doubtfire-api/app/api/tutorials_api.rb at f5f2c408fab3043e6b3ee68211f7e573c6abc5a4 · b0ink/doubtfire-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
require 'grape'

class TutorialsApi < Grape::API
  helpers AuthenticationHelpers
  helpers AuthorisationHelpers

  before do
    authenticated?
  end

  desc 'Update a tutorial'
  params do
    requires :id, type: Integer, desc: 'The user id to update'
    requires :tutorial, type: Hash do
      optional :abbreviation, type: String, desc: 'The tutorials code'
      optional :meeting_location, type: String,   desc: 'The tutorials location'
      optional :meeting_day, type: String, desc: 'Day of the tutorial'
      optional :tutor_id, type: Integer, desc: 'Id of the tutor'
      optional :campus_id, type: Integer, desc: 'Id of the campus'
      optional :capacity, type: Integer, desc: 'Capacity of the tutorial'
      optional :meeting_time, type: String, desc: 'Time of the tutorial'
    end
  end
  put '/tutorials/:id' do
    tutorial = Tutorial.find(params[:id])
    tut_params = params[:tutorial]
    # can only modify if current_user.id is same as :id provided
    # (i.e., user wants to update their own data) or if update_user token
    unless authorise? current_user, tutorial.unit, :add_tutorial
      error!({ error: "Cannot update tutorial with id=#{params[:id]} - not authorised" }, 403)
    end

    tutorial_parameters = ActionController::Parameters.new(params)
                                                      .require(:tutorial)
                                                      .permit(
                                                        :abbreviation,
                                                        :meeting_location,
                                                        :meeting_day,
                                                        :meeting_time,
                                                        :campus_id,
                                                        :capacity
                                                      )

    if tut_params[:tutor_id]
      tutor = User.find(tut_params[:tutor_id])
      tutorial.assign_tutor(tutor)
    end

    if tutorial_parameters[:campus_id] == -1
      tutorial_parameters[:campus_id] = nil
    end

    tutorial.update!(tutorial_parameters)
    present tutorial, with: Entities::TutorialEntity
  end

  desc 'Create tutorial'
  params do
    requires :tutorial, type: Hash do
      requires :unit_id,              type: Integer,  desc: 'Id of the unit'
      requires :tutor_id,             type: Integer,  desc: 'Id of the tutor'
      optional :campus_id,            type: Integer,  desc: 'Id of the campus',                               allow_blank: true
      requires :capacity,             type: Integer,  desc: 'Capacity of the tutorial',                       allow_blank: false
      requires :abbreviation,         type: String,   desc: 'The tutorials code',                             allow_blank: false
      requires :meeting_location,     type: String,   desc: 'The tutorials location',                         allow_blank: false
      requires :meeting_day,          type: String,   desc: 'Day of the tutorial',                            allow_blank: false
      requires :meeting_time,         type: String,   desc: 'Time of the tutorial',                           allow_blank: false
      requires :tutorial_stream_abbr, type: String,   desc: 'Abbreviation of the associated tutorial stream', allow_blank: false
    end
  end
  post '/tutorials' do
    tut_params = params[:tutorial]
    unit = Unit.find(tut_params[:unit_id])

    unless authorise? current_user, unit, :add_tutorial
      error!({ error: 'Not authorised to create new tutorials' }, 403)
    end

    tutor = User.find(tut_params[:tutor_id])
    campus = tut_params[:campus_id].nil? || tut_params[:campus_id] == -1 ? nil : Campus.find(tut_params[:campus_id])

    # Set Tutorial Stream if available
    tutorial_stream_abbr = tut_params[:tutorial_stream_abbr]
    tutorial_stream = unit.tutorial_streams.find_by!(abbreviation: tutorial_stream_abbr) unless tutorial_stream_abbr.nil?

    unless tutorial_stream
      error!({ error: 'Tutorial must belong to a tutorial stream' }, 403)
    end

    tutorial = unit.add_tutorial(tut_params[:meeting_day], tut_params[:meeting_time], tut_params[:meeting_location], tutor, campus, tut_params[:capacity], tut_params[:abbreviation], tutorial_stream)

    present tutorial, with: Entities::TutorialEntity
  end

  desc 'Delete a tutorial'
  params do
    requires :id, type: Integer, desc: 'The tutorial id to delete'
  end
  delete '/tutorials/:id' do
    tutorial = Tutorial.find(params[:id])

    unless authorise? current_user, tutorial.unit, :add_tutorial
      error!({ error: 'Cannot delete tutorial - not authorised' }, 403)
    end

    tutorial.destroy!
    present true, with: Grape::Presenters::Presenter
  end
end