2018-08-07 20:19:49 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module Api
|
|
|
|
module V1
|
|
|
|
class InventoriesController < BaseController
|
2018-08-24 22:41:26 +08:00
|
|
|
before_action :load_team
|
|
|
|
before_action :load_inventory, only: %i(show update destroy)
|
2018-09-13 17:08:58 +08:00
|
|
|
before_action :check_manage_permissions, only: %i(update destroy)
|
2018-08-07 20:19:49 +08:00
|
|
|
|
|
|
|
def index
|
2018-08-24 17:26:49 +08:00
|
|
|
inventories = @team.repositories
|
|
|
|
.page(params.dig(:page, :number))
|
|
|
|
.per(params.dig(:page, :size))
|
2018-08-23 22:48:27 +08:00
|
|
|
render jsonapi: inventories, each_serializer: InventorySerializer
|
2018-08-07 20:19:49 +08:00
|
|
|
end
|
|
|
|
|
2018-08-24 22:41:26 +08:00
|
|
|
def create
|
2018-09-13 17:08:58 +08:00
|
|
|
unless can_create_repositories?(@team)
|
|
|
|
return render body: nil, status: :forbidden
|
|
|
|
end
|
|
|
|
inventory = @team.repositories.create!(
|
|
|
|
inventory_params.merge(created_by: current_user)
|
|
|
|
)
|
2018-08-24 22:41:26 +08:00
|
|
|
render jsonapi: inventory,
|
|
|
|
serializer: InventorySerializer,
|
|
|
|
status: :created
|
|
|
|
end
|
|
|
|
|
2018-08-07 20:19:49 +08:00
|
|
|
def show
|
2018-08-23 22:48:27 +08:00
|
|
|
render jsonapi: @inventory, serializer: InventorySerializer
|
2018-08-07 20:19:49 +08:00
|
|
|
end
|
|
|
|
|
2018-08-24 22:41:26 +08:00
|
|
|
def update
|
|
|
|
@inventory.attributes = update_inventory_params
|
|
|
|
if @inventory.changed? && @inventory.save!
|
|
|
|
render jsonapi: @inventory, serializer: InventorySerializer
|
|
|
|
else
|
|
|
|
render body: nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def destroy
|
|
|
|
@inventory.destroy!
|
|
|
|
render body: nil
|
|
|
|
end
|
|
|
|
|
2018-08-07 20:19:49 +08:00
|
|
|
private
|
|
|
|
|
|
|
|
def load_team
|
|
|
|
@team = Team.find(params.require(:team_id))
|
2018-08-24 17:26:49 +08:00
|
|
|
render jsonapi: {}, status: :forbidden unless can_read_team?(@team)
|
2018-08-07 20:19:49 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
def load_inventory
|
|
|
|
@inventory = @team.repositories.find(params.require(:id))
|
|
|
|
end
|
2018-08-24 22:41:26 +08:00
|
|
|
|
|
|
|
def check_manage_permissions
|
|
|
|
unless can_manage_repository?(@inventory)
|
|
|
|
render body: nil, status: :forbidden
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def inventory_params
|
|
|
|
unless params.require(:data).require(:type) == 'inventories'
|
|
|
|
raise ActionController::BadRequest,
|
|
|
|
'Wrong object type within parameters'
|
|
|
|
end
|
|
|
|
params.require(:data).require(:attributes)
|
|
|
|
params.permit(data: { attributes: %i(name) })[:data]
|
|
|
|
end
|
|
|
|
|
|
|
|
def update_inventory_params
|
|
|
|
unless params.require(:data).require(:id).to_i == params[:id].to_i
|
|
|
|
raise ActionController::BadRequest,
|
|
|
|
'Object ID mismatch in URL and request body'
|
|
|
|
end
|
|
|
|
inventory_params[:attributes]
|
|
|
|
end
|
2018-08-07 20:19:49 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|