# API Controller for managing event resources # Provides RESTful endpoints for CRUD operations on the Event model module Api module V1 class EventsController < ApiController # Skip API key authentication for store_cart action (used by frontend forms) skip_before_action :authenticate_api_key, only: [ :store_cart ] # Loads the event before certain actions to reduce duplications before_action :set_event, only: [ :show, :update, :destroy, :store_cart ] # GET /api/v1/events # Retrieves all events sorted by creation date (most recent first) def index @events = Event.all.order(created_at: :desc) render json: @events.map { |e| event_json(e) }, status: :ok end # GET /api/v1/events/:id # Retrieves a single event by its ID # Returns 404 if the event is not found def show render json: event_json(@event), status: :ok end # POST /api/v1/events # Creates a new event with the provided attributes # Returns 201 Created on success with the event data # Returns 422 Unprocessable Entity with error messages on failure def create @event = Event.new(event_params) if @event.save render json: event_json(@event), status: :created else render json: { errors: @event.errors.full_messages }, status: :unprocessable_entity end end # PATCH/PUT /api/v1/events/:id # Updates an existing event with the provided attributes # Returns 200 OK with updated data on success # Returns 422 Unprocessable Entity with error messages on failure def update if @event.update(event_params) render json: event_json(@event), status: :ok else render json: { errors: @event.errors.full_messages }, status: :unprocessable_entity end end # DELETE /api/v1/events/:id # Permanently deletes an event # Returns 204 No Content on success def destroy @event.destroy head :no_content end # POST /api/v1/events/:id/store_cart # Store cart data in session (AJAX endpoint) def store_cart cart_data = params[:cart] || {} session[:pending_cart] = cart_data session[:event_id] = @event.id render json: { status: "success", message: "Cart stored successfully" } rescue => e error_message = e.message.present? ? e.message : "Unknown error" Rails.logger.error "Error storing cart: #{error_message}" render json: { status: "error", message: "Failed to store cart" }, status: 500 end private # Helper method to serialize event data safely def event_json(event) { id: event.id, name: event.name, slug: event.slug, description: event.description, state: event.state, venue_name: event.venue_name, venue_address: event.venue_address, start_time: event.start_time, end_time: event.end_time, latitude: event.latitude, longitude: event.longitude, featured: event.featured, created_at: event.created_at, updated_at: event.updated_at, user: { id: event.user.id, email: event.user.email, first_name: event.user.first_name, last_name: event.user.last_name } } end # Finds an event by its ID or returns 404 Not Found # Used as before_action for the show, update, and destroy actions def set_event @event = Event.find(params[:id]) rescue ActiveRecord::RecordNotFound render json: { error: "Event not found" }, status: :not_found end # Strong parameters for creating and updating events # Whitelist of allowed attributes to avoid mass assignment vulnerabilities def event_params params.require(:event).permit( :name, :slug, :description, :state, :venue_name, :venue_address, :start_time, :end_time, :latitude, :longitude, :featured, :user_id ) end end end end