scinote-web/app/controllers/user_projects_controller.rb

class UserProjectsController < ApplicationController
  include NotificationsHelper
  include InputSanitizeHelper

  before_action :load_vars
  before_action :load_user_project, only: %i(update destroy)
  before_action :check_view_permissions, only: :index
  before_action :check_manage_users_permissions, only: :index_edit
  before_action :check_create_permissions, only: :create
  before_action :check_manage_permissions, only: %i(update destroy)

  def index
    @users = @project.user_projects

    respond_to do |format|
      format.json do
        render json: {
          html: render_to_string(
            partial: 'index.html.erb'
          ),
          project_id: @project.id,
          counter: @project.users.count # Used for counter badge
        }
      end
    end
  end

  def index_edit
    @user_projects = @project.user_projects
    @unassigned_users = @project.unassigned_users
    @new_user_project = UserProject.new(project: @project)

    respond_to do |format|
      format.json do
        render json: {
          project: @project,
          html_header: t('projects.index.modal_manage_users.modal_title_html',
                         name: @project.name),
          html_body: render_to_string(
            partial: 'index_edit.html.erb'
          ),
          html_footer: render_to_string(
            partial: 'index_edit_footer.html.erb'
          )
        }
      end
    end
  end

  def create
    @user_project = @project.user_projects.new(user_project_params)
    @user_project.assigned_by = current_user

    if @user_project.save
      log_activity(:assign_user_to_project)

      respond_to do |format|
        format.json do
          redirect_to project_users_edit_path(format: :json), turbolinks: false
        end
      end
    else
      error = t('user_projects.create.can_add_user_to_project')
      error = t('user_projects.create.select_user_role') unless @user_project.role

      respond_to do |format|
        format.json do
          render json: {
            status: 'error',
            error: error
          }
        end
      end
    end
  end

  def update
    @user_project.role = user_project_params[:role]

    if @user_project.save
      log_activity(:change_user_role_on_project)

      respond_to do |format|
        format.json do
          redirect_to project_users_edit_path(format: :json), turbolinks: false
        end
      end
    else
      respond_to do |format|
        format.json do
          render json: {
            status: 'error',
            errors: @user_project.errors
          }
        end
      end
    end
  end

  def destroy
    if @user_project.destroy
      log_activity(:unassign_user_from_project)
      respond_to do |format|
        format.json do
          redirect_to project_users_edit_path(format: :json),
                      turbolinks: false,
                      status: :see_other
        end
      end
    else
      respond_to do |format|
        format.json do
          render json: {
            errors: @user_project.errors
          }
        end
      end
    end
  end

  private

  def load_vars
    @project = Project.find_by(id: params[:project_id])
    render_404 unless @project
  end

  def load_user_project
    @user_project = @project.user_projects.find(params[:id])
    render_404 unless @user_project
  end

  def check_view_permissions
    render_403 unless can_read_project?(@project)
  end

  def check_manage_users_permissions
    render_403 unless can_manage_project?(@project)
  end

  def check_create_permissions
    render_403 unless can_manage_project?(@project)
  end

  def check_manage_permissions
    render_403 unless can_manage_project?(@project) && @user_project.user_id != current_user.id
  end

  def user_project_params
    params.require(:user_project).permit(:user_id, :project_id, :role)
  end

