scinote-web/app/controllers/custom_fields_controller.rb

106 lines
2.7 KiB
Ruby
Raw Normal View History

2016-02-12 23:52:43 +08:00
class CustomFieldsController < ApplicationController
2016-12-09 18:58:10 +08:00
before_action :load_vars, only: [:update, :destroy, :destroy_html]
before_action :load_vars_nested, only: [:create, :destroy_html]
before_action :check_create_permissions, only: :create
2016-11-29 22:05:18 +08:00
before_action :check_update_permissions, only: :update
2016-12-09 18:58:10 +08:00
before_action :check_destroy_permissions, only: [:destroy, :destroy_html]
2016-02-12 23:52:43 +08:00
def create
@custom_field = CustomField.new(custom_field_params)
@custom_field.organization = @organization
@custom_field.user = current_user
respond_to do |format|
if @custom_field.save
2016-11-29 22:05:18 +08:00
format.json do
2016-02-12 23:52:43 +08:00
render json: {
id: @custom_field.id,
2016-12-09 18:58:10 +08:00
name: @custom_field.name,
edit_url:
organization_custom_field_path(@organization, @custom_field),
destroy_html_url:
organization_custom_field_destroy_html_path(
@organization, @custom_field
)
2016-02-12 23:52:43 +08:00
},
2016-11-29 22:05:18 +08:00
status: :ok
end
2016-02-12 23:52:43 +08:00
else
format.json do
render json: @custom_field.errors.to_json,
status: :unprocessable_entity
end
2016-02-12 23:52:43 +08:00
end
end
end
2016-11-29 22:05:18 +08:00
def update
respond_to do |format|
format.json do
@custom_field.update_attributes(custom_field_params)
if @custom_field.save
render json: { status: :ok }
else
render json: @custom_field.errors.to_json,
status: :unprocessable_entity
end
end
end
end
2016-12-09 18:58:10 +08:00
def destroy_html
respond_to do |format|
format.json do
render json: {
html: render_to_string(
partial: 'samples/delete_custom_field_modal_body.html.erb'
)
}
end
end
end
def destroy
respond_to do |format|
format.json do
if @custom_field.destroy
render json: { status: :ok }
else
render json: { status: :unprocessable_entity }
end
end
end
end
2016-02-12 23:52:43 +08:00
private
2016-11-29 22:05:18 +08:00
def load_vars
@custom_field = CustomField.find_by_id(params[:id])
2016-12-09 18:58:10 +08:00
@custom_field = CustomField.find_by_id(
params[:custom_field_id]
) unless @custom_field
2016-11-29 22:05:18 +08:00
render_404 unless @custom_field
end
2016-02-12 23:52:43 +08:00
def load_vars_nested
@organization = Organization.find_by_id(params[:organization_id])
2016-11-29 22:05:18 +08:00
render_404 unless @organization
2016-02-12 23:52:43 +08:00
end
def check_create_permissions
2016-11-29 22:05:18 +08:00
render_403 unless can_create_custom_field_in_organization(@organization)
end
def check_update_permissions
render_403 unless can_edit_custom_field(@custom_field)
2016-02-12 23:52:43 +08:00
end
2016-12-09 18:58:10 +08:00
def check_destroy_permissions
render_403 unless can_delete_custom_field(@custom_field)
end
2016-02-12 23:52:43 +08:00
def custom_field_params
params.require(:custom_field).permit(:name)
end
end