2021-04-18 18:23:29 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
|
|
module AccessPermissions
|
|
|
|
|
class ProjectsController < ApplicationController
|
|
|
|
|
before_action :set_project
|
2021-04-18 23:19:16 +08:00
|
|
|
before_action :check_read_permissions, only: %i[show]
|
|
|
|
|
before_action :check_manage_permissions, only: %i[new create edit update destroy]
|
|
|
|
|
|
2021-04-25 00:43:28 +08:00
|
|
|
def new
|
|
|
|
|
available_users = current_team.users.where.not(id: @project.users.pluck(:id))
|
|
|
|
|
@form = AccessPermissions::NewUserProjectForm.new(
|
|
|
|
|
current_user,
|
|
|
|
|
@project,
|
|
|
|
|
users: available_users
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
respond_to do |format|
|
|
|
|
|
format.json
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2021-04-18 23:19:16 +08:00
|
|
|
def show
|
|
|
|
|
respond_to do |format|
|
|
|
|
|
format.json
|
|
|
|
|
end
|
|
|
|
|
end
|
2021-04-18 18:23:29 +08:00
|
|
|
|
|
|
|
|
def edit
|
2021-04-18 23:19:16 +08:00
|
|
|
respond_to do |format|
|
|
|
|
|
format.json
|
|
|
|
|
end
|
|
|
|
|
end
|
2021-04-18 18:23:29 +08:00
|
|
|
|
2021-04-18 23:19:16 +08:00
|
|
|
def update
|
2021-04-29 00:02:18 +08:00
|
|
|
@form = AccessPermissions::EditUserProjectForm.new(current_user, @project)
|
|
|
|
|
@form.update(permitted_update_params)
|
|
|
|
|
|
2021-04-18 23:19:16 +08:00
|
|
|
respond_to do |format|
|
|
|
|
|
format.json do
|
2021-04-29 00:02:18 +08:00
|
|
|
render :project_member
|
2021-04-18 23:19:16 +08:00
|
|
|
end
|
|
|
|
|
end
|
2021-04-18 18:23:29 +08:00
|
|
|
end
|
|
|
|
|
|
2021-04-25 00:43:28 +08:00
|
|
|
def create
|
|
|
|
|
@form = AccessPermissions::NewUserProjectForm.new(current_user, @project)
|
|
|
|
|
@form.resource_members = permitted_create_params
|
2021-04-29 00:02:18 +08:00
|
|
|
respond_to do |format|
|
|
|
|
|
if @form.save
|
2021-05-02 17:22:59 +08:00
|
|
|
@message = t('access_permissions.create.success', count: @form.new_members_count)
|
2021-04-29 00:02:18 +08:00
|
|
|
format.json { render :edit }
|
|
|
|
|
else
|
2021-04-30 19:26:06 +08:00
|
|
|
@message = t('access_permissions.create.failure')
|
2021-04-29 00:02:18 +08:00
|
|
|
format.json { render :new }
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def destroy
|
|
|
|
|
user = @project.users.find(params[:user_id])
|
2021-05-02 17:22:59 +08:00
|
|
|
project_member = ProjectMember.new(user, @project, current_user)
|
2021-04-25 00:43:28 +08:00
|
|
|
|
|
|
|
|
respond_to do |format|
|
2021-04-30 19:26:06 +08:00
|
|
|
if project_member.destroy
|
|
|
|
|
format.json do
|
|
|
|
|
render json: { flash: t('access_permissions.destroy.success', member_name: user.full_name) },
|
|
|
|
|
status: :ok
|
|
|
|
|
end
|
|
|
|
|
else
|
|
|
|
|
format.json do
|
|
|
|
|
render json: { flash: t('access_permissions.destroy.failure') },
|
|
|
|
|
status: :unprocessable_entity
|
|
|
|
|
end
|
2021-04-29 00:02:18 +08:00
|
|
|
end
|
2021-04-25 00:43:28 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2021-04-18 18:23:29 +08:00
|
|
|
private
|
|
|
|
|
|
2021-04-18 23:19:16 +08:00
|
|
|
def permitted_update_params
|
2021-04-29 00:02:18 +08:00
|
|
|
params.require(:project_member)
|
|
|
|
|
.permit(%i[user_role_id user_id])
|
2021-04-18 23:19:16 +08:00
|
|
|
end
|
|
|
|
|
|
2021-04-25 00:43:28 +08:00
|
|
|
def permitted_create_params
|
|
|
|
|
params.require(:access_permissions_new_user_project_form)
|
|
|
|
|
.permit(resource_members: %i[assign user_id user_role_id])
|
|
|
|
|
end
|
|
|
|
|
|
2021-04-18 18:23:29 +08:00
|
|
|
def set_project
|
2021-04-29 00:02:18 +08:00
|
|
|
@project = current_team.projects.includes(user_assignments: [:user, :user_role]).find_by(id: params[:id])
|
2021-04-18 18:23:29 +08:00
|
|
|
|
|
|
|
|
render_404 unless @project
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def check_manage_permissions
|
|
|
|
|
render_403 unless can_manage_project?(@project)
|
|
|
|
|
end
|
2021-04-18 23:19:16 +08:00
|
|
|
|
|
|
|
|
def check_read_permissions
|
|
|
|
|
render_403 unless can_read_project?(@project)
|
|
|
|
|
end
|
2021-04-18 18:23:29 +08:00
|
|
|
end
|
|
|
|
|
end
|
