scinote-web/app/controllers/user_projects_controller.rb

class UserProjectsController < ApplicationController
  include NotificationsHelper
  include InputSanitizeHelper

  before_action :load_vars
  before_action :check_view_permissions, only: :index
  before_action :check_manage_users_permissions, only: :index_edit
  before_action :check_create_permissions, only: :create
  before_action :check_manage_permisisons, only: %i(update destroy)

  def index
    @users = @project.user_projects

    respond_to do |format|
      format.json do
        render json: {
          html: render_to_string(
            partial: 'index.html.erb'
          ),
          project_id: @project.id,
          counter: @project.users.count # Used for counter badge
        }
      end
    end
  end

  def index_edit
    @users = @project.user_projects
    @unassigned_users = @project.unassigned_users
    @up = UserProject.new(project: @project)

    respond_to do |format|
      format.json do
        render json: {
          project: @project,
          html_body: render_to_string(
            partial: 'index_edit.html.erb'
          ),
          html_footer: render_to_string(
            partial: 'index_edit_footer.html.erb'
          )
        }
      end
    end
  end

  def create
    @up = UserProject.new(up_params.merge(project: @project))
    @up.assigned_by = current_user

    if @up.save
      # Generate activity
      Activity.create(
        type_of: :assign_user_to_project,
        user: current_user,
        project: @project,
        message: t(
          "activities.assign_user_to_project",
          assigned_user: @up.user.full_name,
          role: @up.role_str,
          project: @project.name,
          assigned_by_user: current_user.full_name
        )
      )

      respond_to do |format|
        format.json do
          redirect_to project_users_edit_path(format: :json), turbolinks: false
        end
      end
    else
      error = t('user_projects.create.can_add_user_to_project')
      error = t('user_projects.create.select_user_role') unless @up.role

      respond_to do |format|
        format.json {
          render :json => {
            status: 'error',
            error: error
          }
        }
      end
    end
  end

  def update
    @up = UserProject.find(params[:id])

    unless @up
      render_404
    end

    @up.role = up_params[:role]

    if @up.save
      # Generate activity
      Activity.create(
        type_of: :change_user_role_on_project,
        user: current_user,
        project: @project,
        message: t(
          "activities.change_user_role_on_project",
          actor: current_user.full_name,
          user: @up.user.full_name,
          project: @project.name,
          role: @up.role_str
        )
      )

      respond_to do |format|
        format.json do
          redirect_to project_users_edit_path(format: :json), turbolinks: false
        end
      end
    else
      respond_to do |format|
        format.json {
          render :json => {
            status: 'error',
            :errors => [
              flash_error
            ]
          }
        }
      end
    end
  end

  def destroy
    if @up.destroy
      # Generate activity
      Activity.create(
        type_of: :unassign_user_from_project,
        user: current_user,
        project: @project,
        message: t(
          "activities.unassign_user_from_project",
          unassigned_user: @up.user.full_name,
          project: @project.name,
          unassigned_by_user: current_user.full_name
        )
      )
      generate_notification(current_user, @up.user, false, false, @project)

      respond_to do |format|
        format.json do
          redirect_to project_users_edit_path(format: :json),
                      turbolinks: false,
                      status: 303
        end
      end
    else
      respond_to do |format|
        format.json {
          render :json => {
            :errors => [
              flash_error
            ]
          }
        }
      end
    end
  end

  private

  def load_vars
    @project = Project.find_by_id(params[:project_id])
    unless @project
      render_404
    end

    if action_name == "destroy"
      @up = UserProject.find(params[:id])
      unless @up
        render_404
      end
    end
  end

  def check_view_permissions
    render_403 unless can_read_project?(@project)
  end

  def check_manage_users_permissions
    render_403 unless can_manage_project?(@project)
  end

  def check_create_permissions
    render_403 unless can_create_projects?(current_team)
  end

  def check_manage_permisisons
    render_403 unless can_manage_project?(@project) &&
                      params[:id] == current_user.id
  end

  def init_gui
    @users = @project.unassigned_users
  end

  def up_params
    params.require(:user_project).permit(:user_id, :project_id, :role)
  end
end
Initial commit. 2016-02-12 23:52:43 +08:00			`class UserProjectsController < ApplicationController`
refactoring notification method 2016-11-07 22:31:06 +08:00			`include NotificationsHelper`
fixes remove user action on project [fixes SCI-1261] 2017-05-12 22:18:53 +08:00			`include InputSanitizeHelper`
refactoring notification method 2016-11-07 22:31:06 +08:00
Initial commit. 2016-02-12 23:52:43 +08:00			`before_action :load_vars`
Corrected some project level permissions; minor refactoring. 2018-02-03 01:19:03 +08:00			`before_action :check_view_permissions, only: :index`
			`before_action :check_manage_users_permissions, only: :index_edit`
Refactor user projects & user my modules code 2016-11-22 22:16:26 +08:00			`before_action :check_create_permissions, only: :create`
Renamed permission 'update_project' to 'manage_project'. Some permissions fixes; added them in some places where they were missing. 2018-02-03 01:48:55 +08:00			`before_action :check_manage_permisisons, only: %i(update destroy)`
Initial commit. 2016-02-12 23:52:43 +08:00
			`def index`
			`@users = @project.user_projects`

			`respond_to do \|format\|`
Add counters for users and comments on canvas [SCI-152] 2017-05-08 23:32:55 +08:00			`format.json do`
			`render json: {`
			`html: render_to_string(`
			`partial: 'index.html.erb'`
			`),`
			`project_id: @project.id,`
Add comments to the code [SCI-152] 2017-05-09 16:18:57 +08:00			`counter: @project.users.count # Used for counter badge`
Initial commit. 2016-02-12 23:52:43 +08:00			`}`
Add counters for users and comments on canvas [SCI-152] 2017-05-08 23:32:55 +08:00			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`end`