  def log_activity(type_of)
    Activities::CreateActivityService
      .call(activity_type: type_of,
            owner: current_user,
            subject: @project,
            team: @project.team,
            project: @project,
            message_items: { project: @project.id,
                             user_target: @user_project.user.id,
                             role: @user_project.role_str })
  end
end
Initial commit. 2016-02-12 23:52:43 +08:00			`class UserProjectsController < ApplicationController`
refactoring notification method 2016-11-07 22:31:06 +08:00			`include NotificationsHelper`
fixes remove user action on project [fixes SCI-1261] 2017-05-12 22:18:53 +08:00			`include InputSanitizeHelper`
refactoring notification method 2016-11-07 22:31:06 +08:00
Initial commit. 2016-02-12 23:52:43 +08:00			`before_action :load_vars`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`before_action :load_user_project, only: %i(update destroy)`
Corrected some project level permissions; minor refactoring. 2018-02-03 01:19:03 +08:00			`before_action :check_view_permissions, only: :index`
			`before_action :check_manage_users_permissions, only: :index_edit`
Refactor user projects & user my modules code 2016-11-22 22:16:26 +08:00			`before_action :check_create_permissions, only: :create`
fix user_project manage permission 2018-11-09 18:36:44 +08:00			`before_action :check_manage_permissions, only: %i(update destroy)`
Initial commit. 2016-02-12 23:52:43 +08:00
			`def index`
			`@users = @project.user_projects`

			`respond_to do \|format\|`
Add counters for users and comments on canvas [SCI-152] 2017-05-08 23:32:55 +08:00			`format.json do`
			`render json: {`
			`html: render_to_string(`
			`partial: 'index.html.erb'`
			`),`
			`project_id: @project.id,`
Add comments to the code [SCI-152] 2017-05-09 16:18:57 +08:00			`counter: @project.users.count # Used for counter badge`
Initial commit. 2016-02-12 23:52:43 +08:00			`}`
Add counters for users and comments on canvas [SCI-152] 2017-05-08 23:32:55 +08:00			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`end`

			`def index_edit`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`@user_projects = @project.user_projects`
Initial commit. 2016-02-12 23:52:43 +08:00			`@unassigned_users = @project.unassigned_users`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`@new_user_project = UserProject.new(project: @project)`
Initial commit. 2016-02-12 23:52:43 +08:00
			`respond_to do \|format\|`
Add counters for users and comments on canvas [SCI-152] 2017-05-08 23:32:55 +08:00			`format.json do`
			`render json: {`
			`project: @project,`
add data-hook, refactor add user to project modal to support addons 2018-06-01 22:13:22 +08:00			`html_header: t('projects.index.modal_manage_users.modal_title_html',`
			`name: @project.name),`
Add counters for users and comments on canvas [SCI-152] 2017-05-08 23:32:55 +08:00			`html_body: render_to_string(`
			`partial: 'index_edit.html.erb'`
			`),`
			`html_footer: render_to_string(`
			`partial: 'index_edit_footer.html.erb'`
			`)`
Initial commit. 2016-02-12 23:52:43 +08:00			`}`
Add counters for users and comments on canvas [SCI-152] 2017-05-08 23:32:55 +08:00			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`end`

			`def create`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`@user_project = @project.user_projects.new(user_project_params)`
			`@user_project.assigned_by = current_user`
Initial commit. 2016-02-12 23:52:43 +08:00
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`if @user_project.save`
Project activities refactoring 2019-03-08 00:26:42 +08:00			`log_activity(:assign_user_to_project)`
Initial commit. 2016-02-12 23:52:43 +08:00
			`respond_to do \|format\|`
Fix assignment of users to projects [SCI-1838] 2017-11-30 05:55:10 +08:00			`format.json do`
			`redirect_to project_users_edit_path(format: :json), turbolinks: false`
			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`else`
			`error = t('user_projects.create.can_add_user_to_project')`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`error = t('user_projects.create.select_user_role') unless @user_project.role`
Initial commit. 2016-02-12 23:52:43 +08:00
			`respond_to do \|format\|`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`format.json do`
			`render json: {`
Initial commit. 2016-02-12 23:52:43 +08:00			`status: 'error',`
Fix user projects not working 2016-11-23 20:19:10 +08:00			`error: error`
Initial commit. 2016-02-12 23:52:43 +08:00			`}`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`end`
			`end`

