Add Endpoints for Divisions Address

Add, modify and delete Division address

app/controllers/api/v1/divisions_controller.rb

@@ -1,6 +1,12 @@
 module Api
   module V1
     class DivisionsController < ApplicationController
+      before_action :authenticate_api_user, only: [:add_address, :remove_address]
+      before_action :authorize_api_user, only: [:add_address, :remove_address]
+      before_action :set_division, only: [:add_address, :remove_address]
+
+      #Deshabilita CSRF protection
+      skip_before_action :verify_authenticity_token, only: [:add_address, :remove_address]      
 
 =begin
       def index
@@ -328,8 +334,40 @@ def index
         render json: divisions
       end
 
+      # POST /api/v1/divisions/:id/address
+      def add_address
+        address_id = params.require(:address_id)
+        address = Address.find_by(id: address_id)
+        unless address
+          render json: { error: 'Address not found' }, status: :unprocessable_entity and return
+        end
+
+        if @division.update(address_id: address_id)
+          render json: format_division(@division), status: :ok
+        else
+          render json: { errors: @division.errors.full_messages }, status: :unprocessable_entity
+        end
+      end
+
+      # DELETE /api/v1/divisions/:id/address
+      def remove_address
+        if @division.update(address_id: nil)
+          render json: format_division(@division), status: :ok
+        else
+          render json: { errors: @division.errors.full_messages }, status: :unprocessable_entity
+        end
+      end
+
+
       private
 
+      def set_division
+        @division = Division.find_by(id: params[:id])
+        unless @division
+          render json: { error: 'Division not found' }, status: :not_found and return
+        end
+      end
+
       def format_division(division)
         {
           name: division.name,
@@ -346,6 +384,19 @@ def format_division(division)
           labely: division.address&.geo_labely
         }
       end
+
+      def authenticate_api_user
+        authenticate_or_request_with_http_basic do |username, password|
+          @current_api_user = ApiUser.find_by(username: username)&.authenticate(password)
+        end
+      end
+
+      def authorize_api_user
+        unless @current_api_user&.api_permissions&.exists?(endpoint_name: 'divisions')
+          render json: { error: 'Forbidden' }, status: :forbidden
+        end
+      end
+
     end
   end
 end

config/routes.rb

@@ -12,7 +12,10 @@
 
   namespace :api do
     namespace :v1 do
-      resources :divisions, only: [:index]
+      resources :divisions, only: [:index] do
+        post 'address', on: :member, to: 'divisions#add_address'
+        delete 'address', on: :member, to: 'divisions#remove_address'
+      end
       resources :loans, only: [:index]
       resources :addresses
     end

db/migrate/20241123183356_add_api_permission.rb

@@ -0,0 +1,8 @@
+class AddApiPermission < ActiveRecord::Migration[6.1]
+  def change
+    ApiPermission.find_or_create_by(id: 2) do |permission|
+      permission.api_user_id = 1
+      permission.endpoint_name = 'divisions'
+    end
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2024_11_20_234518) do
+ActiveRecord::Schema.define(version: 2024_11_23_183356) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"