id]}"}, :public => true)
|
|
|
|
else
|
|
@recordings = Recording.joins(:musician_recordings)
|
|
.where(:musicians_recordings => {:user_id => "#{params[:id]}"})
|
|
end
|
|
|
|
respond_with @recordings, responder: ApiResponder, :status => 200
|
|
end
|
|
|
|
def recording_show
|
|
hide_private = false
|
|
|
|
# hide private recordings from anyone but the current user
|
|
if current_user.id != params[:id]
|
|
hide_private = true
|
|
end
|
|
|
|
@recording = Recording.find(params[:recording_id])
|
|
if !@recording.public && hide_private
|
|
render :json => { :message => "You are not allowed to access this recording." }, :status => 403
|
|
#respond_with "You are not allowed to access this recording.", responder: ApiResponder, :status => 403
|
|
else
|
|
respond_with @recording, responder: ApiResponder, :status => 200
|
|
end
|
|
end
|
|
|
|
def recording_create
|
|
@recording = Recording.save(params[:recording_id],
|
|
params[:public],
|
|
params[:description],
|
|
params[:genres],
|
|
current_user.id,
|
|
params[:id],
|
|
false)
|
|
|
|
@user = current_user
|
|
respond_with @recording, responder: ApiResponder, :status => 201, :location => api_recording_detail_url(@user, @recording)
|
|
end
|
|
|
|
def recording_update
|
|
@recording = Recording.save(params[:recording_id],
|
|
params[:public],
|
|
params[:description],
|
|
params[:genres],
|
|
current_user.id,
|
|
params[:id],
|
|
false)
|
|
|
|
respond_with @recording, responder: ApiResponder, :status => 200
|
|
end
|
|
|
|
def recording_destroy
|
|
auth_user(params[:id])
|
|
@recording = Recording.find(params[:recording_id])
|
|
@recording.delete
|
|
respond_with responder: ApiResponder, :status => 204
|
|
end
|
|
|
|
###################### FAVORITES ########################
|
|
def favorite_index
|
|
@user = User.find(params[:id])
|
|
|
|
# TODO: get band followings and merge (@user.band_followings)
|
|
end
|
|
|
|
def favorite_create
|
|
auth_user(params[:id])
|
|
@favorite = UserFavorite.new()
|
|
User.create_favorite(params[:id], params[:recording_id])
|
|
|
|
@user = User.find(params[:id])
|
|
respond_with @user, responder: ApiResponder, :location => api_favorite_index_url(@user)
|
|
end
|
|
|
|
def favorite_destroy
|
|
auth_user(params[:id])
|
|
User.delete_favorite(params[:id], params[:recording_id])
|
|
respond_with responder: ApiResponder, :status => 204
|
|
end
|
|
|
|
###################### FRIENDS (TODO: refactor resource paths) ##########################
|
|
def friend_request_index
|
|
auth_user(params[:id])
|
|
# get all outgoing and incoming friend requests
|
|
@friend_requests = FriendRequest.where("(friend_id='#{params[:id]}' OR user_id='#{params[:id]}') AND accepted is null")
|
|
end
|
|
|
|
def friend_request_show
|
|
auth_user(params[:id])
|
|
@friend_request = FriendRequest.find(params[:id])
|
|
end
|
|
|
|
def friend_request_create
|
|
auth_user(params[:user_id])
|
|
@friend_request = FriendRequest.new()
|
|
@friend_request.user_id = params[:user_id]
|
|
@friend_request.friend_id = params[:friend_id]
|
|
@friend_request.save
|
|
respond_with @friend_request, responder: ApiResponder, :location => api_friend_request_detail_url(@friend_request)
|
|
end
|
|
|
|
def friend_request_update
|
|
ActiveRecord::Base.transaction do
|
|
@friend_request = FriendRequest.find(params[:id])
|
|
@friend_request.accepted = params[:accepted]
|
|
@friend_request.save
|
|
|
|
# create both records for this friendship
|
|
if @friend_request.accepted?
|
|
@friendship = Friendship.new()
|
|
@friendship.user_id = @friend_request.user_id
|
|
@friendship.friend_id = @friend_request.friend_id
|
|
@friendship.save
|
|
|
|
@friendship = Friendship.new()
|
|
@friendship.user_id = @friend_request.friend_id
|
|
@friendship.friend_id = @friend_request.user_id
|
|
@friendship.save
|
|
end
|
|
end
|
|
|
|
respond_with @friend_request, responder: ApiResponder
|
|
end
|
|
|
|
def friend_index
|
|
# NOTE: friend_index.rabl template references the friends property
|
|
@user = User.find(params[:id])
|
|
end
|
|
|
|
def friend_destroy
|
|
auth_user(params[:id])
|
|
# clean up both records representing this "friendship"
|
|
JamRuby::Friendship.delete_all "(user_id = '#{params[:id]}' AND friend_id = '#{params[:friend_id]}') OR (user_id = '#{params[:friend_id]}' AND friend_id = '#{params[:id]}')"
|
|
respond_with responder: ApiResponder, :status => 204
|
|
end
|
|
|
|
##################### BAND INVITATIONS ##################
|
|
def band_invitation_index
|
|
auth_user(params[:id])
|
|
@user = current_user
|
|
@invitations = @user.received_band_invitations#.merge(@user.sent_band_invitations)
|
|
respond_with @invitations, responder: ApiResponder, :status => 200
|
|
end
|
|
|
|
def band_invitation_show
|
|
auth_user(params[:id])
|
|
|
|
begin
|
|
@invitation = BandInvitation.find(params[:invitation_id])
|
|
respond_with @invitation, responder: ApiResponder, :status => 200
|
|
|
|
rescue ActiveRecord::RecordNotFound
|
|
render :json => { :message => ValidationMessages::BAND_INVITATION_NOT_FOUND }, :status => 404
|
|
end
|
|
end
|
|
|
|
def band_invitation_update
|
|
auth_user(params[:id])
|
|
|
|
begin
|
|
@invitation = BandInvitation.save(params[:invitation_id],
|
|
nil,
|
|
nil,
|
|
nil,
|
|
params[:accepted])
|
|
|
|
respond_with @invitation, responder: ApiResponder, :status => 200
|
|
|
|
rescue ActiveRecord::RecordNotFound
|
|
render :json => { :message => ValidationMessages::BAND_INVITATION_NOT_FOUND }, :status => 404
|
|
end
|
|
end
|
|
|
|
###################### AUTHENTICATION ###################
|
|
def auth_session_create
|
|
@user = User.authenticate(params[:email], params[:password])
|
|
|
|
if @user.nil?
|
|
render :json => { :success => false }, :status => 404
|
|
else
|
|
sign_in @user
|
|
render :json => { :success => true }, :status => 200
|
|
end
|
|
end
|
|
|
|
def auth_session_delete
|
|
sign_out
|
|
render :json => { :success => true }, :status => 200
|
|
end
|
|
end |