module Api module V0 class GuidancesController < Api::V0::BaseController before_action :authenticate swagger_controller :guidances, 'Guidances' swagger_api :show do summary 'Returns a single guidance item' notes 'Notes...' param :path, :id, :integer, :required, "Guidance Id" param :header, 'Authentication-Token', :string, :required, 'Authentication-Token' response :ok, "success", :Guidance response :unauthorized response :not_found end # TODO: impliment auth on show/index # for both, first validate that the user has the permission to use this api # then for show, display iff they have permissions for that resource # for index, compile the list of all groups they have permissions to view, then return def show # ensure use has auth for guidances api if has_auth("guidance") if Guidance.can_view?(@user, params[:id]) respond_with get_resource else render json: I18n.t("api.bad_resource"), status: 401 end else render I18n.t("api.no_auth_for_endpoint"), status: 401 end end swagger_api :index do summary 'Returns a list of all viewable guidances' notes 'Notes...' param :header, 'Authentication-Token', :string, :required, 'Authentication-Token' response :unauthorized end def index if has_auth("guidance") @all_viewable_guidances = Guidance.all_viewable(@user) respond_with @all_viewable_guidances else render json I18n.t("api.no_auth_for_endpoint"), status: 401 end end private def query_params params.permit(:id) end end end end