add party shares controller and routes

app/controllers/api/v1/api_controller.rb

@@ -44,6 +44,11 @@ module Api
         render json: e.to_hash, status: e.http_status
       end
 
+      # Party share errors
+      rescue_from PartyShareErrors::PartyShareError do |e|
+        render json: e.to_hash, status: e.http_status
+      end
+
       rescue_from GranblueError do |e|
         render_error(e)
       end

app/controllers/api/v1/party_shares_controller.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Api
+  module V1
+    class PartySharesController < Api::V1::ApiController
+      before_action :restrict_access
+      before_action :set_party
+      before_action :authorize_party_owner!
+      before_action :set_party_share, only: [:destroy]
+
+      # GET /parties/:party_id/shares
+      # List all shares for a party (only for owner)
+      def index
+        shares = @party.party_shares.includes(:shareable, :shared_by)
+        render json: PartyShareBlueprint.render(shares, view: :with_shareable, root: :shares)
+      end
+
+      # POST /parties/:party_id/shares
+      # Share a party with the current user's crew
+      def create
+        crew = current_user.crew
+        raise PartyShareErrors::NotInCrewError unless crew
+
+        # For now, users can only share to their own crew
+        # Future: support party_share_params[:crew_id] for sharing to other crews
+        share = PartyShare.new(
+          party: @party,
+          shareable: crew,
+          shared_by: current_user
+        )
+
+        if share.save
+          render json: PartyShareBlueprint.render(share, view: :with_shareable, root: :share), status: :created
+        else
+          render_validation_error_response(share)
+        end
+      end
+
+      # DELETE /parties/:party_id/shares/:id
+      # Remove a share
+      def destroy
+        @party_share.destroy!
+        head :no_content
+      end
+
+      private
+
+      def set_party
+        @party = Party.find(params[:party_id])
+      end
+
+      def set_party_share
+        @party_share = @party.party_shares.find(params[:id])
+      end
+
+      def authorize_party_owner!
+        return if @party.user_id == current_user.id
+
+        raise Api::V1::UnauthorizedError
+      end
+
+      def party_share_params
+        params.require(:share).permit(:crew_id)
+      end
+    end
+  end
+end

config/routes.rb

@@ -70,6 +70,11 @@ Rails.application.routes.draw do
     post 'parties/:id/regenerate_preview', to: 'parties#regenerate_preview'
     post 'parties/:id/remix', to: 'parties#remix'
 
+    # Party shares
+    resources :parties, only: [] do
+      resources :shares, controller: 'party_shares', only: [:index, :create, :destroy]
+    end
+
     put 'parties/:id/jobs', to: 'jobs#update_job'
     put 'parties/:id/job_skills', to: 'jobs#update_job_skills'
     delete 'parties/:id/job_skills', to: 'jobs#destroy_job_skill'