Add a rudimentary update method

We still need to do server-side validation since a lot of things can go wrong here if users get cheeky
2022-03-03 00:22:11 -08:00 · 2022-03-03 00:22:11 -08:00 · 92ef43abcd
commit 92ef43abcd
parent 5ef04f9d13
2 changed files with 32 additions and 9 deletions
--- a/app/controllers/api/v1/grid_weapons_controller.rb
+++ b/app/controllers/api/v1/grid_weapons_controller.rb
@ -1,12 +1,12 @@
 class Api::V1::GridWeaponsController < Api::V1::ApiController
+    before_action :set, except: ['create', 'update_uncap_level', 'destroy']
+
    def create
        party = Party.find(weapon_params[:party_id])
        canonical_weapon = Weapon.find(weapon_params[:weapon_id])
- 
-        if current_user
-            if party.user != current_user
-                render_unauthorized_response
-            end
+
+        if !current_user || party.user != current_user
+            render_unauthorized_response
        end

        if grid_weapon = GridWeapon.where(
@ -26,6 +26,20 @@ class Api::V1::GridWeaponsController < Api::V1::ApiController
        render :show, status: :created if @weapon.save!
    end

+    def update
+        if !current_user || @weapon.party.user != current_user
+            render_unauthorized_response 
+        end
+
+        # TODO: Server-side validation of weapon mods
+        # We don't want someone modifying the JSON and adding
+        # keys to weapons that cannot have them
+
+        # Maybe we make methods on the model to validate for us somehow
+
+        render :update, status: :ok if @weapon.update(weapon_params)
+    end
+
    def update_uncap_level
        @weapon = GridWeapon.find(weapon_params[:id])

@ -39,13 +53,19 @@ class Api::V1::GridWeaponsController < Api::V1::ApiController
        render :show, status: :ok if @weapon.save!
    end

-    def destroy
-    end
-
    private

+    def set
+        @weapon = GridWeapon.where("id = ?", params[:id]).first
+    end
+
    # Specify whitelisted properties that can be modified.
    def weapon_params
-        params.require(:weapon).permit(:id, :party_id, :weapon_id, :position, :mainhand, :uncap_level)
+        params.require(:weapon).permit(
+            :id, :party_id, :weapon_id, 
+            :position, :mainhand, :uncap_level, :element, 
+            :weapon_key1_id, :weapon_key2_id, :weapon_key3_id,
+            :ax_modifier1, :ax_modifier2, :ax_strength1, :ax_strength2
+        )
    end
 end
--- a/app/views/api/v1/grid_weapons/update.json.rabl
+++ b/app/views/api/v1/grid_weapons/update.json.rabl
@ -0,0 +1,3 @@
+object @weapon
+
+extends 'api/v1/grid_weapons/base'