API de comptabilité horaire.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

users_controller.rb 1.5KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960
  1. class Api::V1::UsersController < ApplicationController
  2. before_action :set_user, only: %i[show update destroy]
  3. before_action :check_login, only: %i[index show]
  4. before_action :check_owner_or_admin, only: %i[update destroy]
  5. def index
  6. render json: UserSerializer.new(User.all).serializable_hash.to_json
  7. end
  8. def show
  9. if params[:included] === "true"
  10. options = { include: [:activities] }
  11. render json: UserSerializer.new(@user, options).serializable_hash.to_json
  12. else
  13. render json: UserSerializer.new(@user).serializable_hash.to_json
  14. end
  15. end
  16. def create
  17. @user = User.new(user_params)
  18. if @user.save
  19. render json: UserSerializer.new(@user).serializable_hash.to_json, status: :created
  20. else
  21. render json: @user.errors, status: :unprocessable_entity
  22. end
  23. end
  24. def update
  25. if @user.update(user_params)
  26. render json: UserSerializer.new(@user).serializable_hash.to_json, status: :ok
  27. else
  28. render json: @user.errors, status: :unprocessable_entity
  29. end
  30. end
  31. def destroy
  32. @user.destroy
  33. head 204
  34. end
  35. private
  36. # Only allow a trusted parameter "white list" through.
  37. def user_params
  38. if current_user&.is_admin
  39. params.require(:user).permit(:email, :username, :password, :is_admin)
  40. else
  41. params.require(:user).permit(:email, :username, :password)
  42. end
  43. end
  44. def set_user
  45. @user = User.find(params[:id])
  46. end
  47. def check_owner_or_admin
  48. head :forbidden unless @user.id == current_user&.id || current_user&.is_admin
  49. end
  50. end