66 lines
1.7 KiB
Ruby
66 lines
1.7 KiB
Ruby
# frozen_string_literal: true
|
|
class MappingsController < ApplicationController
|
|
before_action :require_user, only: [:create, :update, :destroy]
|
|
after_action :verify_authorized, except: :index
|
|
after_action :verify_policy_scoped, only: :index
|
|
|
|
respond_to :json
|
|
|
|
# GET /mappings/1.json
|
|
def show
|
|
@mapping = Mapping.find(params[:id])
|
|
authorize @mapping
|
|
|
|
render json: @mapping
|
|
end
|
|
|
|
# POST /mappings.json
|
|
def create
|
|
@mapping = Mapping.new(mapping_params)
|
|
authorize @mapping
|
|
@mapping.user = current_user
|
|
|
|
if @mapping.save
|
|
render json: @mapping, status: :created
|
|
else
|
|
render json: @mapping.errors, status: :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
# PUT /mappings/1.json
|
|
def update
|
|
@mapping = Mapping.find(params[:id])
|
|
authorize @mapping
|
|
# hack: set the user temporarily so that the model hook can reference it, and then set it back
|
|
temp = @mapping.user
|
|
@mapping.user = current_user
|
|
@mapping.assign_attributes(mapping_params)
|
|
|
|
if @mapping.save
|
|
head :no_content
|
|
else
|
|
render json: @mapping.errors, status: :unprocessable_entity
|
|
end
|
|
# restore the original mapping creator
|
|
@mapping.user = temp
|
|
@mapping.save
|
|
end
|
|
|
|
# DELETE /mappings/1.json
|
|
def destroy
|
|
@mapping = Mapping.find(params[:id])
|
|
authorize @mapping
|
|
# hack: set the user temporarily so that the model hook can reference this user who is taking the action
|
|
@mapping.user = current_user
|
|
@mapping.destroy
|
|
|
|
head :no_content
|
|
end
|
|
|
|
private
|
|
|
|
# Never trust parameters from the scary internet, only allow the white list through.
|
|
def mapping_params
|
|
params.require(:mapping).permit(:id, :xloc, :yloc, :mappable_id, :mappable_type, :map_id)
|
|
end
|
|
end
|