class Api::V1::ContactsController < Api::BaseController protect_from_forgery with: :null_session before_action :check_authorization before_action :fetch_contact, only: [:show, :update] skip_before_action :authenticate_user!, only: [:create] skip_before_action :set_current_user, only: [:create] skip_before_action :check_subscription, only: [:create] skip_around_action :handle_with_exception, only: [:create] def index @contacts = current_account.contacts end def show; end def create @contact = Contact.new(contact_create_params) @contact.save! render json: @contact end def update @contact.update_attributes!(contact_params) end private def check_authorization authorize(Contact) end def contact_params params.require(:contact).permit(:name, :email, :phone_number) end def fetch_contact @contact = current_account.contacts.find(params[:id]) end def contact_create_params params.require(:contact).permit(:account_id, :inbox_id).merge!(name: SecureRandom.hex) end end