41 lines
1.0 KiB
Ruby
41 lines
1.0 KiB
Ruby
module Api
|
|
class SequencesController < Api::AbstractController
|
|
# TODO add user authorization maybe (privacy)
|
|
def index
|
|
query = { user: current_user }
|
|
query.merge!(schedule_id: params[:schedule_id]) if params[:schedule_id]
|
|
render json: Sequence.where(query)
|
|
end
|
|
|
|
def show
|
|
render json: sequence
|
|
end
|
|
|
|
def create
|
|
mutate Sequences::Create.run(params, user: current_user)
|
|
end
|
|
|
|
def update
|
|
mutate Sequences::Update.run(params[:sequence],
|
|
user: current_user,
|
|
sequence: sequence)
|
|
end
|
|
|
|
def destroy
|
|
# HEY YOU!! If you touch this again, add a mutation. This is the most
|
|
# complexity I would like to see in one controlelr action.
|
|
if (sequence.user == current_user) && sequence.destroy
|
|
render nothing: true
|
|
else
|
|
raise Errors::Forbidden, "Not your Sequence object."
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def sequence
|
|
@sequence ||= Sequence.find(params[:id])
|
|
end
|
|
end
|
|
end
|