scinote-web/app/controllers/api/v1/project_user_assignments_controller.rb

# frozen_string_literal: true

module Api
  module V1
    class ProjectUserAssignmentsController < BaseController
      before_action :load_team
      before_action :load_project
      before_action :check_read_permissions
      before_action :load_user_assignment, only: %i(show update destroy)
      before_action :load_user_project_for_managing, only: %i(show update destroy)

      rescue_from TypeError do
        # TEMP (17.10.2021) additional error details when using the deprecated user_projects
        detail_key = params.dig('data', 'type') == 'user_projects' ? 'user_projects_detail' : 'detail'

        render_error(I18n.t('api.core.errors.type.title'),
                     I18n.t("api.core.errors.type.#{detail_key}"),
                     :bad_request)
      end

      def index
        user_assignments = @project.user_assignments
                                   .includes(:user_role)
                                   .page(params.dig(:page, :number))
                                   .per(params.dig(:page, :size))

        render jsonapi: user_assignments,
               each_serializer: UserAssignmentSerializer,
               include: include_params
      end

      def show
        render jsonapi: @user_assignment,
               serializer: UserAssignmentSerializer,
               include: include_params
      end

      def create
        raise PermissionError.new(Project, :manage) unless can_manage_project_users?(@project)

        # internally we reuse the same logic as for user project assignment
        user = @team.users.find(user_project_params[:user_id])

        project_member = ProjectMember.new(user, @project, current_user)
        project_member.assign = true
        project_member.user_role_id = user_project_params[:user_role_id]
        project_member.save
        render jsonapi: project_member.user_assignment.reload,
               serializer: UserAssignmentSerializer,
               status: :created
      end

      def update
        user_role = UserRole.find user_project_params[:user_role_id]
        project_member = ProjectMember.new(@user_assignment.user, @project, current_user)

        return render body: nil, status: :no_content if project_member.user_assignment&.user_role == user_role

        project_member.user_role_id = user_role.id
        project_member.update
        render jsonapi: @user_assignment.reload, serializer: UserAssignmentSerializer, status: :ok
      end

      def destroy
        project_member = ProjectMember.new(@user_assignment.user, @project, current_user)
        project_member.destroy
        render body: nil
      end

      private

      def check_read_permissions
        # team admins can always manage users, so they should also be able to read them
        unless can_read_project_users?(@project) || can_manage_project_users?(@project)
          raise PermissionError.new(Project, :read_users)
        end
      end

      def load_user_assignment
        @user_assignment = @project.user_assignments.find(params.require(:id))
      end

      def load_user_project_for_managing
        raise PermissionError.new(Project, :manage_users) unless can_manage_project_users?(@project)
      end

      def user_project_params
        raise TypeError unless params.require(:data).require(:type) == 'user_assignments'

        params.require(:data).require(:attributes).permit(:user_id, :user_role_id)
      end

      def permitted_includes
        %w(user user_role assignable)
      end
    end
  end
end
add user roles enpoint and update scenarios 2021-05-29 21:28:10 +08:00			`# frozen_string_literal: true`

			`module Api`
			`module V1`
			`class ProjectUserAssignmentsController < BaseController`
			`before_action :load_team`
			`before_action :load_project`
Added permissions specs for API, minor changes to permissions [SCI-6152] (#3609) 2021-10-28 20:48:28 +08:00			`before_action :check_read_permissions`
add user roles enpoint and update scenarios 2021-05-29 21:28:10 +08:00			`before_action :load_user_assignment, only: %i(show update destroy)`
			`before_action :load_user_project_for_managing, only: %i(show update destroy)`

Add additional info to API project_user_assignments type error [SCI-6273] (#3674) * Add additional info to API project_user_assignments type error [SCI-6273] * Generalize user_assignments api controllers [SCI-6237] 2021-11-17 23:28:02 +08:00			`rescue_from TypeError do`
			`# TEMP (17.10.2021) additional error details when using the deprecated user_projects`
			`detail_key = params.dig('data', 'type') == 'user_projects' ? 'user_projects_detail' : 'detail'`

			`render_error(I18n.t('api.core.errors.type.title'),`
			`I18n.t("api.core.errors.type.#{detail_key}"),`
			`:bad_request)`
			`end`

add user roles enpoint and update scenarios 2021-05-29 21:28:10 +08:00			`def index`
			`user_assignments = @project.user_assignments`
			`.includes(:user_role)`
			`.page(params.dig(:page, :number))`
			`.per(params.dig(:page, :size))`

			`render jsonapi: user_assignments,`
Add additional info to API project_user_assignments type error [SCI-6273] (#3674) * Add additional info to API project_user_assignments type error [SCI-6273] * Generalize user_assignments api controllers [SCI-6237] 2021-11-17 23:28:02 +08:00			`each_serializer: UserAssignmentSerializer,`
			`include: include_params`
add user roles enpoint and update scenarios 2021-05-29 21:28:10 +08:00			`end`

