raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-27 21:06:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d34ab71efaff02fa0f0d7ad8f8c8b0a48366bbfe
openfoodnetwork/app/controllers/api/v1/customers_controller.rb
Maikel Linke 414bf5d074 Don't list guest customer records to guest users
2022-03-02 11:59:35 +11:00

82 lines
2.1 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
require 'open_food_network/permissions'
module Api
module V1
class CustomersController < Api::V1::BaseController
skip_authorization_check only: :index
before_action :set_customer, only: [:show, :update, :destroy]
before_action :authorize_action, only: [:show, :update, :destroy]
def index
@pagy, customers = pagy(search_customers, pagy_options)
render json: Api::V1::CustomerSerializer.new(customers, pagination_options)
end
def show
render json: Api::V1::CustomerSerializer.new(@customer)
end
def create
authorize! :update, Enterprise.find(customer_params[:enterprise_id])
@customer = Customer.new(customer_params)
if @customer.save
render json: Api::V1::CustomerSerializer.new(@customer), status: :created
else
invalid_resource! @customer
end
end
def update
if @customer.update(customer_params)
render json: Api::V1::CustomerSerializer.new(@customer)
else
invalid_resource! @customer
end
end
def destroy
if @customer.destroy
render json: Api::V1::CustomerSerializer.new(@customer)
else
invalid_resource! @customer
end
end
private
def set_customer
@customer = Customer.find(params[:id])
end
def authorize_action
authorize! action_name.to_sym, @customer
end
def search_customers
customers = visible_customers
customers = customers.where(enterprise_id: params[:enterprise_id]) if params[:enterprise_id]
customers.ransack(params[:q]).result
end
def visible_customers
current_api_user.customers.or(
Customer.where(enterprise_id: editable_enterprises)
)
end
def customer_params
params.require(:customer).permit(:email, :enterprise_id)
end
def editable_enterprises
OpenFoodNetwork::Permissions.new(current_api_user).editable_enterprises.select(:id)
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink