raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-24 20:36:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1a61357be856f1033cc2fb090e849daf4019aed1
openfoodnetwork/app/controllers/api/enterprises_controller.rb
Pau Pérez Fabregat fd95ae7e41 Merge pull request #3847 from Matt-Yorkley/api_access 
Allow unauthenticated access to OFN API endpoints
2019-06-12 09:45:11 +02:00

82 lines
2.5 KiB
Ruby
Raw Blame History

module Api
class EnterprisesController < BaseController
before_filter :override_owner, only: [:create, :update]
before_filter :check_type, only: :update
before_filter :override_sells, only: [:create, :update]
before_filter :override_visible, only: [:create, :update]
respond_to :json
skip_authorization_check only: [:shopfront, :managed]
def managed
@enterprises = Enterprise.ransack(params[:q]).result.managed_by(current_api_user)
render params[:template] || :bulk_index
end
def create
authorize! :create, Enterprise
@enterprise = Enterprise.new(params[:enterprise])
if @enterprise.save
render text: @enterprise.id, status: :created
else
invalid_resource!(@enterprise)
end
end
def update
@enterprise = Enterprise.find_by_permalink(params[:id]) || Enterprise.find(params[:id])
authorize! :update, @enterprise
if @enterprise.update_attributes(params[:enterprise])
render text: @enterprise.id, status: :ok
else
invalid_resource!(@enterprise)
end
end
def update_image
@enterprise = Enterprise.find_by_permalink(params[:id]) || Enterprise.find(params[:id])
authorize! :update, @enterprise
if params[:logo] && @enterprise.update_attributes( logo: params[:logo] )
render text: @enterprise.logo.url(:medium), status: :ok
elsif params[:promo] && @enterprise.update_attributes( promo_image: params[:promo] )
render text: @enterprise.promo_image.url(:medium), status: :ok
else
invalid_resource!(@enterprise)
end
end
def shopfront
enterprise = Enterprise.find_by_id(params[:id])
render text: Api::EnterpriseShopfrontSerializer.new(enterprise).to_json, status: :ok
end
private
def override_owner
params[:enterprise][:owner_id] = current_api_user.id
end
def check_type
params[:enterprise].delete :type unless current_api_user.admin?
end
def override_sells
has_hub = current_api_user.owned_enterprises.is_hub.any?
new_enterprise_is_producer = !!params[:enterprise][:is_primary_producer]
params[:enterprise][:sells] = if has_hub && !new_enterprise_is_producer
'any'
else
'unspecified'
end
end
def override_visible
params[:enterprise][:visible] = false
end
end
end
Reference in New Issue View Git Blame Copy Permalink