			`def show`
			`render jsonapi: @user_assignment,`
Add additional info to API project_user_assignments type error [SCI-6273] (#3674) * Add additional info to API project_user_assignments type error [SCI-6273] * Generalize user_assignments api controllers [SCI-6237] 2021-11-17 23:28:02 +08:00			`serializer: UserAssignmentSerializer,`
			`include: include_params`
add user roles enpoint and update scenarios 2021-05-29 21:28:10 +08:00			`end`

			`def create`
Added permissions specs for API, minor changes to permissions [SCI-6152] (#3609) 2021-10-28 20:48:28 +08:00			`raise PermissionError.new(Project, :manage) unless can_manage_project_users?(@project)`
add user roles enpoint and update scenarios 2021-05-29 21:28:10 +08:00
			`# internally we reuse the same logic as for user project assignment`
			`user = @team.users.find(user_project_params[:user_id])`

			`project_member = ProjectMember.new(user, @project, current_user)`
			`project_member.assign = true`
			`project_member.user_role_id = user_project_params[:user_role_id]`
Implement public user grouping, deletion and updates to manually assigned [SCI-6228] (#3701) * Implement public user grouping, deletion and updates to manually assigned [SCI-6228] * PR fixes [SCI-6228] * Permission check improvement [SCI-6228] 2021-12-01 23:23:24 +08:00			`project_member.save`
fix code style 2021-05-30 01:25:46 +08:00			`render jsonapi: project_member.user_assignment.reload,`
Add additional info to API project_user_assignments type error [SCI-6273] (#3674) * Add additional info to API project_user_assignments type error [SCI-6273] * Generalize user_assignments api controllers [SCI-6237] 2021-11-17 23:28:02 +08:00			`serializer: UserAssignmentSerializer,`
fix code style 2021-05-30 01:25:46 +08:00			`status: :created`
add user roles enpoint and update scenarios 2021-05-29 21:28:10 +08:00			`end`

			`def update`
			`user_role = UserRole.find user_project_params[:user_role_id]`
			`project_member = ProjectMember.new(@user_assignment.user, @project, current_user)`

Fix tests [SCI-6486] (#3913) * Fix tests [SCI-6486] * Fix rspec tests [SCI-6486] Co-authored-by: Anton <anton@scinote.net> 2022-03-09 21:12:16 +08:00			`return render body: nil, status: :no_content if project_member.user_assignment&.user_role == user_role`
add user roles enpoint and update scenarios 2021-05-29 21:28:10 +08:00
			`project_member.user_role_id = user_role.id`
			`project_member.update`
Add additional info to API project_user_assignments type error [SCI-6273] (#3674) * Add additional info to API project_user_assignments type error [SCI-6273] * Generalize user_assignments api controllers [SCI-6237] 2021-11-17 23:28:02 +08:00			`render jsonapi: @user_assignment.reload, serializer: UserAssignmentSerializer, status: :ok`
add user roles enpoint and update scenarios 2021-05-29 21:28:10 +08:00			`end`

			`def destroy`
			`project_member = ProjectMember.new(@user_assignment.user, @project, current_user)`
			`project_member.destroy`
			`render body: nil`
			`end`

			`private`

Added permissions specs for API, minor changes to permissions [SCI-6152] (#3609) 2021-10-28 20:48:28 +08:00			`def check_read_permissions`
Fix creating new users on projects for team admins [SCI-6273] (#3685) 2021-11-19 20:58:54 +08:00			`# team admins can always manage users, so they should also be able to read them`
			`unless can_read_project_users?(@project) \|\| can_manage_project_users?(@project)`
			`raise PermissionError.new(Project, :read_users)`
			`end`
Added permissions specs for API, minor changes to permissions [SCI-6152] (#3609) 2021-10-28 20:48:28 +08:00			`end`

add user roles enpoint and update scenarios 2021-05-29 21:28:10 +08:00			`def load_user_assignment`
			`@user_assignment = @project.user_assignments.find(params.require(:id))`
			`end`

			`def load_user_project_for_managing`
Added permissions specs for API, minor changes to permissions [SCI-6152] (#3609) 2021-10-28 20:48:28 +08:00			`raise PermissionError.new(Project, :manage_users) unless can_manage_project_users?(@project)`
add user roles enpoint and update scenarios 2021-05-29 21:28:10 +08:00			`end`

			`def user_project_params`
Add additional info to API project_user_assignments type error [SCI-6273] (#3674) * Add additional info to API project_user_assignments type error [SCI-6273] * Generalize user_assignments api controllers [SCI-6237] 2021-11-17 23:28:02 +08:00			`raise TypeError unless params.require(:data).require(:type) == 'user_assignments'`
add user roles enpoint and update scenarios 2021-05-29 21:28:10 +08:00
			`params.require(:data).require(:attributes).permit(:user_id, :user_role_id)`
			`end`
Add additional info to API project_user_assignments type error [SCI-6273] (#3674) * Add additional info to API project_user_assignments type error [SCI-6273] * Generalize user_assignments api controllers [SCI-6237] 2021-11-17 23:28:02 +08:00
			`def permitted_includes`
			`%w(user user_role assignable)`
			`end`
add user roles enpoint and update scenarios 2021-05-29 21:28:10 +08:00			`end`
			`end`
			`end`