diff --git a/app/controllers/api/v1/parties_controller.rb b/app/controllers/api/v1/parties_controller.rb index 89ca44d..24fa4a0 100644 --- a/app/controllers/api/v1/parties_controller.rb +++ b/app/controllers/api/v1/parties_controller.rb @@ -1,5 +1,6 @@ class Api::V1::PartiesController < Api::V1::ApiController - before_action :set, except: ['create'] + before_action :set_from_slug, except: ['create', 'update'] + before_action :set, only: ['update', 'destroy'] def index parties = Party.all @@ -21,6 +22,12 @@ class Api::V1::PartiesController < Api::V1::ApiController end def update + if @party.user != current_user + render_unauthorized_response + else + @party.extra = party_params['is_extra'] + render :update, status: :ok if @party.save! + end end def destroy @@ -49,10 +56,15 @@ class Api::V1::PartiesController < Api::V1::ApiController return (0...numChars).map { o[rand(o.length)] }.join end - def set + def set_from_slug @party = Party.where("shortcode = ?", params[:id]).first end + def set + ap params + @party = Party.where("id = ?", params[:id]).first + end + def party_params params.require(:party).permit(:user_id, :is_extra) end diff --git a/app/views/api/v1/parties/update.json.rabl b/app/views/api/v1/parties/update.json.rabl new file mode 100644 index 0000000..fafd7e0 --- /dev/null +++ b/app/views/api/v1/parties/update.json.rabl @@ -0,0 +1,7 @@ +object @party + +attributes :id, :user_id, :shortcode + +node :is_extra do |p| + p.extra +end \ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index 7143eee..cb66cb2 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -6,7 +6,7 @@ Rails.application.routes.draw do namespace :api, defaults: { format: :json } do namespace :v1 do - resources :parties, only: [:index, :create, :show, :destroy] + resources :parties, only: [:index, :create, :show, :update, :destroy] resources :users, only: [:create, :show] get 'parties/:id/weapons', to: 'parties#weapons'