72 lines
2.3 KiB
Ruby
72 lines
2.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module Api
|
|
module V1
|
|
class CharacterSeriesController < Api::V1::ApiController
|
|
before_action :set_character_series, only: %i[show update destroy]
|
|
before_action :ensure_editor_role, only: %i[create update destroy]
|
|
|
|
# GET /character_series
|
|
def index
|
|
character_series = CharacterSeries.ordered
|
|
render json: CharacterSeriesBlueprint.render(character_series)
|
|
end
|
|
|
|
# GET /character_series/:id
|
|
def show
|
|
render json: CharacterSeriesBlueprint.render(@character_series, view: :full)
|
|
end
|
|
|
|
# POST /character_series
|
|
def create
|
|
character_series = CharacterSeries.new(character_series_params)
|
|
|
|
if character_series.save
|
|
render json: CharacterSeriesBlueprint.render(character_series, view: :full), status: :created
|
|
else
|
|
render_validation_error_response(character_series)
|
|
end
|
|
end
|
|
|
|
# PATCH/PUT /character_series/:id
|
|
def update
|
|
if @character_series.update(character_series_params)
|
|
render json: CharacterSeriesBlueprint.render(@character_series, view: :full)
|
|
else
|
|
render_validation_error_response(@character_series)
|
|
end
|
|
end
|
|
|
|
# DELETE /character_series/:id
|
|
def destroy
|
|
if @character_series.characters.exists?
|
|
render json: ErrorBlueprint.render(nil, error: {
|
|
message: 'Cannot delete series with associated characters',
|
|
code: 'has_dependencies'
|
|
}), status: :unprocessable_entity
|
|
else
|
|
@character_series.destroy!
|
|
head :no_content
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def set_character_series
|
|
# Support lookup by slug or UUID
|
|
@character_series = CharacterSeries.find_by(slug: params[:id]) || CharacterSeries.find(params[:id])
|
|
end
|
|
|
|
def ensure_editor_role
|
|
return if current_user&.role && current_user.role >= 7
|
|
|
|
Rails.logger.warn "[CHARACTER_SERIES] Unauthorized access attempt by user #{current_user&.id}"
|
|
render json: { error: 'Unauthorized - Editor role required' }, status: :unauthorized
|
|
end
|
|
|
|
def character_series_params
|
|
params.require(:character_series).permit(:name_en, :name_jp, :slug, :order)
|
|
end
|
|
end
|
|
end
|
|
end
|