add job accessories CRUD

- add accessory_type to blueprint - add index, show, create, update, destroy actions - editors only for mutations
2026-01-04 02:50:08 -08:00 · 2026-01-04 02:50:08 -08:00 · d108427645
commit d108427645
parent 1272aba2d1
2 changed files with 77 additions and 3 deletions
--- a/app/blueprints/api/v1/job_accessory_blueprint.rb
+++ b/app/blueprints/api/v1/job_accessory_blueprint.rb
@ -14,7 +14,7 @@ module Api
                  name: :job,
                  blueprint: JobBlueprint

-      fields :granblue_id, :rarity, :release_date
+      fields :granblue_id, :rarity, :release_date, :accessory_type
    end
  end
 end
--- a/app/controllers/api/v1/job_accessories_controller.rb
+++ b/app/controllers/api/v1/job_accessories_controller.rb
@ -3,10 +3,84 @@
 module Api
  module V1
    class JobAccessoriesController < Api::V1::ApiController
-      def job
-        accessories = JobAccessory.where('job_id = ?', params[:id])
+      before_action :doorkeeper_authorize!, only: %i[create update destroy]
+      before_action :ensure_editor_role, only: %i[create update destroy]
+
+      # GET /job_accessories
+      # Optional filter: ?accessory_type=1 (1=Shield, 2=Manatura)
+      def index
+        accessories = JobAccessory.includes(:job).all
+        accessories = accessories.where(accessory_type: params[:accessory_type]) if params[:accessory_type].present?
+        accessories = accessories.order(:accessory_type, :granblue_id)
        render json: JobAccessoryBlueprint.render(accessories)
      end
+
+      # GET /job_accessories/:id
+      # Supports lookup by granblue_id or uuid
+      def show
+        accessory = find_accessory
+        return render_not_found_response('job_accessory') unless accessory
+
+        render json: JobAccessoryBlueprint.render(accessory)
+      end
+
+      # POST /job_accessories
+      def create
+        accessory = JobAccessory.new(job_accessory_params)
+        if accessory.save
+          render json: JobAccessoryBlueprint.render(accessory), status: :created
+        else
+          render_validation_error_response(accessory)
+        end
+      end
+
+      # PUT /job_accessories/:id
+      def update
+        accessory = find_accessory
+        return render_not_found_response('job_accessory') unless accessory
+
+        if accessory.update(job_accessory_params)
+          render json: JobAccessoryBlueprint.render(accessory)
+        else
+          render_validation_error_response(accessory)
+        end
+      end
+
+      # DELETE /job_accessories/:id
+      def destroy
+        accessory = find_accessory
+        return render_not_found_response('job_accessory') unless accessory
+
+        accessory.destroy
+        head :no_content
+      end
+
+      # GET /jobs/:id/accessories
+      # Legacy endpoint - get accessories for a specific job
+      def job
+        job = Job.find_by(granblue_id: params[:id]) || Job.find_by(id: params[:id])
+        return render_not_found_response('job') unless job
+
+        accessories = JobAccessory.where(job_id: job.id)
+        render json: JobAccessoryBlueprint.render(accessories)
+      end
+
+      private
+
+      def find_accessory
+        JobAccessory.find_by(granblue_id: params[:id]) || JobAccessory.find_by(id: params[:id])
+      end
+
+      def job_accessory_params
+        params.permit(:name_en, :name_jp, :granblue_id, :rarity, :release_date, :accessory_type, :job_id)
+      end
+
+      def ensure_editor_role
+        return if current_user&.role && current_user.role >= 7
+
+        Rails.logger.warn "[JOB_ACCESSORIES] Unauthorized access attempt by user #{current_user&.id}"
+        render json: { error: 'Unauthorized - Editor role required' }, status: :unauthorized
+      end
    end
  end
 end