Sign upLogin

concord-consortium/rigse

View on GitHub
Star
rails/app/controllers/api/v1/bookmarks_controller.rb

Summary

Maintainability
A
2 hrs
Test Coverage
class API::V1::BookmarksController < API::APIController

  # POST api/v1/bookmarks
  def create
    auth = check_auth(params)
    return error(auth[:error]) if auth[:error]

    name = params[:name] || 'My bookmark'
    url = params[:url] || 'http://concord.org'

    bookmark = Portal::GenericBookmark.new({name: name, url: url})
    bookmark.user = auth[:user]
    bookmark.clazz = auth[:portal_class]
    authorize bookmark

    if bookmark.save
      render_bookmark(bookmark)
    else
      error('Unable to create bookmark!')
    end
  end

  # PUT api/v1/bookmarks
  def update
    auth = check_auth(params)
    return error(auth[:error]) if auth[:error]

    bookmark = Portal::Bookmark.find_by_id(params['id'])
    if !bookmark
      return error('Invalid bookmark id')
    end

    if bookmark && bookmark.changeable?(auth[:user])
      %w[name url is_visible].each do |param|
        if params.has_key?(param)
          bookmark.update_attribute(param, params[param])
        end
      end
      if bookmark.save
        return render_bookmark(bookmark)
      else
        return error('Unable to update the bookmark')
      end
    else
      return error('You are not authorized to update the bookmark')
    end
  end

  # DELETE api/v1/bookmarks
  def destroy
    auth = check_auth(params)
    return error(auth[:error]) if auth[:error]

    bookmark = Portal::Bookmark.find_by_id(params['id'])
    if !bookmark
      return error('Invalid bookmark id')
    end
    if !bookmark.changeable?(auth[:user])
      return error('You are not authorized to delete the bookmark')
    end

    if bookmark.destroy()
      return render_ok()
    else
      return error('Unable to delete the bookmark')
    end
  end

  # POST api/v1/bookmarks/sort
  def sort
    auth = check_auth(params)
    return error(auth[:error]) if auth[:error]

    ids = params['ids']
    if !ids
      return error("Missing ids parameter")
    end

    bookmarks = ids.map { |i| Portal::Bookmark.find(i) }
    position = 1
    bookmarks.each do |bookmark|
      if bookmark.changeable?(auth[:user])
        bookmark.position = position
        position = position + 1
        bookmark.save
      end
    end
    render_ok()
  end

  private

  def render_ok
    render :json => { success: true }, :status => :ok
  end

  def render_bookmark(bookmark)
    render :json => {
      success: true,
      data: {
        id: bookmark.id,
        name: bookmark.name,
        url: bookmark.url,
        is_visible: bookmark.is_visible
      }
    }, :status => :ok
  end

  def check_auth(params)
    begin
      user, role = check_for_auth_token(params)
    rescue StandardError => e
      return {error: e.message}
    end

    begin
      clazz_id = params["clazz_id"]
      if !clazz_id
        raise StandardError, 'Missing clazz_id param'
      end

      portal_class = Portal::Clazz.find_by_id(clazz_id)
      if !portal_class
        raise StandardError, 'Invalid clazz_id param'
      end

      if !user.portal_teacher || !user.portal_teacher.has_clazz?(portal_class)
        raise StandardError, 'You are not authorized to edit bookmarks for this class'
      end

      return {user: user, portal_class: portal_class, error: nil}

    rescue StandardError => e
      return {error: e.message}
    end
  end
end