engine/app/controllers/locomotive/api_contents_controller.rb

62 lines
1.7 KiB
Ruby

module Locomotive
class ApiContentsController < ActionController::Base
# FIXME: NEED REFACTORING
include Locomotive::Routing::SiteDispatcher
before_filter :require_site
before_filter :set_content_type
before_filter :block_content_type_with_disabled_api
before_filter :sanitize_content_params, :only => :create
def create
@entry = @content_type.entries.build(params[:entry])
respond_to do |format|
if @entry.save
format.json { render :json => { :entry => @entry } }
format.html do
flash[@content_type.slug.singularize] = @entry.aliased_attributes
redirect_to params[:success_callback]
end
else
format.json { render :json => { :entry => @content, :errors => @content.errors } }
format.html do
flash[@content_type.slug.singularize] = @content.aliased_attributes
flash['errors'] = @content.errors_to_hash
redirect_to params[:error_callback]
end
end
end
end
protected
def set_content_type
@content_type = current_site.content_types.where(:slug => params[:slug]).first
end
def block_content_type_with_disabled_api
unless @content_type.api_enabled?
respond_to do |format|
format.json { render :json => { :error => 'Api not enabled' }, :status => :forbidden }
format.html { render :text => 'Api not enabled', :status => :forbidden }
end
return false
end
end
def sanitize_content_params
(params[:content] || {}).each do |key, value|
next unless value.is_a?(String)
params[:content][key] = Sanitize.clean(value, Sanitize::Config::BASIC)
end
end
end
end