/api/app/controllers/spree/api/v1/users_controller.rb
Ruby | 67 lines | 56 code | 11 blank | 0 comment | 3 complexity | e203803da9df9fbc959a4e82ff2dacca MD5 | raw file
Possible License(s): BSD-3-Clause
- module Spree
- module Api
- module V1
- class UsersController < Spree::Api::BaseController
- rescue_from Spree::Core::DestroyWithOrdersError, with: :error_during_processing
- def index
- @users = Spree.user_class.accessible_by(current_ability, :read)
- @users = if params[:ids]
- @users.ransack(id_in: params[:ids].split(','))
- else
- @users.ransack(params[:q])
- end
- @users = @users.result.page(params[:page]).per(params[:per_page])
- expires_in 15.minutes, public: true
- headers['Surrogate-Control'] = "max-age=#{15.minutes}"
- respond_with(@users)
- end
- def show
- respond_with(user)
- end
- def new; end
- def create
- authorize! :create, Spree.user_class
- @user = Spree.user_class.new(user_params)
- if @user.save
- respond_with(@user, status: 201, default_template: :show)
- else
- invalid_resource!(@user)
- end
- end
- def update
- authorize! :update, user
- if user.update_attributes(user_params)
- respond_with(user, status: 200, default_template: :show)
- else
- invalid_resource!(user)
- end
- end
- def destroy
- authorize! :destroy, user
- user.destroy
- respond_with(user, status: 204)
- end
- private
- def user
- @user ||= Spree.user_class.accessible_by(current_ability, :read).find(params[:id])
- end
- def user_params
- params.require(:user).permit(permitted_user_attributes |
- [bill_address_attributes: permitted_address_attributes,
- ship_address_attributes: permitted_address_attributes])
- end
- end
- end
- end
- end