add /users/me settings endpoint

2025-12-14 01:23:37 -08:00 · 2025-12-14 01:23:37 -08:00 · 07f23e2b74
commit 07f23e2b74
parent e0ba2d98c3
3 changed files with 19 additions and 4 deletions
--- a/app/blueprints/api/v1/user_blueprint.rb
+++ b/app/blueprints/api/v1/user_blueprint.rb
@ -4,7 +4,11 @@ module Api
  module V1
    class UserBlueprint < ApiBlueprint
      view :minimal do
-        fields :username, :language, :private, :gender, :theme, :role, :granblue_id, :show_gamertag
+        fields :username, :language, :private, :gender, :theme, :role, :granblue_id, :show_gamertag, :show_granblue_id
+        # Return collection_privacy as integer (enum returns string by default)
+        field :collection_privacy do |user|
+          User.collection_privacies[user.collection_privacy]
+        end
        field :avatar do |user|
          {
            picture: user.picture,
@ -31,8 +35,10 @@ module Api
        fields :username, :token
      end

+      # Settings view includes all user data + email (only for authenticated user viewing own settings)
      view :settings do
-        fields :email, :show_gamertag
+        include_view :minimal
+        fields :email
      end
    end
  end
--- a/app/controllers/api/v1/users_controller.rb
+++ b/app/controllers/api/v1/users_controller.rb
@ -5,8 +5,9 @@ module Api
    class UsersController < Api::V1::ApiController
      class ForbiddenError < StandardError; end

-      before_action :set, except: %w[create check_email check_username]
+      before_action :set, except: %w[create check_email check_username me]
      before_action :set_by_id, only: %w[update]
+      before_action :doorkeeper_authorize!, only: %w[me]

      MAX_CHARACTERS = 5
      MAX_SUMMONS = 8
@ -51,6 +52,12 @@ module Api
        render json: UserBlueprint.render(@user, view: :minimal)
      end

+      # GET /users/me - returns current user's settings including email
+      # This endpoint is ONLY for authenticated users viewing their own settings
+      def me
+        render json: UserBlueprint.render(current_user, view: :settings)
+      end
+
      def show
        if @user.nil?
          render_not_found_response('user')
@ -237,7 +244,8 @@ module Api
      def user_params
        params.require(:user).permit(
          :username, :email, :password, :password_confirmation,
-          :granblue_id, :picture, :element, :language, :gender, :private, :theme, :show_gamertag
+          :granblue_id, :picture, :element, :language, :gender, :private, :theme, :show_gamertag,
+          :show_granblue_id, :collection_privacy
        )
      end
    end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -8,6 +8,7 @@ Rails.application.routes.draw do

  scope path: path_prefix, module: 'api/v1', defaults: { format: :json } do
    resources :parties, only: %i[index create update destroy]
+    get 'users/me', to: 'users#me'
    resources :users, only: %i[create update show]
    resources :grid_weapons, only: %i[create update destroy]
    resources :grid_characters, only: %i[create update destroy]