people.rb
5.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
module Api
module V1
class People < Grape::API
MAX_PER_PAGE = 50
desc 'API Root'
resource :people do
paginate max_per_page: MAX_PER_PAGE
# -- A note about privacy --
# We wold find people by location, but we must test if the related
# fields are public. We can't do it now, with SQL, while the location
# data and the fields_privacy are a serialized settings.
# We must build a new table for profile data, where we can set meta-data
# like:
# | id | profile_id | key | value | privacy_level | source |
# | 1 | 99 | city | Salvador | friends | user |
# | 2 | 99 | lng | -38.521 | me only | automatic |
# Collect people from environment
#
# Parameters:
# from - date where the search will begin. If nothing is passed the default date will be the date of the first article created
# oldest - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
# limit - amount of comments returned. The default value is 20
#
# Example Request:
# GET /people?from=2013-04-04-14:41:43&until=2014-04-04-14:41:43&limit=10
# GET /people?reference_id=10&limit=10&oldest
desc "Find environment's people"
get do
people = select_filtered_collection_of(environment, 'people', params)
people = people.visible
present_partial people, :with => Entities::Person, :current_person => current_person
end
desc "Return the logged user information"
get "/me" do
authenticate!
present_partial current_person, :with => Entities::Person, :current_person => current_person
end
desc "Return the person information"
get ':id' do
person = environment.people.visible.find_by(id: params[:id])
return not_found! if person.blank?
present person, :with => Entities::Person, :current_person => current_person
end
desc "Update person information"
post ':id' do
authenticate!
return forbidden! if current_person.id.to_s != params[:id]
current_person.update_attributes!(asset_with_image(params[:person]))
present current_person, :with => Entities::Person, :current_person => current_person
end
# POST api/v1/people?person[login]=some_login&person[password]=some_password&person[name]=Jack
# for each custom field for person, add &person[field_name]=field_value to the request
desc "Create person"
post do
authenticate!
user_data = {}
user_data[:login] = params[:person].delete(:login) || params[:person][:identifier]
user_data[:email] = params[:person].delete(:email)
user_data[:password] = params[:person].delete(:password)
user_data[:password_confirmation] = params[:person].delete(:password_confirmation)
params[:person][:custom_values]={}
params[:person].keys.each do |key|
params[:person][:custom_values][key]=params[:person].delete(key) if Person.custom_fields(environment).any?{|cf| cf.name==key}
end
user = User.build(user_data, asset_with_image(params[:person]), environment)
begin
user.signup!
rescue ActiveRecord::RecordInvalid
render_api_errors!(user.errors.full_messages)
end
present user.person, :with => Entities::Person, :current_person => user.person
end
desc "Return the person friends"
get ':id/friends' do
person = environment.people.visible.find_by(id: params[:id])
return not_found! if person.blank?
friends = person.friends.visible
present friends, :with => Entities::Person, :current_person => current_person
end
desc "Return the person permissions on other profiles"
get ":id/permissions" do
authenticate!
person = environment.people.find(params[:id])
return not_found! if person.blank?
return forbidden! unless current_person == person || environment.admins.include?(current_person)
output = {}
person.role_assignments.map do |role_assigment|
if role_assigment.resource.respond_to?(:identifier)
output[role_assigment.resource.identifier] = role_assigment.role.permissions
end
end
present output
end
end
resource :profiles do
segment '/:profile_id' do
resource :members do
paginate max_per_page: MAX_PER_PAGE
get do
profile = environment.profiles.find_by id: params[:profile_id]
members = select_filtered_collection_of(profile, 'members', params)
present members, :with => Entities::Person, :current_person => current_person
end
post do
authenticate!
profile = environment.profiles.find_by id: params[:profile_id]
profile.add_member(current_person) rescue forbidden!
{pending: !current_person.is_member_of?(profile)}
end
delete do
authenticate!
profile = environment.profiles.find_by id: params[:profile_id]
profile.remove_member(current_person)
present current_person, :with => Entities::Person, :current_person => current_person
end
end
end
end
end
end
end