scinote-web/app/controllers/user_projects_controller.rb
2016-07-21 13:11:15 +02:00

285 lines
6.6 KiB
Ruby

class UserProjectsController < ApplicationController
before_action :load_vars
before_action :check_view_tab_permissions, only: [ :index ]
before_action :check_view_permissions, only: [ :index_edit ]
before_action :check_create_permissions, only: [:new, :create]
# TODO check update permissions
before_action :check_update_permisisons, only: [:update]
before_action :check_delete_permisisons, only: [:destroy]
def index
@users = @project.user_projects
respond_to do |format|
#format.html
format.json {
render :json => {
:html => render_to_string({
:partial => "index.html.erb"
})
}
}
end
end
def index_edit
@users = @project.user_projects
@unassigned_users = @project.unassigned_users
@up = UserProject.new(project: @project)
respond_to do |format|
format.json {
render :json => {
:project => @project,
:html_body => render_to_string({
:partial => "index_edit.html.erb"
}),
:html_footer => render_to_string({
:partial => "index_edit_footer.html.erb"
})
}
}
end
end
def new
@up = UserProject.new(
project: @project
)
init_gui
end
def create
@up = UserProject.new(up_params.merge(project: @project))
@up.assigned_by = current_user
if @up.save
flash_success = t('user_projects.create.success_flash',
user: @up.user.full_name,
project: @up.project.name)
# Generate activity
Activity.create(
type_of: :assign_user_to_project,
user: current_user,
project: @project,
message: t(
"activities.assign_user_to_project",
assigned_user: @up.user.full_name,
role: @up.role_str,
project: @project.name,
assigned_by_user: current_user.full_name
)
)
respond_to do |format|
format.html {
flash[:success] = flash_success
redirect_to projects_path
}
format.json {
redirect_to :action => :index_edit, :format => :json
}
end
else
flash_error = t('user_projects.create.error_flash',
user: @up.user.full_name,
project: @up.project.name)
error = t('user_projects.create.can_add_user_to_project')
error = t('user_projects.create.select_user_role') unless @up.role
respond_to do |format|
format.html {
flash[:error] = flash_error
init_gui
render :new
}
format.json {
render :json => {
status: 'error',
error: error,
:errors => [
flash_error
]
}
}
end
end
end
def edit
@up = UserProject.find(params[:id])
end
def update
@up = UserProject.find(params[:id])
unless @up
render_404
end
@up.role = up_params[:role]
if @up.save
flash_success = t(
"user_projects.update.success_flash",
user: @up.user.full_name,
project: @up.project.name)
# Generate activity
Activity.create(
type_of: :change_user_role_on_project,
user: current_user,
project: @project,
message: t(
"activities.change_user_role_on_project",
actor: current_user.full_name,
user: @up.user.full_name,
project: @project.name,
role: @up.role_str
)
)
respond_to do |format|
format.html {
flash[:success] = flash_success
redirect_to projects_path
}
format.json {
redirect_to :action => :index_edit, :format => :json
}
end
else
flash_error = t('user_projects.update.error_flash',
user: @up.user.full_name,
project: @up.project.name)
respond_to do |format|
format.html {
flash[:error] = flash_error
init_gui
render :new
}
format.json {
render :json => {
status: 'error',
:errors => [
flash_error
]
}
}
end
end
end
def destroy
if @up.destroy
flash_success = t(
'user_projects.destroy.success_flash',
user: @up.user.full_name,
project: @up.project.name)
# Generate activity
Activity.create(
type_of: :unassign_user_from_project,
user: current_user,
project: @project,
message: t(
"activities.unassign_user_from_project",
unassigned_user: @up.user.full_name,
project: @project.name,
unassigned_by_user: current_user.full_name
)
)
respond_to do |format|
format.html {
flash[:success] = flash_success
redirect_to projects_path, :status => 303
}
format.json {
redirect_to project_users_edit_path(format: :json), :status => 303
}
end
else
flash_error = t('user_projects.destroy.error_flash',
user: @up.user.full_name,
project: @up.project.name)
respond_to do |format|
format.html {
flash[:error] = flash_error
init_gui
# TODO handle response for html format in case of error
render :new
}
format.json {
render :json => {
:errors => [
flash_error
]
}
}
end
end
end
private
def load_vars
@project = Project.find_by_id(params[:project_id])
unless @project
render_404
end
if action_name == "destroy"
@up = UserProject.find(params[:id])
unless @up
render_404
end
end
end
def check_view_tab_permissions
unless can_view_project_users(@project)
render_403
end
end
def check_view_permissions
unless can_edit_users_on_project(@project)
render_403
end
end
def check_create_permissions
unless can_add_user_to_project(@project)
render_403
end
end
def check_update_permisisons
# TODO improve permissions for changing your role on project
unless params[:id] != current_user.id
render_403
end
end
def check_delete_permisisons
# TODO improve permissions for remove yourself from project
unless params[:id] != current_user.id
render_403
end
unless can_remove_user_from_project(@project)
render_403
end
end
def init_gui
@users = @project.unassigned_users
end
def up_params
params.require(:user_project).permit(:user_id, :project_id, :role)
end
end