scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-10-10 22:06:46 +08:00
Code Issues Projects Releases Packages Wiki Activity

add create, update team permission and refactor 422 respond handling in controllers

Browse source
This commit is contained in:
mlorb 2017-12-04 11:12:35 +01:00
parent 8893fd668d
commit 11a3cd196c
9 changed files with 36 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/application_controller.rb
View file

@ -13,6 +13,15 @@ class ApplicationController < ActionController::Base
around_action :set_time_zone, if: :current_user around_action :set_time_zone, if: :current_user
layout 'main' layout 'main'
def respond_422(message = t('client_api.permission_error'))
respond_to do |format|
format.json do
render json: { message: message },
status: 422
end
end
end
def forbidden def forbidden
render_403 render_403
end end

9
app/controllers/client_api/teams/teams_controller.rb
View file

@ -3,6 +3,8 @@ module ClientApi
class TeamsController < ApplicationController class TeamsController < ApplicationController
include ClientApi::Users::UserTeamsHelper include ClientApi::Users::UserTeamsHelper
before_action :check_update_team_permission, only: :update
def index def index
teams = current_user.datatables_teams teams = current_user.datatables_teams
success_response(template: '/client_api/teams/index', success_response(template: '/client_api/teams/index',
@ -67,6 +69,13 @@ module ClientApi
params.require(:team).permit(:name, :description) params.require(:team).permit(:name, :description)
end end
def check_update_team_permission
@team = Team.find_by_id(params[:team_id])
unless can_update_team?(@team)
respond_422(t('client_api.teams.permission_error'))
end
end
def success_response(args = {}) def success_response(args = {})
template = args.fetch(:template) { nil } template = args.fetch(:template) { nil }
locals = args.fetch(:locals) { {} } locals = args.fetch(:locals) { {} }

7
app/controllers/client_api/users/invitations_controller.rb
View file

@ -34,12 +34,7 @@ module ClientApi
def check_invite_users_permission def check_invite_users_permission
@team = Team.find_by_id(params[:team_id]) @team = Team.find_by_id(params[:team_id])
if @team && !can_create_user_team?(@team) if @team && !can_create_user_team?(@team)
respond_to do |format| respond_422(t('client_api.invite_users.permission_error'))
format.json do
render json: t('client_api.invite_users.permission_error'),
status: 422
end
end
end end
end end
end end

7
app/controllers/client_api/users/user_teams_controller.rb
View file

@ -49,12 +49,7 @@ module ClientApi
def check_manage_user_team_permission def check_manage_user_team_permission
@user_team = UserTeam.find_by_id(params[:user_team]) @user_team = UserTeam.find_by_id(params[:user_team])
unless can_update_or_delete_user_team?(@user_team) unless can_update_or_delete_user_team?(@user_team)
respond_to do |format| respond_422(t('client_api.user_teams.permission_error'))
format.json do
render json: t('client_api.user_teams.permission_error'),
status: 422
end
end
end end
end end

2
app/javascript/src/scenes/SettingsPage/scenes/team/components/UpdateTeamDescriptionModal.jsx
View file

@ -54,7 +54,7 @@ class UpdateTeamDescriptionModal extends Component<Props, State> {
this.onCloseModal(); this.onCloseModal();
}) })
.catch(error => { .catch(error => {
(this: any).form.setErrorsForTag('description', [error.message]) (this: any).form.setErrorsForTag('description', error.response.data.message)
}); });
} }

2
app/javascript/src/scenes/SettingsPage/scenes/team/components/UpdateTeamNameModal.jsx
View file

@ -54,7 +54,7 @@ class UpdateTeamNameModal extends Component<Props, State> {
this.onCloseModal(); this.onCloseModal();
}) })
.catch(error => { .catch(error => {
(this: any).form.setErrorsForTag("name", [error.message]); (this: any).form.setErrorsForTag("name", error.response.data.message);
}); });
} }

6
app/permissions/organization.rb
View file

@ -0,0 +1,6 @@
Canaid::Permissions.register_generic do
can :create_team do |user|
# TBD
true
end
end

5
app/permissions/team.rb
View file

@ -4,6 +4,11 @@ Canaid::Permissions.register_for(Team) do
user.is_member_of_team?(team) user.is_member_of_team?(team)
end end
# edit team name, edit team description
can :update_team do |user, team|
user.is_admin_of_team?(team)
end
# invite user to team # invite user to team
can :create_user_team do |user, team| can :create_user_team do |user, team|
user.is_admin_of_team?(team) user.is_admin_of_team?(team)

3
config/locales/en.yml
View file

@ -1817,12 +1817,15 @@ en:
by: 'by' by: 'by'
client_api: client_api:
permission_error: "You don't have permission for this action."
invalid_arguments: "Invalid arguments" invalid_arguments: "Invalid arguments"
generic_error_message: "Something went wrong! Please try again later." generic_error_message: "Something went wrong! Please try again later."
user_teams: user_teams:
permission_error: "You don't have permission to manage users." permission_error: "You don't have permission to manage users."
leave_team_error: "An error occured." leave_team_error: "An error occured."
leave_flash: "Successfuly left team %{team}." leave_flash: "Successfuly left team %{team}."
teams:
permission_error: "You don't have permission to edit team."
user: user:
current_password_invalid: "incorrect password" current_password_invalid: "incorrect password"
password_confirmation_not_match: "doesn't match" password_confirmation_not_match: "doesn't match"