metamaps--metamaps/app/controllers/mappings_controller.rb

67 lines
1.7 KiB
Ruby
Raw Normal View History

2016-09-24 03:00:46 +00:00
# frozen_string_literal: true
class MappingsController < ApplicationController
before_action :require_user, only: [:create, :update, :destroy]
after_action :verify_authorized, except: :index
after_action :verify_policy_scoped, only: :index
2014-07-27 19:57:35 +00:00
respond_to :json
2014-07-27 19:57:35 +00:00
# GET /mappings/1.json
def show
@mapping = Mapping.find(params[:id])
2016-03-12 00:16:46 +00:00
authorize @mapping
2014-07-27 19:57:35 +00:00
render json: @mapping
end
2014-07-27 19:57:35 +00:00
# POST /mappings.json
def create
@mapping = Mapping.new(mapping_params)
2016-03-12 00:16:46 +00:00
authorize @mapping
@mapping.user = current_user
2014-07-27 19:57:35 +00:00
if @mapping.save
render json: @mapping, status: :created
else
render json: @mapping.errors, status: :unprocessable_entity
end
end
2014-07-27 19:57:35 +00:00
# PUT /mappings/1.json
def update
2014-07-27 19:57:35 +00:00
@mapping = Mapping.find(params[:id])
2016-03-12 00:16:46 +00:00
authorize @mapping
2016-12-14 17:58:47 +00:00
# hack: set the user temporarily so that the model hook can reference it, and then set it back
temp = @mapping.user
2016-12-14 15:08:59 +00:00
@mapping.user = current_user
@mapping.assign_attributes(mapping_params)
2014-07-27 19:57:35 +00:00
2016-12-14 15:08:59 +00:00
if @mapping.save
2014-07-27 19:57:35 +00:00
head :no_content
else
render json: @mapping.errors, status: :unprocessable_entity
end
2016-12-14 17:58:47 +00:00
# restore the original mapping creator
@mapping.user = temp
@mapping.save
end
2014-07-27 19:57:35 +00:00
# DELETE /mappings/1.json
def destroy
2014-07-27 19:57:35 +00:00
@mapping = Mapping.find(params[:id])
2016-03-12 00:16:46 +00:00
authorize @mapping
2016-12-14 17:58:47 +00:00
# hack: set the user temporarily so that the model hook can reference this user who is taking the action
2016-12-14 15:08:59 +00:00
@mapping.user = current_user
2014-07-27 19:57:35 +00:00
@mapping.destroy
head :no_content
end
2015-09-19 08:26:34 +00:00
private
# Never trust parameters from the scary internet, only allow the white list through.
def mapping_params
params.require(:mapping).permit(:id, :xloc, :yloc, :mappable_id, :mappable_type, :map_id)
end
end