| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- class Api::V1::UsersController < ApplicationController
- before_action :set_user, only: %i[show update destroy]
- before_action :check_login, only: %i[index show]
- before_action :check_owner_or_admin, only: %i[update destroy]
-
- def index
- render json: UserSerializer.new(User.all).serializable_hash.to_json
- end
-
- def show
- if params[:included] === "true"
- options = { include: [:activities] }
- render json: UserSerializer.new(@user, options).serializable_hash.to_json
- else
- render json: UserSerializer.new(@user).serializable_hash.to_json
- end
- end
-
- def create
- @user = User.new(user_params)
-
- if @user.save
- render json: UserSerializer.new(@user).serializable_hash.to_json, status: :created
- else
- render json: @user.errors, status: :unprocessable_entity
- end
- end
-
- def update
- if @user.update(user_params)
- render json: UserSerializer.new(@user).serializable_hash.to_json, status: :ok
- else
- render json: @user.errors, status: :unprocessable_entity
- end
- end
-
- def destroy
- @user.destroy
- head 204
- end
-
- private
-
- # Only allow a trusted parameter "white list" through.
- def user_params
- if current_user&.is_admin
- params.require(:user).permit(:email, :username, :password, :is_admin)
- else
- params.require(:user).permit(:email, :username, :password)
- end
- end
-
- def set_user
- @user = User.find(params[:id])
- end
-
- def check_owner_or_admin
- head :forbidden unless @user.id == current_user&.id || current_user&.is_admin
- end
- end
|
