Ajout puis suppression d'un admin controller, ajout de callbacks vérifiants le statut admin

app/controllers/api/v1/admin/users_controller.rb

@@ -1,2 +0,0 @@
-class Api::V1::Admin::UsersController < ApplicationController
-end

app/controllers/api/v1/tasks_controller.rb

@@ -1,6 +1,7 @@
 class Api::V1::TasksController < ApplicationController
   before_action :set_task, only: %i[show update destroy]
   before_action :check_login
+  before_action :check_owner, only: %i[update destroy]
 
   def index
     if !params[:activity_id]
@@ -47,4 +48,8 @@ class Api::V1::TasksController < ApplicationController
   def set_task
     @task = Activity.find(params[:activity_id]).tasks.find(params[:id])
   end
+
+  def check_owner
+    head :forbidden unless @task.user_id === current_user.id
+  end
 end

app/controllers/api/v1/users_controller.rb

@@ -1,6 +1,7 @@
 class Api::V1::UsersController < ApplicationController
   before_action :set_user, only: %i[show update destroy]
-  before_action :check_owner, only: %i[update destroy]
+  before_action :check_login, only: %i[index show]
+  before_action :check_owner_or_admin, only: %i[update destroy]
 
   def index
     render json: UserSerializer.new(User.all).serializable_hash.to_json
@@ -42,14 +43,18 @@ class Api::V1::UsersController < ApplicationController
 
   # Only allow a trusted parameter "white list" through.
   def user_params
-    params.require(:user).permit(:email, :username, :password)
+    if current_user&.admin
+      params.require(:user).permit(:email, :username, :password, :admin)
+    else
+      params.require(:user).permit(:email, :username, :password)
+    end
   end
 
   def set_user
     @user = User.find(params[:id])
   end
 
-  def check_owner
-    head :forbidden unless @user.id == current_user&.id
+  def check_owner_or_admin
+    head :forbidden unless @user.id == current_user&.id || current_user.admin
   end
 end

app/controllers/concerns/authenticable.rb

@@ -17,6 +17,6 @@ module Authenticable
   end
 
   def is_admin?
-    head :forbidden unless self.current_user.admin
+    head :forbidden unless self.current_user.admin    
   end
 end

app/serializers/user_serializer.rb

@@ -1,6 +1,6 @@
 class UserSerializer
   include JSONAPI::Serializer
-  attributes :email, :username
+  attributes :email, :username, :admin
   has_many :activities
 
   cache_options store: Rails.cache, namespace: 'jsonapi-serializer', expires_in: 1.hour

db/seeds.rb

@@ -30,7 +30,7 @@ Task.reset_pk_sequence
 end
 
 User.create! username: "admin", email: "admin@email.com", password: "azerty", admin: true
-puts "Created admin"
+puts "Created Admin"
 
 30.times do |i|
   task = Task.create(

test/controllers/api/v1/admin/users_controller_test.rb

@@ -1,7 +0,0 @@
-require "test_helper"
-
-class Api::V1::Admin::UsersControllerTest < ActionDispatch::IntegrationTest
-  # test "the truth" do
-  #   assert true
-  # end
-end