diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 11a4d14..204a081 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,8 +1,8 @@ class UsersController < ApplicationController skip_before_action :verify_authenticity_token, only: :create - before_action :authenticate_user!, except: :show - before_action :authenticate_user_or_client!, only: :show + before_action :authenticate_user!, except: [:show, :add_registration_token] + before_action :authenticate_user_or_client!, only: [:show, :add_registration_token] load_and_authorize_resource find_by: :name @@ -23,4 +23,11 @@ class UsersController < ApplicationController @user.generate_key! redirect_to @user end + + def add_registration_token + token = JSON.parse(request.raw_post)["token"] + respond_to do |format| + format.json { render json: AndroidDeviceRegistrationToken.create(user: @user, token: token) } + end + end end diff --git a/app/models/user_ability.rb b/app/models/user_ability.rb index 0c21657..839a0b2 100644 --- a/app/models/user_ability.rb +++ b/app/models/user_ability.rb @@ -7,7 +7,7 @@ class UserAbility can :manage, :all if user.penning? can :create, Request, creditor_id: user.id can [:confirm, :decline], Request, debtor_id: user.id - can [:read, :reset_key], User, id: user.id + can [:read, :reset_key, :add_registration_token], User, id: user.id can :manage, Notification, user_id: user.id can :create, Transaction do |t| t.debtor == user && t.amount <= Rails.application.config.maximum_amount diff --git a/config/routes.rb b/config/routes.rb index 0ba1ba5..f6a8039 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -24,6 +24,7 @@ Rails.application.routes.draw do end resources :transactions, only: [:index], shallow: true post :reset_key, on: :member + post :add_registration_token, on: :member end get 'datatables/:id' => 'datatables#transactions_for_user', as: "user_transactions_datatable"