2015-05-05 03:10:25 +02:00
|
|
|
class API::GroupsController < API::ApiController
|
2016-03-23 18:39:41 +01:00
|
|
|
before_action :authenticate_user!, except: :index
|
|
|
|
|
2015-05-05 03:10:25 +02:00
|
|
|
def index
|
2019-01-14 12:57:31 +01:00
|
|
|
if current_user and current_user.admin?
|
2017-08-30 14:57:06 +02:00
|
|
|
@groups = Group.all
|
|
|
|
else
|
|
|
|
@groups = Group.where.not(slug: 'admins')
|
|
|
|
end
|
|
|
|
|
2015-05-05 03:10:25 +02:00
|
|
|
end
|
2016-03-23 18:39:41 +01:00
|
|
|
|
|
|
|
def create
|
|
|
|
authorize Group
|
|
|
|
@group = Group.new(group_params)
|
|
|
|
if @group.save
|
|
|
|
render status: :created
|
|
|
|
else
|
|
|
|
render json: @group.errors.full_messages, status: :unprocessable_entity
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def update
|
|
|
|
authorize Group
|
|
|
|
@group = Group.find(params[:id])
|
|
|
|
if @group.update(group_params)
|
|
|
|
render status: :ok
|
|
|
|
else
|
|
|
|
render json: @group.errors.full_messages, status: :unprocessable_entity
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def destroy
|
|
|
|
@group = Group.find(params[:id])
|
|
|
|
authorize @group
|
|
|
|
@group.destroy
|
|
|
|
head :no_content
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def group_params
|
2017-10-05 16:48:18 +02:00
|
|
|
params.require(:group).permit(:name, :disabled)
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|
2015-05-05 03:10:25 +02:00
|
|
|
end
|