diff --git a/app/controllers/v1/users_controller.rb b/app/controllers/v1/users_controller.rb
index 3b7344b50668f5e348975ea4735288b316a5fcba..c234a6556456a4dbe041ad175bf04ece42f72c94 100644
--- a/app/controllers/v1/users_controller.rb
+++ b/app/controllers/v1/users_controller.rb
@@ -59,16 +59,12 @@ class V1::UsersController < ApplicationController
# PUT/PATCH /v1/users/1
# PUT/PATCH /v1/users/1.json
def update
- if user_params[:role_ids].blank? || current_user.is_admin?
- if @user.update(user_params)
- user_associations(@user)
+ if @user.update(user_params)
+ user_associations(@user)
- render json: @user, status: :ok
- else
- render json: @user.errors, status: :unprocessable_entity
- end
+ render json: @user, status: :ok
else
- render status: :forbidden
+ render json: @user.errors, status: :unprocessable_entity
end
end
@@ -183,7 +179,13 @@ class V1::UsersController < ApplicationController
# Never trust parameters from the scary internet, only allow the white list through.
def user_params
- params.require(:user).permit(
+ return params.require(:user).permit(*partner_allowed_params) if !current_user.nil? && current_user.is_partner?
+ return params.require(:user).permit(*admin_allowed_params) if !current_user.nil? && current_user.is_admin?
+ params.require(:user).permit(*user_allowed_params)
+ end
+
+ def user_allowed_params
+ [
:name,
:email,
:description,
@@ -192,9 +194,22 @@ class V1::UsersController < ApplicationController
:password_confirmation,
:terms_of_service,
:avatar,
- :cover,
+ :cover
+ ]
+ end
+
+ def partner_allowed_params
+ user_allowed_params.push(*[
+ :dspace_url,
+ :dspace_handle,
+ dspace_sets: []
+ ])
+ end
+
+ def admin_allowed_params
+ partner_allowed_params.push(*[
role_ids: []
- )
+ ])
end
def approve_params
diff --git a/app/serializers/user_serializer.rb b/app/serializers/user_serializer.rb
index ff9a7dc7addafbb17f0192b1437b6cc7be4ac64d..33b976fe53c367e04581632b01c2f38630a44698 100644
--- a/app/serializers/user_serializer.rb
+++ b/app/serializers/user_serializer.rb
@@ -28,7 +28,7 @@ class UserSerializer < ActiveModel::Serializer
end
def email
- object.email if (current_user != nil)&&(object.id == current_user.id || current_user.is_admin?)
+ object.email if is_current_user?
end
def learning_objects_count
@@ -41,6 +41,22 @@ class UserSerializer < ActiveModel::Serializer
roles
end
+ def dspace_handle
+ object.dspace_handle if is_current_user?
+ end
+
+ def dspace_url
+ object.dspace_url if is_current_user?
+ end
+
+ def dspace_sets
+ object.dspace_sets if is_current_user?
+ end
+
+ def is_current_user?
+ (current_user != nil)&&(object.id == current_user.id || current_user.is_admin?)
+ end
+
attributes \
:id,
:email,
@@ -54,6 +70,9 @@ class UserSerializer < ActiveModel::Serializer
:role_ids,
:institution_ids,
:avatar,
+ :dspace_url,
+ :dspace_handle,
+ :dspace_sets,
:likes_count,
:followed,
:complained,
diff --git a/db/migrate/20180226141521_add_handle_to_user.rb b/db/migrate/20180226141521_add_handle_to_user.rb
new file mode 100644
index 0000000000000000000000000000000000000000..dbaabea9cbc28ad473e9f76091283441906fa0b1
--- /dev/null
+++ b/db/migrate/20180226141521_add_handle_to_user.rb
@@ -0,0 +1,5 @@
+class AddHandleToUser < ActiveRecord::Migration[5.0]
+ def change
+ add_column :users, :dspace_handle, :string
+ end
+end
diff --git a/db/migrate/20180302141449_add_dspace_info_to_user.rb b/db/migrate/20180302141449_add_dspace_info_to_user.rb
new file mode 100644
index 0000000000000000000000000000000000000000..99a14bbd6b5737d62c66579494ec6121bb8a2dbc
--- /dev/null
+++ b/db/migrate/20180302141449_add_dspace_info_to_user.rb
@@ -0,0 +1,6 @@
+class AddDspaceInfoToUser < ActiveRecord::Migration[5.0]
+ def change
+ add_column :users, :dspace_url, :string
+ add_column :users, :dspace_sets, :text, array: true, default: []
+ end
+end