thecore_api 1.3.10 → 1.3.11
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9bd3d266dca0cc6b50e37c4b87e3201f6b0d77832df40db10a214f84cc8b3143
|
4
|
+
data.tar.gz: bc4b775d2197827c57142d71a7a5f46ccc35d8fbf7e36e95e4a4e4be84d4dc85
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: addb715890b80b2cca5bc305f3e8255f66f7a8fa541b8cc2fc674a6fc4d21b2f812b985d30babf334ada3c988ae87a1b97c6628133440912bd4a8581d955a8ba
|
7
|
+
data.tar.gz: b6befad608ce40f4a56f282988f0bbe0b7a5a7c1f74790589fb332b3642331e24a6ae1133340e4d33e0e9e51e20fce4ca90543a174262fef889e8ecac0adf76f
|
@@ -57,7 +57,10 @@ class Api::V1::BaseController < ActionController::API
|
|
57
57
|
return render json: result, status: result.blank? ? 404 : 200
|
58
58
|
elsif !path.second.to_i.zero? && path.third.blank?
|
59
59
|
# Integer, so it's an ID, I must show it
|
60
|
-
|
60
|
+
# Rails.logger.debug "IL SECONDO è ID? #{path.second.inspect}"
|
61
|
+
# find_record path.second.to_i
|
62
|
+
@record_id = path.second.to_i
|
63
|
+
find_record
|
61
64
|
show
|
62
65
|
elsif !path.second.to_i.zero? && !path.third.blank?
|
63
66
|
# Like :controller/:id/:custom_action
|
@@ -75,14 +78,20 @@ class Api::V1::BaseController < ActionController::API
|
|
75
78
|
elsif request.put?
|
76
79
|
if !path.second.to_i.zero? && path.third.blank?
|
77
80
|
@params = params
|
78
|
-
|
81
|
+
# Rails.logger.debug "IL SECONDO è ID in PUT? #{path.second.inspect}"
|
82
|
+
# find_record path.second.to_i
|
83
|
+
@record_id = path.second.to_i
|
84
|
+
find_record
|
79
85
|
update
|
80
86
|
elsif !path.second.to_i.zero? && !path.third.blank?
|
81
87
|
result = MultiJson.dump(@model.send(path.third, path.second.to_i, params))
|
82
88
|
return render json: result, status: result.blank? ? 404 : 200
|
83
89
|
end
|
84
90
|
elsif request.delete?
|
85
|
-
|
91
|
+
# Rails.logger.debug "IL SECONDO è ID in delete? #{path.second.inspect}"
|
92
|
+
# find_record path.second.to_i
|
93
|
+
@record_id = path.second.to_i
|
94
|
+
find_record
|
86
95
|
destroy
|
87
96
|
end
|
88
97
|
end
|
@@ -246,9 +255,9 @@ class Api::V1::BaseController < ActionController::API
|
|
246
255
|
|
247
256
|
# private
|
248
257
|
|
249
|
-
def find_record
|
258
|
+
def find_record
|
250
259
|
# find the records
|
251
|
-
@record = @model.column_names.include?("user_id") ? @model.where(id: (
|
260
|
+
@record = @model.column_names.include?("user_id") ? @model.where(id: (@record_id.presence || params[:id]), user_id: current_user.id).first : @model.find((@record_id.presence || params[:id]))
|
252
261
|
end
|
253
262
|
|
254
263
|
def find_model path=nil
|
@@ -1,15 +1,15 @@
|
|
1
1
|
class Api::V1::UsersController < Api::V1::BaseController
|
2
2
|
load_and_authorize_resource
|
3
3
|
|
4
|
-
before_action :check_demoting
|
4
|
+
before_action :check_demoting, only: [:update, :destroy]
|
5
5
|
|
6
6
|
private
|
7
7
|
|
8
8
|
def check_demoting
|
9
|
-
render json: "You cannot demote yourself", status: 403 if (params[:id].to_i == current_user.id && (params[:
|
9
|
+
render json: "You cannot demote yourself", status: 403 if (params[:id].to_i == current_user.id && (params[:user].keys.include?("admin") || params[:user].keys.include?("locked")))
|
10
10
|
end
|
11
11
|
|
12
12
|
def request_params
|
13
|
-
params.require(:
|
13
|
+
params.require(:user).permit(:email, :roles, :password, :password_confirmation, :username, :number_of_instances_purchased, :admin, :locked).delete_if{ |_,v| v.nil? }
|
14
14
|
end
|
15
15
|
end
|
data/lib/thecore_api/version.rb
CHANGED