people.rb 5.03 KB
Edit Raw Blame History



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127


module Api
  module V1
    class People < Grape::API

      MAX_PER_PAGE = 50

      desc 'API Root'

      resource :people do
        paginate max_per_page: MAX_PER_PAGE

        # -- A note about privacy --
        # We wold find people by location, but we must test if the related
        # fields are public. We can't do it now, with SQL, while the location
        # data and the fields_privacy are a serialized settings.
        # We must build a new table for profile data, where we can set meta-data
        # like:
        # | id | profile_id | key  | value    | privacy_level | source    |
        # |  1 |         99 | city | Salvador | friends       | user      |
        # |  2 |         99 | lng  |  -38.521 | me only       | automatic |

        # Collect people from environment
        #
        # Parameters:
        #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
        #   oldest           - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
        #   limit            - amount of comments returned. The default value is 20
        #
        # Example Request:
        #  GET /people?from=2013-04-04-14:41:43&until=2014-04-04-14:41:43&limit=10
        #  GET /people?reference_id=10&limit=10&oldest

        desc "Find environment's people"
        get do
          people = select_filtered_collection_of(environment, 'people', params)
          people = people.visible
          present_partial people, :with => Entities::Person, :current_person => current_person
        end

        desc "Return the logged user information"
        get "/me" do
          authenticate!
          present_partial current_person, :with => Entities::Person, :current_person => current_person
        end

        desc "Return the person information"
        get ':id' do
          person = environment.people.visible.find_by(id: params[:id])
          return not_found! if person.blank?
          present person, :with => Entities::Person, :current_person => current_person
        end

        desc "Update person information"
        post ':id' do
          authenticate!
          return forbidden! if current_person.id.to_s != params[:id]
          current_person.update_attributes!(asset_with_image(params[:person]))
          present current_person, :with => Entities::Person, :current_person => current_person
        end

        #  POST api/v1/people?person[login]=some_login&person[password]=some_password&person[name]=Jack
        #  for each custom field for person, add &person[field_name]=field_value to the request
        desc "Create person"
        post do
          authenticate!
          user_data = {}
          user_data[:login] = params[:person].delete(:login) || params[:person][:identifier]
          user_data[:email] = params[:person].delete(:email)
          user_data[:password] = params[:person].delete(:password)
          user_data[:password_confirmation] = params[:person].delete(:password_confirmation)

          params[:person][:custom_values]={}
          params[:person].keys.each do |key|
            params[:person][:custom_values][key]=params[:person].delete(key) if Person.custom_fields(environment).any?{|cf| cf.name==key}
          end

          user = User.build(user_data, asset_with_image(params[:person]), environment)

          begin
            user.signup!
          rescue ActiveRecord::RecordInvalid
            render_api_errors!(user.errors.full_messages)
          end

          present user.person, :with => Entities::Person, :current_person => user.person
        end

        desc "Return the person friends"
        get ':id/friends' do
          person = environment.people.visible.find_by(id: params[:id])
          return not_found! if person.blank?
          friends = person.friends.visible
          present friends, :with => Entities::Person, :current_person => current_person
        end

        desc "Return the person permissions on other profiles"
        get ":id/permissions" do
          authenticate!
          person = environment.people.find(params[:id])
          return not_found! if person.blank?
          return forbidden! unless current_person == person || environment.admins.include?(current_person)

          output = {}
          person.role_assignments.map do |role_assigment|
            if role_assigment.resource.respond_to?(:identifier)
              output[role_assigment.resource.identifier] = role_assigment.role.permissions
            end
          end
          present output
        end
      end

      resource :profiles do
        segment '/:profile_id' do
          resource :members do
            paginate max_per_page: MAX_PER_PAGE
            get do
              profile = environment.profiles.find_by id: params[:profile_id]
              members = select_filtered_collection_of(profile, 'members', params)
              present members, :with => Entities::Person, :current_person => current_person
            end
          end
        end
      end
    end
  end
end