mirror of
https://github.com/LaCasemate/fab-manager.git
synced 2025-01-22 11:52:21 +01:00
51 lines
1.4 KiB
Ruby
51 lines
1.4 KiB
Ruby
|
class API::AdminsController < API::ApiController
|
||
|
before_action :authenticate_user!
|
||
|
|
||
|
def index
|
||
|
authorize :admin
|
||
|
@admins = User.admins
|
||
|
end
|
||
|
|
||
|
def create
|
||
|
authorize :admin
|
||
|
generated_password = Devise.friendly_token.first(8)
|
||
|
@admin = User.new(admin_params.merge(password: generated_password))
|
||
|
@admin.send :set_slug
|
||
|
|
||
|
# we associate any random group to the admin as it is mandatory for users but useless for admins
|
||
|
@admin.group = Group.first
|
||
|
|
||
|
# if the authentication is made through an SSO, generate a migration token
|
||
|
unless AuthProvider.active.providable_type == DatabaseProvider.name
|
||
|
@admin.generate_auth_migration_token
|
||
|
end
|
||
|
|
||
|
if @admin.save(validate: false)
|
||
|
@admin.send_confirmation_instructions
|
||
|
@admin.add_role(:admin)
|
||
|
@admin.remove_role(:member)
|
||
|
UsersMailer.delay.notify_user_account_created(@admin, generated_password)
|
||
|
render :create, status: :created
|
||
|
else
|
||
|
render json: @admin.errors.full_messages, status: :unprocessable_entity
|
||
|
end
|
||
|
end
|
||
|
|
||
|
def destroy
|
||
|
@admin = User.admins.find(params[:id])
|
||
|
if current_user.is_admin? and @admin != current_user
|
||
|
@admin.destroy
|
||
|
head :no_content
|
||
|
else
|
||
|
head :unauthorized
|
||
|
end
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
def admin_params
|
||
|
params.require(:admin).permit(:username, :email, profile_attributes: [:first_name, :last_name, :gender,
|
||
|
:birthday, :phone, address_attributes: [:address]])
|
||
|
end
|
||
|
end
|