			`def update`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`@user_project.role = user_project_params[:role]`
Initial commit. 2016-02-12 23:52:43 +08:00
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`if @user_project.save`
Project activities refactoring 2019-03-08 00:26:42 +08:00			`log_activity(:change_user_role_on_project)`
Initial commit. 2016-02-12 23:52:43 +08:00
			`respond_to do \|format\|`
Fix assignment of users to projects [SCI-1838] 2017-11-30 05:55:10 +08:00			`format.json do`
			`redirect_to project_users_edit_path(format: :json), turbolinks: false`
			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`else`
			`respond_to do \|format\|`
Prevent user being added to project/task multiple times [SCI-2869] 2018-11-20 21:29:33 +08:00			`format.json do`
			`render json: {`
Initial commit. 2016-02-12 23:52:43 +08:00			`status: 'error',`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`errors: @user_project.errors`
Initial commit. 2016-02-12 23:52:43 +08:00			`}`
Prevent user being added to project/task multiple times [SCI-2869] 2018-11-20 21:29:33 +08:00			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`end`
			`end`

			`def destroy`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`if @user_project.destroy`
Project activities refactoring 2019-03-08 00:26:42 +08:00			`log_activity(:unassign_user_from_project)`
Initial commit. 2016-02-12 23:52:43 +08:00			`respond_to do \|format\|`
Fix assignment of users to projects [SCI-1838] 2017-11-30 05:55:10 +08:00			`format.json do`
			`redirect_to project_users_edit_path(format: :json),`
			`turbolinks: false,`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`status: :see_other`
Fix assignment of users to projects [SCI-1838] 2017-11-30 05:55:10 +08:00			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`else`
			`respond_to do \|format\|`
Prevent user being added to project/task multiple times [SCI-2869] 2018-11-20 21:29:33 +08:00			`format.json do`
			`render json: {`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`errors: @user_project.errors`
Initial commit. 2016-02-12 23:52:43 +08:00			`}`
Prevent user being added to project/task multiple times [SCI-2869] 2018-11-20 21:29:33 +08:00			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`end`
			`end`

			`private`

			`def load_vars`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`@project = Project.find_by(id: params[:project_id])`
fix user_project manage permission 2018-11-09 18:36:44 +08:00			`render_404 unless @project`
			`end`
Initial commit. 2016-02-12 23:52:43 +08:00
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`def load_user_project`
			`@user_project = @project.user_projects.find(params[:id])`
			`render_404 unless @user_project`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`

			`def check_view_permissions`
Fixing and refactoring project permissions in controllers. 2018-01-25 19:55:57 +08:00			`render_403 unless can_read_project?(@project)`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`

Corrected some project level permissions; minor refactoring. 2018-02-03 01:19:03 +08:00			`def check_manage_users_permissions`
Renamed permission 'update_project' to 'manage_project'. Some permissions fixes; added them in some places where they were missing. 2018-02-03 01:48:55 +08:00			`render_403 unless can_manage_project?(@project)`
Corrected some project level permissions; minor refactoring. 2018-02-03 01:19:03 +08:00			`end`

Initial commit. 2016-02-12 23:52:43 +08:00			`def check_create_permissions`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`render_403 unless can_manage_project?(@project)`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`

fix user_project manage permission 2018-11-09 18:36:44 +08:00			`def check_manage_permissions`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`render_403 unless can_manage_project?(@project) && @user_project.user_id != current_user.id`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`

Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`def user_project_params`
Initial commit. 2016-02-12 23:52:43 +08:00			`params.require(:user_project).permit(:user_id, :project_id, :role)`
			`end`
Project activities refactoring 2019-03-08 00:26:42 +08:00
			`def log_activity(type_of)`
			`Activities::CreateActivityService`
			`.call(activity_type: type_of,`
			`owner: current_user,`
			`subject: @project,`
			`team: @project.team,`
			`project: @project,`
			`message_items: { project: @project.id,`
Add Endpoins for Project Membership manipulation [SCI-5001] 2020-09-22 17:56:12 +08:00			`user_target: @user_project.user.id,`
			`role: @user_project.role_str })`
Project activities refactoring 2019-03-08 00:26:42 +08:00			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`