reviews_controller.rb

# Copyright (C) 2015 Centro de Computacao Cientifica e Software Livre
# Departamento de Informatica - Universidade Federal do Parana
#
# This file is part of portalmec.
#
# portalmec is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# portalmec is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with portalmec.  If not, see <http://www.gnu.org/licenses/>.

class V1::ReviewsController < ApplicationController
  include ::DeletedObjectsController
  include ::ResourceModel
  include ::Paginator

  before_action :set_review, only: [:show, :destroy, :rate, :update]
  before_action :authenticate_user!, only: [:create, :rate, :destroy, :update]

  # GET /v1/collections/1/reviews
  def index
    render json: paginate(reviewable.reviews), each_serializer: ReviewSerializer
  end

  # GET /v1/collections/1/reviews/1
  def show
    render json: @review
  end

  # POST /v1/learning_objects/1/reviews
  # POST /v1/learning_objects/1/reviews.json
  def create
    review = reviewable.reviews.new(review_params.merge(user: current_user))
    errors = process_creation review

    # If review has any errors, status 422
    if errors.any?
      render json: errors, status: :unprocessable_entity
    else
      render json: review, status: :created
    end
  end

  # PUT /v1/learning_objects/1/reviews/1
  # PUT /v1/learning_objects/1/reviews/1.json
  def update
      ratings_params = review_params
      rp = ratings_params.delete(:review_ratings_attributes)
      if @review.update(ratings_params)
        @review.review_ratings.each do |r|
          rp.each do |s|
            if r.rating_id == s[:rating_id]
              r.value = s[:value]
              r.save
            end
          end
        end
        render json: @review, status: :ok
      else
        render json:  @review.errors, status: :unprocessable_entity
      end
  end

  def process_creation(review)
    # Store errors
    errors = []

    # If review saved, without errors ...
    if review.save
      # ... build ratings objects from parameters
      review.review_ratings.each do |r|
        r.review = review
        # ... and store if
        r.save
        errors << r.errors
      end
    else
      errors << review.errors
    end

    errors = errors.map(&:messages).inject(:merge)
  end

  # DELETE /v1/learning_objects/1/reviews/2
  # DELETE /v1/learning_objects/1/reviews/2.json
  def destroy
    authorize @review
    @review.destroy
    render status: :ok
  end

  # User can rate the review to approve or not
  # POST /v1/learning_objects/1/reviews/2/rate
  # POST /v1/learning_objects/1/reviews/2/rate.json
  def rate
    approves = params[:approves] == 'true' ? true : false
    rate = Rate.where(user: current_user, review: @review).first_or_initialize

    if rate.update(approves: approves)
      render json: rate, status: :created
    else
      render json: rate.errors, status: :unprocessable_entity
    end
  end

  private

  def deleted_resource
    Review
  end

  def reviewable
    @reviewable = resource_model
  end

  # Never trust parameters from the scary internet, only allow the white list through.
  def review_params
    params.require(:review).permit(:name, :description, :pros, :cons, review_ratings_attributes: [:rating_id, :value])
  end

  def set_review
    @review ||= Review.find(params[:id])
  end
end