Browse Source

Ajout puis suppression d'un admin controller, ajout de callbacks vérifiants le statut admin

Lou 3 years ago
parent
commit
1c652c0253

+ 0
- 2
app/controllers/api/v1/admin/users_controller.rb View File

1
-class Api::V1::Admin::UsersController < ApplicationController
2
-end

+ 5
- 0
app/controllers/api/v1/tasks_controller.rb View File

1
 class Api::V1::TasksController < ApplicationController
1
 class Api::V1::TasksController < ApplicationController
2
   before_action :set_task, only: %i[show update destroy]
2
   before_action :set_task, only: %i[show update destroy]
3
   before_action :check_login
3
   before_action :check_login
4
+  before_action :check_owner, only: %i[update destroy]
4
 
5
 
5
   def index
6
   def index
6
     if !params[:activity_id]
7
     if !params[:activity_id]
47
   def set_task
48
   def set_task
48
     @task = Activity.find(params[:activity_id]).tasks.find(params[:id])
49
     @task = Activity.find(params[:activity_id]).tasks.find(params[:id])
49
   end
50
   end
51
+
52
+  def check_owner
53
+    head :forbidden unless @task.user_id === current_user.id
54
+  end
50
 end
55
 end

+ 9
- 4
app/controllers/api/v1/users_controller.rb View File

1
 class Api::V1::UsersController < ApplicationController
1
 class Api::V1::UsersController < ApplicationController
2
   before_action :set_user, only: %i[show update destroy]
2
   before_action :set_user, only: %i[show update destroy]
3
-  before_action :check_owner, only: %i[update destroy]
3
+  before_action :check_login, only: %i[index show]
4
+  before_action :check_owner_or_admin, only: %i[update destroy]
4
 
5
 
5
   def index
6
   def index
6
     render json: UserSerializer.new(User.all).serializable_hash.to_json
7
     render json: UserSerializer.new(User.all).serializable_hash.to_json
42
 
43
 
43
   # Only allow a trusted parameter "white list" through.
44
   # Only allow a trusted parameter "white list" through.
44
   def user_params
45
   def user_params
45
-    params.require(:user).permit(:email, :username, :password)
46
+    if current_user&.admin
47
+      params.require(:user).permit(:email, :username, :password, :admin)
48
+    else
49
+      params.require(:user).permit(:email, :username, :password)
50
+    end
46
   end
51
   end
47
 
52
 
48
   def set_user
53
   def set_user
49
     @user = User.find(params[:id])
54
     @user = User.find(params[:id])
50
   end
55
   end
51
 
56
 
52
-  def check_owner
53
-    head :forbidden unless @user.id == current_user&.id
57
+  def check_owner_or_admin
58
+    head :forbidden unless @user.id == current_user&.id || current_user.admin
54
   end
59
   end
55
 end
60
 end

+ 1
- 1
app/controllers/concerns/authenticable.rb View File

17
   end
17
   end
18
 
18
 
19
   def is_admin?
19
   def is_admin?
20
-    head :forbidden unless self.current_user.admin
20
+    head :forbidden unless self.current_user.admin    
21
   end
21
   end
22
 end
22
 end

+ 1
- 1
app/serializers/user_serializer.rb View File

1
 class UserSerializer
1
 class UserSerializer
2
   include JSONAPI::Serializer
2
   include JSONAPI::Serializer
3
-  attributes :email, :username
3
+  attributes :email, :username, :admin
4
   has_many :activities
4
   has_many :activities
5
 
5
 
6
   cache_options store: Rails.cache, namespace: 'jsonapi-serializer', expires_in: 1.hour
6
   cache_options store: Rails.cache, namespace: 'jsonapi-serializer', expires_in: 1.hour

+ 1
- 1
db/seeds.rb View File

30
 end
30
 end
31
 
31
 
32
 User.create! username: "admin", email: "admin@email.com", password: "azerty", admin: true
32
 User.create! username: "admin", email: "admin@email.com", password: "azerty", admin: true
33
-puts "Created admin"
33
+puts "Created Admin"
34
 
34
 
35
 30.times do |i|
35
 30.times do |i|
36
   task = Task.create(
36
   task = Task.create(

+ 0
- 7
test/controllers/api/v1/admin/users_controller_test.rb View File

1
-require "test_helper"
2
-
3
-class Api::V1::Admin::UsersControllerTest < ActionDispatch::IntegrationTest
4
-  # test "the truth" do
5
-  #   assert true
6
-  # end
7
-end

Loading…
Cancel
Save