scinote-web/app/controllers/access_permissions/my_modules_controller.rb

87 lines
2.3 KiB
Ruby
Raw Normal View History

2021-05-09 22:59:10 +08:00
# frozen_string_literal: true
module AccessPermissions
class MyModulesController < ApplicationController
before_action :set_my_module
2023-02-23 21:57:38 +08:00
before_action :set_experiment
before_action :set_project
2021-05-09 22:59:10 +08:00
before_action :check_read_permissions, only: %i(show)
2021-05-22 20:41:56 +08:00
before_action :check_manage_permissions, only: %i(edit update)
2021-05-09 22:59:10 +08:00
2023-12-12 19:17:38 +08:00
def show
render json: @my_module.user_assignments.includes(:user_role, :user).order('users.full_name ASC'),
each_serializer: UserAssignmentSerializer, user: current_user
2023-12-12 19:17:38 +08:00
end
2021-05-09 22:59:10 +08:00
2023-12-12 19:17:38 +08:00
def new
render json: @available_users, each_serializer: UserSerializer, user: current_user
2023-12-12 19:17:38 +08:00
end
def edit; end
2021-05-09 22:59:10 +08:00
def update
user_id = permitted_update_params[:user_id]
@user_assignment = @my_module.user_assignments.find_by(user_id: user_id, team: current_team)
if permitted_update_params[:user_role_id] == 'reset'
@user_assignment.update!(
user_role_id: @experiment.user_assignments.find_by(user_id: user_id, team: current_team).user_role_id,
assigned: :automatically
)
else
@user_assignment.update!(
user_role_id: permitted_update_params[:user_role_id],
assigned: :manually
)
end
2021-05-09 22:59:10 +08:00
log_change_activity
render :my_module_member
2021-05-09 22:59:10 +08:00
end
private
def permitted_update_params
params.require(:user_assignment)
2021-05-09 22:59:10 +08:00
.permit(%i(user_role_id user_id))
end
def set_project
2023-02-23 21:57:38 +08:00
@project = @experiment.project
2021-05-09 22:59:10 +08:00
end
def set_experiment
2023-02-23 21:57:38 +08:00
@experiment = @my_module.experiment
2021-05-09 22:59:10 +08:00
end
def set_my_module
2023-02-23 21:57:38 +08:00
@my_module = MyModule.includes(user_assignments: %i(user user_role)).find_by(id: params[:id])
2021-05-09 22:59:10 +08:00
render_404 unless @my_module
end
def check_manage_permissions
render_403 unless can_manage_my_module_users?(@my_module)
2021-05-09 22:59:10 +08:00
end
def check_read_permissions
render_403 unless can_read_my_module?(@my_module)
2021-05-09 22:59:10 +08:00
end
def log_change_activity
Activities::CreateActivityService.call(
activity_type: :change_user_role_on_my_module,
owner: current_user,
subject: @my_module,
team: @project.team,
project: @project,
message_items: {
my_module: @my_module.id,
user_target: @user_assignment.user_id,
role: @user_assignment.user_role.name
}
)
end
2021-05-09 22:59:10 +08:00
end
end