Commit f04ded56 authored by Matheus Horstmann's avatar Matheus Horstmann 🐴

Merge branch 'change_citizen_password_route' into 'develop'

Add route to change citizen password by professional

See merge request !83
parents 0f1299aa 10d9d2ed
Pipeline #17214 passed with stages
in 1 minute and 23 seconds
......@@ -19,7 +19,8 @@ module Api::V1
include HasPolicies
require 'csv'
before_action :set_citizen, only: [:picture, :show, :update, :destroy]
before_action :set_citizen, only: [:picture, :show, :update,
:change_password, :destroy]
# GET /citizens
def index
......@@ -40,7 +41,6 @@ module Api::V1
end
end
# GET /citizens/1/picture
def picture
if @citizen.nil?
......@@ -107,7 +107,6 @@ module Api::V1
end
end
# GET /citizens/1
def show
if @citizen.nil?
......@@ -129,7 +128,6 @@ module Api::V1
end
end
# POST /citizens
def create
success = false
......@@ -194,7 +192,6 @@ module Api::V1
end
end
# DELETE /citizens/1
def destroy
if @citizen.nil?
......@@ -207,7 +204,7 @@ module Api::V1
authorize @citizen, :deactivate?
rescue
render json: {
errors: ["You're not allowed to deativate this citizen."]
errors: ["You're not allowed to deactivate this citizen."]
}, status: 403
return
end
......@@ -224,6 +221,61 @@ module Api::V1
end
end
# PUT /citizens/1/change_password
def change_password
if @citizen.nil?
render json: {
errors: ["User #{params[:id]} does not exist."]
}, status: 404
else
# Allow request only if the citizen is reachable from current user
begin
authorize @citizen, :change_password?
rescue
render json: {
errors: ["You're not allowed to change password for this citizen."]
}, status: 403
return
end
if @citizen.email.present?
render json: {
errors: ["This citizen has an e-mail registered, use it for resetting the password!"]
}, status: 401
return
end
@account = Account.find(@citizen.account_id)
birth_date = @citizen.birth_date.strftime("%Y-%m-%d")
if(
@account.uid != params[:cpf] or
birth_date != params[:birth_date]
)
render json: {
errors: ["CPF and birth date do not match!"]
}, status: 403
return
end
if params[:password] != params[:password_confirmation]
render json: {
errors: ["Passwords do not match!"]
}, status: 403
return
end
@account.password = params[:password]
@account.password_confirmation = params[:password_confirmation]
if @account.save!
render json: @citizen
else
render json: @citizen.errors, status: :unprocessable_entity
end
end
end
private
# Use callbacks to share common setup or constraints between actions.
......
......@@ -27,7 +27,7 @@ class CitizenPolicy < ApplicationPolicy
city_id = professional.professionals_service_places
.find(user[1]).service_place.city_id
return case permission
when "adm_c3sl"
scope.all_active.where.not(id: citizen.id)
......@@ -56,7 +56,7 @@ class CitizenPolicy < ApplicationPolicy
permission = Professional.get_permission(user[1])
if permission == "citizen"
return condition
return condition
end
professional = citizen.professional
......@@ -95,10 +95,14 @@ class CitizenPolicy < ApplicationPolicy
end
def schedule?
return access_policy(user, ((user[0].id == record.id) ||
return access_policy(user, ((user[0].id == record.id) ||
(record.responsible_id == user[0].id)))
end
def change_password?
return access_policy(user, false)
end
def show_picture?
citizen = user[0]
permission = Professional.get_permission(user[1])
......@@ -114,7 +118,7 @@ class CitizenPolicy < ApplicationPolicy
return case
when permission == "adm_c3sl"
return true
return true
when permission == "adm_prefeitura"
return ((citizen.id == record.id) or (city_id == record.city_id))
......@@ -131,8 +135,8 @@ class CitizenPolicy < ApplicationPolicy
end
private
# Generic method for checking permissions when show/accessing/modifying
# Generic method for checking permissions when show/accessing/modifying
# citizens. It is used for avoiding code repetition in citizen's policy
# methods.
#
......@@ -144,7 +148,7 @@ class CitizenPolicy < ApplicationPolicy
permission = Professional.get_permission(user[1])
if permission == "citizen"
return condition
return condition
end
professional = citizen.professional
......
......@@ -34,6 +34,7 @@ Rails.application.routes.draw do
resources :dependants
member do
get 'picture'
put 'change_password'
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment