From 0aa9f91e0497df4478a010f82a66571383ca6328 Mon Sep 17 00:00:00 2001
From: Mateus Rambo Strey <mars11@inf.ufpr.br>
Date: Tue, 22 Nov 2016 22:09:56 -0200
Subject: [PATCH] add routes to user's learning_objects, collections and liked
 learning_objects

---
 app/controllers/v1/users_controller.rb | 25 +++++++++++++++++++++++--
 app/policies/user_policy.rb            | 15 +++++++++++++++
 config/routes.rb                       |  3 +++
 3 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb
index 4f71bdb8..980dfbfa 100644
--- a/app/controllers/v1/users_controller.rb
+++ b/app/controllers/v1/users_controller.rb
@@ -4,8 +4,9 @@ class V1::UsersController < ApplicationController
   include ::Paginator
 
 
-  before_action :set_user, only: [:show, :update, :destroy, :following]
-  before_action :authenticate_user!, only: [:create, :update, :destroy, :following]
+  before_action :set_user, only: [:show, :update, :destroy, :following, :learning_objects, :collections, :liked]
+  before_action :authenticate_user!, only: [:create, :update, :destroy, :following, :learning_objects, :collections, :liked]
+  before_action :authorize_user, only: [:learning_objects, :collections, :liked]
 
   # GET /v1/users
   # GET /v1/users.json
@@ -62,6 +63,22 @@ class V1::UsersController < ApplicationController
     render json: w, root: 'follows', status: :ok
   end
 
+  def learning_objects
+    render json: LearningObject.where(publisher: @user)
+  end
+
+  def collections
+    render json: Collection.where(owner: @user)
+  end
+
+  def liked
+    # TODO: if it turns to be a bottleneck, write your pretty SQL :)
+    includes = [:taggings, :tags, :subject_relations, :subjects, :stage_relations, :educational_stages, :publisher, :language, :license]
+    render json: LearningObject.includes(includes).find(
+      Like.where(user: @user, likeable_type: 'LearningObject').pluck(:likeable_id)
+    )
+  end
+
   private
 
   def deleted_resource
@@ -72,6 +89,10 @@ class V1::UsersController < ApplicationController
     set_user
   end
 
+  def authorize_user
+    authorize @user
+  end
+
   def set_user
     @user = User.find(params[:id])
   end
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index 22f65f2e..e4d740df 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -9,4 +9,19 @@ class UserPolicy < ApplicationPolicy
     record if user_exists?
   end
 
+  def learning_objects?
+    record if same_user? || user.is_admin?
+  end
+
+  def collections?
+    record if same_user? || user.is_admin?
+  end
+
+  def liked?
+    record if same_user? || user.is_admin?
+  end
+
+  def same_user?
+    record == user
+  end
 end
diff --git a/config/routes.rb b/config/routes.rb
index 82e59650..69bb604f 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -68,6 +68,9 @@ Rails.application.routes.draw do
         resources :bookmarks, module: 'users', only: [:index, :create, :destroy]
         get 'following/:object_type', to: 'users#following'
         get 'activities', to: 'activities#user_activities'
+        get 'learning_objects', to: 'users#learning_objects'
+        get 'collections', to: 'users#collections'
+        get 'liked', to: 'users#liked'
       end
     end
 
-- 
GitLab