discourse/app/controllers/user_badges_controller.rb

59 lines
1.5 KiB
Ruby
Raw Normal View History

2014-03-05 20:52:20 +08:00
class UserBadgesController < ApplicationController
def index
params.require(:username)
user = fetch_user_from_params
render_serialized(user.user_badges, UserBadgeSerializer, root: "user_badges")
2014-03-05 20:52:20 +08:00
end
def create
params.require(:username)
user = fetch_user_from_params
unless can_assign_badge_to_user?(user)
render json: failed_json, status: 403
return
end
badge = fetch_badge_from_params
user_badge = BadgeGranter.grant(badge, user, granted_by: current_user)
render_serialized(user_badge, UserBadgeSerializer, root: "user_badge")
2014-03-05 20:52:20 +08:00
end
def destroy
params.require(:id)
user_badge = UserBadge.find(params[:id])
unless can_assign_badge_to_user?(user_badge.user)
render json: failed_json, status: 403
return
end
BadgeGranter.revoke(user_badge, revoked_by: current_user)
2014-03-05 20:52:20 +08:00
render json: success_json
end
private
# Get the badge from either the badge name or id specified in the params.
def fetch_badge_from_params
badge = nil
params.permit(:badge_name)
if params[:badge_name].nil?
params.require(:badge_id)
badge = Badge.where(id: params[:badge_id]).first
else
badge = Badge.where(name: params[:badge_name]).first
end
raise Discourse::NotFound.new if badge.blank?
badge
end
def can_assign_badge_to_user?(user)
master_api_call = current_user.nil? && is_api?
master_api_call or guardian.can_grant_badges?(user)
end
end