add create, update team permission and refactor 422 respond handling in controllers

2025-10-10 05:46:47 +08:00 · 2017-12-04 11:12:35 +01:00 · 2017-12-04 11:12:35 +01:00 · 11a3cd196c
commit 11a3cd196c
parent 8893fd668d
9 changed files with 36 additions and 14 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -13,6 +13,15 @@ class ApplicationController < ActionController::Base
  around_action :set_time_zone, if: :current_user
  layout 'main'

+  def respond_422(message = t('client_api.permission_error'))
+    respond_to do |format|
+      format.json do
+        render json: { message: message },
+               status: 422
+      end
+    end
+  end
+
  def forbidden
    render_403
  end
--- a/app/controllers/client_api/teams/teams_controller.rb
+++ b/app/controllers/client_api/teams/teams_controller.rb
@ -3,6 +3,8 @@ module ClientApi
    class TeamsController < ApplicationController
      include ClientApi::Users::UserTeamsHelper

+      before_action :check_update_team_permission, only: :update
+
      def index
        teams = current_user.datatables_teams
        success_response(template: '/client_api/teams/index',
@ -67,6 +69,13 @@ module ClientApi
        params.require(:team).permit(:name, :description)
      end

+      def check_update_team_permission
+        @team = Team.find_by_id(params[:team_id])
+        unless can_update_team?(@team)
+          respond_422(t('client_api.teams.permission_error'))
+        end
+      end
+
      def success_response(args = {})
        template = args.fetch(:template) { nil }
        locals = args.fetch(:locals) { {} }
--- a/app/controllers/client_api/users/invitations_controller.rb
+++ b/app/controllers/client_api/users/invitations_controller.rb
@ -34,12 +34,7 @@ module ClientApi
      def check_invite_users_permission
        @team = Team.find_by_id(params[:team_id])
        if @team && !can_create_user_team?(@team)
-          respond_to do |format|
-            format.json do
-              render json: t('client_api.invite_users.permission_error'),
-                     status: 422
-            end
-          end
+          respond_422(t('client_api.invite_users.permission_error'))
        end
      end
    end
--- a/app/controllers/client_api/users/user_teams_controller.rb
+++ b/app/controllers/client_api/users/user_teams_controller.rb
@ -49,12 +49,7 @@ module ClientApi
      def check_manage_user_team_permission
        @user_team = UserTeam.find_by_id(params[:user_team])
        unless can_update_or_delete_user_team?(@user_team)
-          respond_to do |format|
-            format.json do
-              render json: t('client_api.user_teams.permission_error'),
-                     status: 422
-            end
-          end
+          respond_422(t('client_api.user_teams.permission_error'))
        end
      end

--- a/app/javascript/src/scenes/SettingsPage/scenes/team/components/UpdateTeamDescriptionModal.jsx
+++ b/app/javascript/src/scenes/SettingsPage/scenes/team/components/UpdateTeamDescriptionModal.jsx
@ -54,7 +54,7 @@ class UpdateTeamDescriptionModal extends Component<Props, State> {
        this.onCloseModal();
      })
      .catch(error => {
-        (this: any).form.setErrorsForTag('description', [error.message])
+        (this: any).form.setErrorsForTag('description', error.response.data.message)
      });
  }

--- a/app/javascript/src/scenes/SettingsPage/scenes/team/components/UpdateTeamNameModal.jsx
+++ b/app/javascript/src/scenes/SettingsPage/scenes/team/components/UpdateTeamNameModal.jsx
@ -54,7 +54,7 @@ class UpdateTeamNameModal extends Component<Props, State> {
        this.onCloseModal();
      })
      .catch(error => {
-        (this: any).form.setErrorsForTag("name", [error.message]);
+        (this: any).form.setErrorsForTag("name", error.response.data.message);
      });
  }

--- a/app/permissions/organization.rb
+++ b/app/permissions/organization.rb
@ -0,0 +1,6 @@
+Canaid::Permissions.register_generic do
+  can :create_team do |user|
+    # TBD
+    true
+  end
+end
--- a/app/permissions/team.rb
+++ b/app/permissions/team.rb
@ -4,6 +4,11 @@ Canaid::Permissions.register_for(Team) do
    user.is_member_of_team?(team)
  end

+  # edit team name, edit team description
+  can :update_team do |user, team|
+    user.is_admin_of_team?(team)
+  end
+
  # invite user to team
  can :create_user_team do |user, team|
    user.is_admin_of_team?(team)
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -1817,12 +1817,15 @@ en:
  by: 'by'

  client_api:
+    permission_error: "You don't have permission for this action."
    invalid_arguments: "Invalid arguments"
    generic_error_message: "Something went wrong! Please try again later."
    user_teams:
      permission_error: "You don't have permission to manage users."
      leave_team_error: "An error occured."
      leave_flash: "Successfuly left team %{team}."
+    teams:
+      permission_error: "You don't have permission to edit team."
    user:
      current_password_invalid: "incorrect password"
      password_confirmation_not_match: "doesn't match"