# frozen_string_literal: true module Api module V1 class ProjectUserAssignmentsController < BaseController before_action :load_team before_action :load_project before_action :check_read_permissions before_action :load_user_assignment, only: %i(show update destroy) before_action :load_user_project_for_managing, only: %i(show update destroy) rescue_from TypeError do # TEMP (17.10.2021) additional error details when using the deprecated user_projects detail_key = params.dig('data', 'type') == 'user_projects' ? 'user_projects_detail' : 'detail' render_error(I18n.t('api.core.errors.type.title'), I18n.t("api.core.errors.type.#{detail_key}"), :bad_request) end def index user_assignments = timestamps_filter(@project.user_assignments).includes(:user_role) .page(params.dig(:page, :number)) .per(params.dig(:page, :size)) render jsonapi: user_assignments, each_serializer: UserAssignmentSerializer, include: include_params end def show render jsonapi: @user_assignment, serializer: UserAssignmentSerializer, include: include_params end def create raise PermissionError.new(Project, :manage) unless can_manage_project_users?(@project) ActiveRecord::Base.transaction do user_assignment = UserAssignment.find_or_initialize_by( assignable: @project, user_id: user_project_params[:user_id], team: @project.team ) user_assignment.update!( user_role_id: user_project_params[:user_role_id], assigned_by: current_user, assigned: :manually ) log_activity(:assign_user_to_project, { user_target: user_assignment.user.id, role: user_assignment.user_role.name }) propagate_job(user_assignment) render jsonapi: user_assignment.reload, serializer: UserAssignmentSerializer, status: :created end end def update # prevent role change if it would result in no manually assigned users having the user management permission new_user_role = UserRole.find(user_project_params[:user_role_id]) if !new_user_role.has_permission?(ProjectPermissions::USERS_MANAGE) && @user_assignment.last_with_permission?(ProjectPermissions::USERS_MANAGE, assigned: :manually) raise ActiveRecord::RecordInvalid end return render body: nil, status: :no_content if @user_assignment&.user_role == new_user_role ActiveRecord::Base.transaction do @user_assignment.update!(user_role: new_user_role) log_activity(:change_user_role_on_project, { user_target: @user_assignment.user.id, role: @user_assignment.user_role.name }) propagate_job(@user_assignment) end render jsonapi: @user_assignment.reload, serializer: UserAssignmentSerializer, status: :ok end def destroy # prevent deletion of last manually assigned user that can manage users if @user_assignment.last_with_permission?(ProjectPermissions::USERS_MANAGE, assigned: :manually) raise ActiveRecord::RecordInvalid end ActiveRecord::Base.transaction do if @project.visible? @user_assignment.update!( user_role: @project.default_public_user_role, assigned: :automatically ) else @user_assignment.destroy! end propagate_job(@user_assignment, destroy: true) log_activity(:unassign_user_from_project, { user_target: @user_assignment.user.id, role: @user_assignment.user_role.name }) end render body: nil end private def propagate_job(user_assignment, destroy: false) UserAssignments::PropagateAssignmentJob.perform_later( @project, user_assignment.user.id, user_assignment.user_role, current_user.id, destroy: destroy ) end def log_activity(type_of, message_items = {}) message_items = { project: @project.id }.merge(message_items) Activities::CreateActivityService .call(activity_type: type_of, owner: current_user, subject: @project, team: @project.team, project: @project, message_items: message_items) end # Override, in order to handle special case for team owners def load_project @project = @team.projects.find(params.require(:project_id)) end def check_read_permissions # team owners can always manage users, so they should also be able to read them unless can_read_project_users?(@project) || can_manage_project_users?(@project) raise PermissionError.new(Project, :read_users) end end def load_user_assignment @user_assignment = @project.user_assignments.find(params.require(:id)) end def load_user_project_for_managing raise PermissionError.new(Project, :manage_users) unless can_manage_project_users?(@project) end def user_project_params raise TypeError unless params.require(:data).require(:type) == 'user_assignments' params.require(:data).require(:attributes).permit(:user_id, :user_role_id) end def permitted_includes %w(user user_role assignable) end end end end