From 90b64fdffdc33f0204af6ac2e315bd4be6bc200a Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 29 Jan 2013 11:42:46 -0800 Subject: Allow PUT API to update user. --- users/app/controllers/v1/users_controller.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'users/app/controllers/v1/users_controller.rb') diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index eda2fad..e8e8f00 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -1,13 +1,21 @@ module V1 class UsersController < ApplicationController - skip_before_filter :verify_authenticity_token, :only => [:create] + skip_before_filter :verify_authenticity_token + before_filter :authorize, :only => [:update] respond_to :json def create @user = User.create(params[:user]) + respond_with @user # return ID instead? + end + + def update + @user = User.find_by_param(params[:id]) + @user.update_attributes(params[:user]) respond_with @user end + end end -- cgit v1.2.3 From afd5697f17a90654b6c058611896e3542a601ef5 Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 29 Jan 2013 12:09:38 -0800 Subject: A user's public_key is the only attribute they should be able to update via API. --- users/app/controllers/v1/users_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'users/app/controllers/v1/users_controller.rb') diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index e8e8f00..9b5997d 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -12,8 +12,9 @@ module V1 end def update + # For now, only allow public key to be updated via the API. Eventually we might want to store in a config what attributes can be updated via the API. @user = User.find_by_param(params[:id]) - @user.update_attributes(params[:user]) + @user.update_attributes(:public_key => params[:user][:public_key]) respond_with @user end -- cgit v1.2.3 From 2d330838cf5a763d8de2bea752b4e37cf2caa249 Mon Sep 17 00:00:00 2001 From: jessib Date: Thu, 31 Jan 2013 13:09:00 -0800 Subject: Remove public key if the key is passed as nil, but not otherwise. There was a weird case with reloading the user in the test if the public key had been unset. --- users/app/controllers/v1/users_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers/v1/users_controller.rb') diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index 9b5997d..617bd4b 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -14,7 +14,7 @@ module V1 def update # For now, only allow public key to be updated via the API. Eventually we might want to store in a config what attributes can be updated via the API. @user = User.find_by_param(params[:id]) - @user.update_attributes(:public_key => params[:user][:public_key]) + @user.update_attributes params[:user].slice(:public_key) if params[:user].respond_to?(:slice) respond_with @user end -- cgit v1.2.3