diff options
| author | Timothy Andrew <mail@timothyandrew.net> | 2017-06-30 16:29:34 +0300 |
|---|---|---|
| committer | Timothy Andrew <mail@timothyandrew.net> | 2017-06-30 16:45:51 +0300 |
| commit | 5dedea358dc3012b4c2a876065c16cf748fbf7ea (patch) | |
| tree | fe98aaca557bb4c1e4bced6f1a8508c63c1587a0 /lib/api/users.rb | |
| parent | 3c88a7869b87693ba8c3fb9814d39437dd569a31 (diff) | |
| parent | 81dba76b9d7d120cd22e3619a4058bd4885be9bc (diff) | |
Merge remote-tracking branch 'origin/master' into 34141-allow-unauthenticated-access-to-the-users-api
- Modify policy code to work with the `DeclarativePolicy` refactor
in 37c401433b76170f0150d70865f1f4584db01fa8.
Diffstat (limited to 'lib/api/users.rb')
| -rw-r--r-- | lib/api/users.rb | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index 18ce58299e7..bad4d76b428 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -105,7 +105,7 @@ module API authenticated_as_admin! params = declared_params(include_missing: false) - user = ::Users::CreateService.new(current_user, params).execute + user = ::Users::CreateService.new(current_user, params).execute(skip_authorization: true) if user.persisted? present user, with: Entities::UserPublic @@ -163,7 +163,9 @@ module API user_params[:password_expires_at] = Time.now if user_params[:password].present? - if user.update_attributes(user_params.except(:extern_uid, :provider)) + result = ::Users::UpdateService.new(user, user_params.except(:extern_uid, :provider)).execute + + if result[:status] == :success present user, with: Entities::UserPublic else render_validation_error!(user) @@ -241,9 +243,9 @@ module API user = User.find_by(id: params.delete(:id)) not_found!('User') unless user - email = user.emails.new(declared_params(include_missing: false)) + email = Emails::CreateService.new(user, declared_params(include_missing: false)).execute - if email.save + if email.errors.blank? NotificationService.new.new_email(email) present email, with: Entities::Email else @@ -281,8 +283,7 @@ module API email = user.emails.find_by(id: params[:email_id]) not_found!('Email') unless email - email.destroy - user.update_secondary_emails! + Emails::DestroyService.new(user, email: email.email).execute end desc 'Delete a user. Available only for admins.' do @@ -494,9 +495,9 @@ module API requires :email, type: String, desc: 'The new email' end post "emails" do - email = current_user.emails.new(declared_params) + email = Emails::CreateService.new(current_user, declared_params).execute - if email.save + if email.errors.blank? NotificationService.new.new_email(email) present email, with: Entities::Email else @@ -512,8 +513,7 @@ module API email = current_user.emails.find_by(id: params[:email_id]) not_found!('Email') unless email - email.destroy - current_user.update_secondary_emails! + Emails::DestroyService.new(current_user, email: email.email).execute end desc 'Get a list of user activities' |