fab-manager/app/controllers/api/admins_controller.rb

# frozen_string_literal: true

# API Controller for resources of type User with role 'admin'.
class API::AdminsController < API::ApiController
  before_action :authenticate_user!

  def index
    authorize :admin
    @admins = User.includes(profile: [:user_avatar]).admins
  end

  def create
    authorize :admin
    generated_password = Devise.friendly_token.first(8)
    @admin = User.new(admin_params.merge(password: generated_password))
    @admin.send :set_slug

    # we associate the admin group to prevent linking any other 'normal' group (which won't be deletable afterwards)
    @admin.group = Group.find_by(slug: 'admins')

    # if the authentication is made through an SSO, generate a migration token
    @admin.generate_auth_migration_token unless AuthProvider.active.providable_type == DatabaseProvider.name

    if @admin.save(validate: false)
      @admin.send_confirmation_instructions
      @admin.add_role(:admin)
      @admin.remove_role(:member)
      UsersMailer.delay.notify_user_account_created(@admin, generated_password)
      render :create, status: :created
    else
      render json: @admin.errors.full_messages, status: :unprocessable_entity
    end
  end

  def destroy
    @admin = User.admins.find(params[:id])
    if current_user.admin? && @admin != current_user
      @admin.destroy
      head :no_content
    else
      head :unauthorized
    end
  end

  private

  def admin_params
    params.require(:admin).permit(:username, :email, profile_attributes: [:first_name, :last_name, :gender,
    :birthday, :phone, address_attributes: [:address]])
  end
end
code comments 2019-01-08 09:56:07 +01:00			`# frozen_string_literal: true`

			`# API Controller for resources of type User with role 'admin'.`
release 2.0 rc 2016-03-23 18:39:41 +01:00			`class API::AdminsController < API::ApiController`
			`before_action :authenticate_user!`

			`def index`
			`authorize :admin`
avoid N+1 for users list 2016-06-24 18:43:22 +02:00			`@admins = User.includes(profile: [:user_avatar]).admins`
release 2.0 rc 2016-03-23 18:39:41 +01:00			`end`

			`def create`
			`authorize :admin`
			`generated_password = Devise.friendly_token.first(8)`
			`@admin = User.new(admin_params.merge(password: generated_password))`
			`@admin.send :set_slug`

[bug] unable to delete standard group 2017-08-30 14:57:06 +02:00			`# we associate the admin group to prevent linking any other 'normal' group (which won't be deletable afterwards)`
			`@admin.group = Group.find_by(slug: 'admins')`
release 2.0 rc 2016-03-23 18:39:41 +01:00
			`# if the authentication is made through an SSO, generate a migration token`
rubocop code style 2018-12-27 14:55:55 +01:00			`@admin.generate_auth_migration_token unless AuthProvider.active.providable_type == DatabaseProvider.name`
release 2.0 rc 2016-03-23 18:39:41 +01:00
			`if @admin.save(validate: false)`
			`@admin.send_confirmation_instructions`
			`@admin.add_role(:admin)`
			`@admin.remove_role(:member)`
			`UsersMailer.delay.notify_user_account_created(@admin, generated_password)`
			`render :create, status: :created`
			`else`
			`render json: @admin.errors.full_messages, status: :unprocessable_entity`
			`end`
			`end`

			`def destroy`
			`@admin = User.admins.find(params[:id])`
rubocop api controllers 2019-01-16 13:07:19 +01:00			`if current_user.admin? && @admin != current_user`
release 2.0 rc 2016-03-23 18:39:41 +01:00			`@admin.destroy`
			`head :no_content`
			`else`
			`head :unauthorized`
			`end`
			`end`

			`private`

rubocop code style 2018-12-27 14:55:55 +01:00			`def admin_params`
			`params.require(:admin).permit(:username, :email, profile_attributes: [:first_name, :last_name, :gender,`
			`:birthday, :phone, address_attributes: [:address]])`
			`end`
release 2.0 rc 2016-03-23 18:39:41 +01:00			`end`