Endpoint for updating user info

Author: nygrenh

app/controllers/api/v8/users_controller.rb

@@ -119,6 +119,25 @@ def create
         end
       end
 
+      def update
+        unauthorize_guest! if current_user.guest?
+
+        user = current_user
+        user = User.find_by!(id: params[:id]) unless params[:id] == 'current'
+        authorize! :update, user
+        set_user_fields
+        set_extra_data
+        if @user.save
+          render json: {
+            message: 'User created.'
+          }
+        else
+          render json: {
+            errors: @user.errors
+          }, status: :bad_request
+        end
+      end
+
       private
 
       def set_email
@@ -163,7 +182,8 @@ def set_extra_data
         namespace = extra_fields['namespace']
         raise 'Namespace not defined' unless namespace
         extra_fields['data'].each do |key, value|
-          @user.user_app_data.new(namespace: namespace, field_name: key, value: value)
+          datum = @user.user_app_data.find_or_initialize_by(namespace: namespace, field_name: key)
+          datum.value = value
         end
       end
     end

app/models/ability.rb

@@ -41,6 +41,10 @@ def initialize(user)
       can :destroy, User do |u|
         u == user
       end
+      cannot :update, User
+      can :update, User do |u|
+        u == user
+      end
 
       cannot :read, Course
       can :read, Course do |c|

config/routes.rb

@@ -42,7 +42,7 @@
     namespace :v8, defaults: {format: 'json'} do
       resources :apidocs, only: :index, path: 'documentation'
 
-      resources :users, only: [:show, :create]
+      resources :users, only: [:show, :create, :update]
 
       namespace :users do
         resources :password_reset, only: [:create]