Browse Source

Ajout puis suppression d'un admin controller, ajout de callbacks vérifiants le statut admin

Lou 3 years ago
parent
commit
1c652c0253

+ 0
- 2
app/controllers/api/v1/admin/users_controller.rb View File

@@ -1,2 +0,0 @@
1
-class Api::V1::Admin::UsersController < ApplicationController
2
-end

+ 5
- 0
app/controllers/api/v1/tasks_controller.rb View File

@@ -1,6 +1,7 @@
1 1
 class Api::V1::TasksController < ApplicationController
2 2
   before_action :set_task, only: %i[show update destroy]
3 3
   before_action :check_login
4
+  before_action :check_owner, only: %i[update destroy]
4 5
 
5 6
   def index
6 7
     if !params[:activity_id]
@@ -47,4 +48,8 @@ class Api::V1::TasksController < ApplicationController
47 48
   def set_task
48 49
     @task = Activity.find(params[:activity_id]).tasks.find(params[:id])
49 50
   end
51
+
52
+  def check_owner
53
+    head :forbidden unless @task.user_id === current_user.id
54
+  end
50 55
 end

+ 9
- 4
app/controllers/api/v1/users_controller.rb View File

@@ -1,6 +1,7 @@
1 1
 class Api::V1::UsersController < ApplicationController
2 2
   before_action :set_user, only: %i[show update destroy]
3
-  before_action :check_owner, only: %i[update destroy]
3
+  before_action :check_login, only: %i[index show]
4
+  before_action :check_owner_or_admin, only: %i[update destroy]
4 5
 
5 6
   def index
6 7
     render json: UserSerializer.new(User.all).serializable_hash.to_json
@@ -42,14 +43,18 @@ class Api::V1::UsersController < ApplicationController
42 43
 
43 44
   # Only allow a trusted parameter "white list" through.
44 45
   def user_params
45
-    params.require(:user).permit(:email, :username, :password)
46
+    if current_user&.admin
47
+      params.require(:user).permit(:email, :username, :password, :admin)
48
+    else
49
+      params.require(:user).permit(:email, :username, :password)
50
+    end
46 51
   end
47 52
 
48 53
   def set_user
49 54
     @user = User.find(params[:id])
50 55
   end
51 56
 
52
-  def check_owner
53
-    head :forbidden unless @user.id == current_user&.id
57
+  def check_owner_or_admin
58
+    head :forbidden unless @user.id == current_user&.id || current_user.admin
54 59
   end
55 60
 end

+ 1
- 1
app/controllers/concerns/authenticable.rb View File

@@ -17,6 +17,6 @@ module Authenticable
17 17
   end
18 18
 
19 19
   def is_admin?
20
-    head :forbidden unless self.current_user.admin
20
+    head :forbidden unless self.current_user.admin    
21 21
   end
22 22
 end

+ 1
- 1
app/serializers/user_serializer.rb View File

@@ -1,6 +1,6 @@
1 1
 class UserSerializer
2 2
   include JSONAPI::Serializer
3
-  attributes :email, :username
3
+  attributes :email, :username, :admin
4 4
   has_many :activities
5 5
 
6 6
   cache_options store: Rails.cache, namespace: 'jsonapi-serializer', expires_in: 1.hour

+ 1
- 1
db/seeds.rb View File

@@ -30,7 +30,7 @@ Task.reset_pk_sequence
30 30
 end
31 31
 
32 32
 User.create! username: "admin", email: "admin@email.com", password: "azerty", admin: true
33
-puts "Created admin"
33
+puts "Created Admin"
34 34
 
35 35
 30.times do |i|
36 36
   task = Task.create(

+ 0
- 7
test/controllers/api/v1/admin/users_controller_test.rb View File

@@ -1,7 +0,0 @@
1
-require "test_helper"
2
-
3
-class Api::V1::Admin::UsersControllerTest < ActionDispatch::IntegrationTest
4
-  # test "the truth" do
5
-  #   assert true
6
-  # end
7
-end

Loading…
Cancel
Save