module Suppliers class EmployeesController < Suppliers::ApplicationController # GET /employees # GET /employees.json def index @employees = current_supplier.employees render json: @employees, each_serializer: Suppliers::EmployeeSerializer end # GET /employees/1 # GET /employees/1.json def show @employee = Employee.find(params[:id]) render json: @employee, serializer: Suppliers::EmployeeSerializer end # POST /employees # POST /employees.json def create @employee = Employee.find_by_email(employee_params[:email]) if employee_params[:email].present? @employee ||= Employee.new(employee_params) if @employee.save current_supplier.add_employee @employee unless current_supplier.employee_ids.include? @employee.id # already linked render json: @employee, serializer: Suppliers::EmployeeSerializer, status: :created else render json: {errors: @employee.errors}, status: :unprocessable_entity end end # PUT /employees/1 # PUT /employees/1.json def update @employee = Employee.find(params[:id]) render json: {}, status: 404 unless current_supplier.employee_ids.include?(@employee.id) current_supplier.settings_for(@employee).update!(employee_params) respond_to do |format| if @employee.update_attributes(employee_params) format.json { head :no_content } else format.json { render json: {errors: @employee.errors}, status: :unprocessable_entity } end end end # DELETE /employees/1 # DELETE /employees/1.json def destroy @employee = Employee.find(params[:id]) render json: {}, status: :forbidden unless current_supplier.employee_ids.include?(@employee.id) head :forbidden and return if @employee == current_employee # do not remove self at the moment current_supplier.remove_employee @employee respond_to do |format| format.json { head :no_content } end end private def employee_params params.require(:employee).permit(:name, :email, :active, :manager, :color) end end end