2019-01-08 09:56:07 +01:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
# API Controller for resources of type User with role 'admin'.
|
2016-03-23 18:39:41 +01:00
|
|
|
class API::AdminsController < API::ApiController
|
|
|
|
before_action :authenticate_user!
|
|
|
|
|
|
|
|
def index
|
|
|
|
authorize :admin
|
2016-06-24 18:43:22 +02:00
|
|
|
@admins = User.includes(profile: [:user_avatar]).admins
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
def create
|
|
|
|
authorize :admin
|
2019-06-04 13:33:00 +02:00
|
|
|
res = UserService.create_admin(admin_params)
|
2016-03-23 18:39:41 +01:00
|
|
|
|
2019-06-04 13:33:00 +02:00
|
|
|
if res[:saved]
|
|
|
|
@admin = res[:user]
|
2016-03-23 18:39:41 +01:00
|
|
|
render :create, status: :created
|
|
|
|
else
|
2019-06-04 13:33:00 +02:00
|
|
|
render json: res[:user].errors.full_messages, status: :unprocessable_entity
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def destroy
|
|
|
|
@admin = User.admins.find(params[:id])
|
2019-01-16 13:07:19 +01:00
|
|
|
if current_user.admin? && @admin != current_user
|
2016-03-23 18:39:41 +01:00
|
|
|
@admin.destroy
|
|
|
|
head :no_content
|
|
|
|
else
|
|
|
|
head :unauthorized
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2018-12-27 14:55:55 +01:00
|
|
|
def admin_params
|
2019-05-29 14:28:14 +02:00
|
|
|
params.require(:admin).permit(
|
2022-10-25 11:57:26 +02:00
|
|
|
:username, :email, :group_id,
|
2019-06-04 13:33:00 +02:00
|
|
|
profile_attributes: %i[first_name last_name phone],
|
|
|
|
invoicing_profile_attributes: [address_attributes: [:address]],
|
|
|
|
statistic_profile_attributes: %i[gender birthday]
|
2019-05-29 14:28:14 +02:00
|
|
|
)
|
2018-12-27 14:55:55 +01:00
|
|
|
end
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|