module Api
module V0
class GuidanceGroupsController < Api::V0::BaseController
before_action :authenticate
swagger_controller :guidance_groupss, 'Guidance Groups'
swagger_api :show do
summary 'Returns a single guidance group item'
notes 'Notes...'
param :path, :id, :integer, :required, "Guidance Group Id"
param :header, 'Authorization Token', :string, :required, 'Authorization-Token'
response :ok, "success", :Guidance
response :unauthorized
response :not_found
end
# TODO: impliment auth on show/index
# for both, first validate that the user has the permission to use this api
# then for show, display iff they have permissions for that resource
# for index, compile the list of all groups they have permissions to view, then return
def show
# check if the user has permission to use the guidances api
if has_auth("guidance")
# determine if they have authorization to view this guidance group
if GuidanceGroup.can_view(@user, params[:id])
respond_with get_resource
else
render json: '"You do not have authorization to view this"', status: 401
end
else
render json: '"You do not have authorization to use this api endpoint"', status: 401
end
end
swagger_api :index do
summary 'Returns a list of all viewable guidances'
notes 'Notes...'
param :header, 'Authentication-Token', :string, :required, 'Authentication-Token'
response :unauthorized
end
def index
if has_auth("guidance")
@all_viewable_groups = GuidanceGroup.all_viewable(@user)
respond_with @all_viewable_groups
else
#render unauthorised
render json: '"You do not have authorization to use this api endpoint"', status: 401
end
end
private
def query_params
params.permit(:id)
end
end
end
end
xsrust