scinote-web/app/controllers/users/invitations_controller.rb

203 lines
5.6 KiB
Ruby
Raw Normal View History

2016-11-06 18:29:00 +08:00
module Users
class InvitationsController < Devise::InvitationsController
include InputSanitizeHelper
2016-11-06 18:29:00 +08:00
include UsersGenerator
prepend_before_action :check_captcha, only: [:update]
2016-11-06 18:29:00 +08:00
before_action :check_invite_users_permission, only: :invite_users
2017-06-30 16:23:28 +08:00
before_action :update_sanitized_params, only: :update
2016-11-06 18:29:00 +08:00
def update
return super unless Rails.configuration.x.new_team_on_signup
# Instantialize a new team with the provided name
@team = Team.new
@team.name = params[:team][:name]
2016-11-06 18:29:00 +08:00
super do |user|
if user.errors.empty?
@team.created_by = user
@team.save
2016-11-06 18:29:00 +08:00
UserTeam.create(
2016-11-06 18:29:00 +08:00
user: user,
team: @team,
2016-11-06 18:29:00 +08:00
role: 'admin'
)
end
2016-02-12 23:52:43 +08:00
end
end
2016-11-06 18:29:00 +08:00
def accept_resource
return super unless Rails.configuration.x.new_team_on_signup
unless @team.valid?
# Find the user being invited
resource = User.find_by_invitation_token(
update_resource_params[:invitation_token],
false
)
# Check if user's data (passwords etc.) is valid
resource.assign_attributes(
update_resource_params.except(:invitation_token)
)
resource.valid? # Call validation to generate errors
# In any case, add the team name error
resource.errors.add(:base, @team.errors.to_a.first)
return resource
end
super
2016-11-06 18:29:00 +08:00
end
def invite_users
@invite_results = []
@too_many_emails = false
cntr = 0
@emails.each do |email|
cntr += 1
if cntr > Constants::INVITE_USERS_LIMIT
@too_many_emails = true
break
end
password = generate_user_password
# Check if user already exists
user = nil
user = User.find_by_email(email) if User.exists?(email: email)
result = { email: email }
if user.present?
result[:status] = :user_exists
result[:user] = user
else
# Validate the user data
error = !(Constants::BASIC_EMAIL_REGEX === email)
error = validate_user(email, email, password).count > 0 unless error
2016-02-12 23:52:43 +08:00
2016-11-06 18:29:00 +08:00
if !error
user = User.invite!(
full_name: email,
email: email,
initials: email.upcase[0..1],
skip_invitation: true
)
2016-11-10 21:45:24 +08:00
user.update(invited_by: @user)
2016-11-06 18:29:00 +08:00
result[:status] = :user_created
result[:user] = user
# Sending email invitation is done in background job to prevent
# issues with email delivery. Also invite method must be call
# with :skip_invitation attribute set to true - see above.
user.delay.deliver_invitation
else
# Return invalid status
result[:status] = :user_invalid
end
end
if @team.present? && result[:status] != :user_invalid
if UserTeam.exists?(user: user, team: @team)
user_team =
UserTeam.where(user: user, team: @team).first
2016-11-06 18:29:00 +08:00
result[:status] = :user_exists_and_in_team
2016-11-06 18:29:00 +08:00
else
# Also generate user team relation
user_team = UserTeam.new(
2016-11-06 18:29:00 +08:00
user: user,
team: @team,
2016-11-06 18:29:00 +08:00
role: @role
)
user_team.save
2016-11-06 18:29:00 +08:00
generate_notification(
@user,
user,
user_team.role_str,
user_team.team
)
if result[:status] == :user_exists && !user.confirmed?
result[:status] = :user_exists_unconfirmed_invited_to_team
elsif result[:status] == :user_exists
result[:status] = :user_exists_invited_to_team
2016-11-06 18:29:00 +08:00
else
result[:status] = :user_created_invited_to_team
2016-11-06 18:29:00 +08:00
end
end
result[:user_team] = user_team
2016-11-06 18:29:00 +08:00
end
@invite_results << result
end
respond_to do |format|
format.json do
render json: {
html: render_to_string(
partial: 'shared/invite_users_modal_results.html.erb'
)
}
end
end
2016-02-12 23:52:43 +08:00
end
2016-11-06 18:29:00 +08:00
private
def update_sanitized_params
# Solution for Devise < 4.0.0
devise_parameter_sanitizer.permit(:accept_invitation, keys: [:full_name])
end
def check_captcha
if Rails.configuration.x.enable_recaptcha
unless verify_recaptcha
self.resource = resource_class.new
resource.invitation_token = update_resource_params[:invitation_token]
respond_with_navigational(resource) { render :edit }
end
end
end
def generate_notification(user, target_user, role, team)
title = I18n.t('notifications.assign_user_to_team',
assigned_user: target_user.name,
role: role,
team: team.name,
assigned_by_user: user.name)
message = "#{I18n.t('search.index.team')} #{team.name}"
notification = Notification.create(
type_of: :assignment,
2017-05-12 16:10:50 +08:00
title: sanitize_input(title),
message: sanitize_input(message)
)
if target_user.assignments_notification
UserNotification.create(notification: notification, user: target_user)
end
end
2016-11-06 18:29:00 +08:00
def check_invite_users_permission
@user = current_user
@emails = params[:emails].map(&:downcase)
@team = Team.find_by_id(params['teamId'])
2016-11-06 18:29:00 +08:00
@role = params['role']
2016-11-06 18:29:00 +08:00
render_403 if @emails && @emails.empty?
2018-01-24 20:21:53 +08:00
render_403 if @team && !can_manage_team_users?(@team)
render_403 if @role && !UserTeam.roles.keys.include?(@role)
2016-11-06 18:29:00 +08:00
end
end
2016-02-12 23:52:43 +08:00
end