class UserProjectsController < ApplicationController
include NotificationsHelper
include InputSanitizeHelper
before_action :load_vars
before_action :load_user_project, only: %i(update destroy)
before_action :check_view_permissions, only: :index
before_action :check_manage_users_permissions, only: :index_edit
before_action :check_create_permissions, only: :create
before_action :check_manage_permissions, only: %i(update destroy)
def index
@user_projects = @project.user_projects
respond_to do |format|
format.json do
render json: {
html: render_to_string(partial: 'index.html.erb')
}
end
end
end
def index_edit
@user_projects = @project.user_projects
@unassigned_users = @project.unassigned_users
@new_user_project = UserProject.new(project: @project)
respond_to do |format|
format.json do
render json: {
html_title: t('projects.index.modal_manage_users.modal_title', name: @project.name),
html_body: render_to_string(partial: 'index_edit.html.erb'),
html_footer: render_to_string(partial: 'index_edit_footer.html.erb')
}
end
end
end
def create
@user_project = @project.user_projects.new(user_project_params)
@user_project.assigned_by = current_user
if @user_project.save
log_activity(:assign_user_to_project)
respond_to do |format|
format.json do
redirect_to edit_project_users_path(format: :json), turbolinks: false
end
end
else
error = t('user_projects.create.can_add_user_to_project')
error = t('user_projects.create.select_user_role') unless @user_project.role
respond_to do |format|
format.json do
render json: {
status: 'error',
error: error
}
end
end
end
end
def update
@user_project.role = user_project_params[:role]
if @user_project.save
log_activity(:change_user_role_on_project)
respond_to do |format|
format.json do
redirect_to edit_project_users_path(format: :json), turbolinks: false
end
end
else
respond_to do |format|
format.json do
render json: {
status: 'error',
errors: @user_project.errors
}
end
end
end
end
def destroy
if @user_project.destroy
log_activity(:unassign_user_from_project)
respond_to do |format|
format.json do
redirect_to edit_project_users_path(format: :json),
turbolinks: false,
status: :see_other
end
end
else
respond_to do |format|
format.json do
render json: {
errors: @user_project.errors
}
end
end
end
end
private
def load_vars
@project = Project.find_by(id: params[:project_id])
render_404 unless @project
end
def load_user_project
@user_project = @project.user_projects.find(params[:id])
render_404 unless @user_project
end
def check_view_permissions
render_403 unless can_read_project?(@project)
end
def check_manage_users_permissions
render_403 unless can_manage_project?(@project)
end
def check_create_permissions
render_403 unless can_manage_project?(@project)
end
def check_manage_permissions
render_403 unless can_manage_project?(@project) && @user_project.user_id != current_user.id
end
def user_project_params
params.require(:user_project).permit(:user_id, :project_id, :role)
end
def log_activity(type_of)
Activities::CreateActivityService
.call(activity_type: type_of,
owner: current_user,
subject: @project,
team: @project.team,
project: @project,
message_items: { project: @project.id,
user_target: @user_project.user.id,
role: @user_project.role_str })
end
end