1
0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2024-11-29 10:24:20 +01:00
fab-manager/app/controllers/api/admins_controller.rb

55 lines
1.6 KiB
Ruby
Raw Normal View History

2019-01-08 09:56:07 +01:00
# frozen_string_literal: true
# API Controller for resources of type User with role 'admin'.
2016-03-23 18:39:41 +01:00
class API::AdminsController < API::ApiController
before_action :authenticate_user!
def index
authorize :admin
2016-06-24 18:43:22 +02:00
@admins = User.includes(profile: [:user_avatar]).admins
2016-03-23 18:39:41 +01:00
end
def create
authorize :admin
generated_password = Devise.friendly_token.first(8)
@admin = User.new(admin_params.merge(password: generated_password))
@admin.send :set_slug
2017-08-30 14:57:06 +02:00
# we associate the admin group to prevent linking any other 'normal' group (which won't be deletable afterwards)
@admin.group = Group.find_by(slug: 'admins')
2016-03-23 18:39:41 +01:00
# if the authentication is made through an SSO, generate a migration token
2018-12-27 14:55:55 +01:00
@admin.generate_auth_migration_token unless AuthProvider.active.providable_type == DatabaseProvider.name
2016-03-23 18:39:41 +01:00
if @admin.save(validate: false)
@admin.send_confirmation_instructions
@admin.add_role(:admin)
@admin.remove_role(:member)
UsersMailer.delay.notify_user_account_created(@admin, generated_password)
render :create, status: :created
else
render json: @admin.errors.full_messages, status: :unprocessable_entity
end
end
def destroy
@admin = User.admins.find(params[:id])
2019-01-16 13:07:19 +01:00
if current_user.admin? && @admin != current_user
2016-03-23 18:39:41 +01:00
@admin.destroy
head :no_content
else
head :unauthorized
end
end
private
2018-12-27 14:55:55 +01:00
def admin_params
params.require(:admin).permit(
:username, :email,
profile_attributes: %i[first_name last_name gender birthday phone],
invoicing_profile_attributes: [address_attributes: [:address]]
)
2018-12-27 14:55:55 +01:00
end
2016-03-23 18:39:41 +01:00
end