From cc4192047e976bc375c84ac687e99dd49b823691 Mon Sep 17 00:00:00 2001 From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com> Date: Mon, 11 Oct 2021 11:26:48 +0100 Subject: [PATCH] Fill out customers controller Add customer serializer --- Gemfile | 1 + Gemfile.lock | 3 + .../api/v1/customers_controller.rb | 74 ++++++++++++++++++- app/serializers/api/v1/customer_serializer.rb | 13 ++++ 4 files changed, 87 insertions(+), 4 deletions(-) create mode 100644 app/serializers/api/v1/customer_serializer.rb diff --git a/Gemfile b/Gemfile index 72210c3408..c7fe245943 100644 --- a/Gemfile +++ b/Gemfile @@ -57,6 +57,7 @@ gem 'devise-token_authenticatable' gem 'jwt', '~> 2.3' gem 'oauth2', '~> 1.4.7' # Used for Stripe Connect +gem 'jsonapi-serializer' gem 'pagy', '~> 5.1' gem 'rswag-api' diff --git a/Gemfile.lock b/Gemfile.lock index c5950fa8b2..a3a6b9e440 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -346,6 +346,8 @@ GEM json_spec (1.1.5) multi_json (~> 1.0) rspec (>= 2.0, < 4.0) + jsonapi-serializer (2.2.0) + activesupport (>= 4.2) jwt (2.3.0) knapsack (4.0.0) rake @@ -739,6 +741,7 @@ DEPENDENCIES jquery-ui-rails (~> 4.2) json json_spec (~> 1.1.4) + jsonapi-serializer jwt (~> 2.3) knapsack letter_opener (>= 1.4.1) diff --git a/app/controllers/api/v1/customers_controller.rb b/app/controllers/api/v1/customers_controller.rb index 472e2e92b3..0d9da27542 100644 --- a/app/controllers/api/v1/customers_controller.rb +++ b/app/controllers/api/v1/customers_controller.rb @@ -1,15 +1,81 @@ # frozen_string_literal: true +require 'open_food_network/permissions' + module Api module V1 class CustomersController < Api::V1::BaseController - def index; end + skip_authorization_check only: :index - def show; end + before_action :set_customer, only: [:show, :update, :destroy] + before_action :authorize_action, only: [:show, :update, :destroy] - def update; end + def index + customers = search_customers - def destroy; end + render json: Api::V1::CustomerSerializer.new(customers, is_collection: true) + end + + def show + render json: Api::V1::CustomerSerializer.new(@customer) + end + + def create + authorize! :update, Enterprise.find(customer_params[:enterprise_id]) + @customer = Customer.new(customer_params) + + if @customer.save + render json: Api::V1::CustomerSerializer.new(@customer), status: :created + else + invalid_resource! @customer + end + end + + def update + if @customer.update(customer_params) + render json: Api::V1::CustomerSerializer.new(@customer) + else + invalid_resource! @customer + end + end + + def destroy + if @customer.destroy + render json: Api::V1::CustomerSerializer.new(@customer) + else + invalid_resource! @customer + end + end + + private + + def set_customer + @customer = Customer.find(params[:id]) + end + + def authorize_action + authorize! action_name.to_sym, @customer + end + + def search_customers + customers = visible_customers + customers = customers.where(enterprise_id: params[:enterprise_id]) if params[:enterprise_id] + customers.ransack(params[:q]).result + end + + def visible_customers + Customer.where(user_id: current_api_user.id).or( + Customer.where(enterprise_id: editable_enterprises) + ) + end + + def customer_params + params.require(:customer).permit(:email, :enterprise_id) + end + + def editable_enterprises + OpenFoodNetwork::Permissions.new(current_api_user).editable_enterprises.select(:id) + end end end end diff --git a/app/serializers/api/v1/customer_serializer.rb b/app/serializers/api/v1/customer_serializer.rb new file mode 100644 index 0000000000..e87391f997 --- /dev/null +++ b/app/serializers/api/v1/customer_serializer.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +module Api + module V1 + class CustomerSerializer + include JSONAPI::Serializer + + attributes :id, :enterprise_id, :name, :code, :email + + belongs_to :enterprise, record_type: :enterprise, serializer: :id + end + end +end