granblue.team/hensei-api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add a rudimentary update method

Browse source 
We still need to do server-side validation since a lot of things can go wrong here if users get cheeky
This commit is contained in:
Justin Edmund 2022-03-03 00:22:11 -08:00
parent 5ef04f9d13
commit 92ef43abcd
2 changed files with 32 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
app/controllers/api/v1/grid_weapons_controller.rb
View file

@ -1,12 +1,12 @@
class Api::V1::GridWeaponsController < Api::V1::ApiController class Api::V1::GridWeaponsController < Api::V1::ApiController
before_action :set, except: ['create', 'update_uncap_level', 'destroy']
def create def create
party = Party.find(weapon_params[:party_id]) party = Party.find(weapon_params[:party_id])
canonical_weapon = Weapon.find(weapon_params[:weapon_id]) canonical_weapon = Weapon.find(weapon_params[:weapon_id])
if current_user if !current_user || party.user != current_user
if party.user != current_user render_unauthorized_response
render_unauthorized_response
end
end end
if grid_weapon = GridWeapon.where( if grid_weapon = GridWeapon.where(
@ -26,6 +26,20 @@ class Api::V1::GridWeaponsController < Api::V1::ApiController
render :show, status: :created if @weapon.save! render :show, status: :created if @weapon.save!
end end
def update
if !current_user || @weapon.party.user != current_user
render_unauthorized_response
end
# TODO: Server-side validation of weapon mods
# We don't want someone modifying the JSON and adding
# keys to weapons that cannot have them
# Maybe we make methods on the model to validate for us somehow
render :update, status: :ok if @weapon.update(weapon_params)
end
def update_uncap_level def update_uncap_level
@weapon = GridWeapon.find(weapon_params[:id]) @weapon = GridWeapon.find(weapon_params[:id])
@ -39,13 +53,19 @@ class Api::V1::GridWeaponsController < Api::V1::ApiController
render :show, status: :ok if @weapon.save! render :show, status: :ok if @weapon.save!
end end
def destroy
end
private private
def set
@weapon = GridWeapon.where("id = ?", params[:id]).first
end
# Specify whitelisted properties that can be modified. # Specify whitelisted properties that can be modified.
def weapon_params def weapon_params
params.require(:weapon).permit(:id, :party_id, :weapon_id, :position, :mainhand, :uncap_level) params.require(:weapon).permit(
:id, :party_id, :weapon_id,
:position, :mainhand, :uncap_level, :element,
:weapon_key1_id, :weapon_key2_id, :weapon_key3_id,
:ax_modifier1, :ax_modifier2, :ax_strength1, :ax_strength2
)
end end
end end

3
app/views/api/v1/grid_weapons/update.json.rabl Normal file
View file

@ -0,0 +1,3 @@
object @weapon
extends 'api/v1/grid_weapons/base'