			`def index_edit`
			`@users = @project.user_projects`
			`@unassigned_users = @project.unassigned_users`
			`@up = UserProject.new(project: @project)`

			`respond_to do \|format\|`
Add counters for users and comments on canvas [SCI-152] 2017-05-08 23:32:55 +08:00			`format.json do`
			`render json: {`
			`project: @project,`
			`html_body: render_to_string(`
			`partial: 'index_edit.html.erb'`
			`),`
			`html_footer: render_to_string(`
			`partial: 'index_edit_footer.html.erb'`
			`)`
Initial commit. 2016-02-12 23:52:43 +08:00			`}`
Add counters for users and comments on canvas [SCI-152] 2017-05-08 23:32:55 +08:00			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`end`

			`def create`
			`@up = UserProject.new(up_params.merge(project: @project))`
			`@up.assigned_by = current_user`

			`if @up.save`
			`# Generate activity`
			`Activity.create(`
			`type_of: :assign_user_to_project,`
			`user: current_user,`
			`project: @project,`
			`message: t(`
			`"activities.assign_user_to_project",`
			`assigned_user: @up.user.full_name,`
			`role: @up.role_str,`
			`project: @project.name,`
			`assigned_by_user: current_user.full_name`
			`)`
			`)`

			`respond_to do \|format\|`
Fix assignment of users to projects [SCI-1838] 2017-11-30 05:55:10 +08:00			`format.json do`
			`redirect_to project_users_edit_path(format: :json), turbolinks: false`
			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`else`
			`error = t('user_projects.create.can_add_user_to_project')`
			`error = t('user_projects.create.select_user_role') unless @up.role`

			`respond_to do \|format\|`
			`format.json {`
			`render :json => {`
			`status: 'error',`
Fix user projects not working 2016-11-23 20:19:10 +08:00			`error: error`
Initial commit. 2016-02-12 23:52:43 +08:00			`}`
			`}`
			`end`
			`end`
			`end`

			`def update`
			`@up = UserProject.find(params[:id])`

			`unless @up`
			`render_404`
			`end`

			`@up.role = up_params[:role]`

			`if @up.save`
			`# Generate activity`
			`Activity.create(`
			`type_of: :change_user_role_on_project,`
			`user: current_user,`
			`project: @project,`
			`message: t(`
			`"activities.change_user_role_on_project",`
			`actor: current_user.full_name,`
			`user: @up.user.full_name,`
			`project: @project.name,`
			`role: @up.role_str`
			`)`
			`)`

			`respond_to do \|format\|`
Fix assignment of users to projects [SCI-1838] 2017-11-30 05:55:10 +08:00			`format.json do`
			`redirect_to project_users_edit_path(format: :json), turbolinks: false`
			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`else`
			`respond_to do \|format\|`
			`format.json {`
			`render :json => {`
			`status: 'error',`
			`:errors => [`
			`flash_error`
			`]`
			`}`
			`}`
			`end`
			`end`
			`end`

			`def destroy`
			`if @up.destroy`
			`# Generate activity`
			`Activity.create(`
			`type_of: :unassign_user_from_project,`
			`user: current_user,`
			`project: @project,`
			`message: t(`
			`"activities.unassign_user_from_project",`
			`unassigned_user: @up.user.full_name,`
			`project: @project.name,`
			`unassigned_by_user: current_user.full_name`
			`)`
			`)`
refactoring notification method 2016-11-07 22:31:06 +08:00			`generate_notification(current_user, @up.user, false, false, @project)`
Initial commit. 2016-02-12 23:52:43 +08:00
			`respond_to do \|format\|`
Fix assignment of users to projects [SCI-1838] 2017-11-30 05:55:10 +08:00			`format.json do`
			`redirect_to project_users_edit_path(format: :json),`
			`turbolinks: false,`
			`status: 303`
			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`else`
			`respond_to do \|format\|`
			`format.json {`
			`render :json => {`
			`:errors => [`
			`flash_error`
			`]`
			`}`
			`}`
			`end`
			`end`
			`end`

			`private`

			`def load_vars`
			`@project = Project.find_by_id(params[:project_id])`
			`unless @project`
			`render_404`
			`end`

			`if action_name == "destroy"`
			`@up = UserProject.find(params[:id])`
			`unless @up`
			`render_404`
			`end`
			`end`
			`end`

			`def check_view_permissions`
Fixing and refactoring project permissions in controllers. 2018-01-25 19:55:57 +08:00			`render_403 unless can_read_project?(@project)`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`

Corrected some project level permissions; minor refactoring. 2018-02-03 01:19:03 +08:00			`def check_manage_users_permissions`
Renamed permission 'update_project' to 'manage_project'. Some permissions fixes; added them in some places where they were missing. 2018-02-03 01:48:55 +08:00			`render_403 unless can_manage_project?(@project)`
Corrected some project level permissions; minor refactoring. 2018-02-03 01:19:03 +08:00			`end`

Initial commit. 2016-02-12 23:52:43 +08:00			`def check_create_permissions`
Fixing and refactoring project permissions in controllers. 2018-01-25 19:55:57 +08:00			`render_403 unless can_create_projects?(current_team)`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`

Renamed permission 'update_project' to 'manage_project'. Some permissions fixes; added them in some places where they were missing. 2018-02-03 01:48:55 +08:00			`def check_manage_permisisons`
			`render_403 unless can_manage_project?(@project) &&`
			`params[:id] == current_user.id`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`

			`def init_gui`
			`@users = @project.unassigned_users`
			`end`

			`def up_params`
			`params.require(:user_project).permit(:user_id, :project_id, :role)`
			`end`
			`end`