Fork: 0
opidor / dmpopidor
Transfer to URL with SHA Find file
Newer
Older
dmpopidor / app / controllers / users_controller.rb
@xsrust xsrust on 12 Jul 2017 2 KB updated preferences to use JSON hash and be contained in a new model, addresses #481
Raw Blame History 
class UsersController < ApplicationController
  after_action :verify_authorized
  respond_to :html

  ##
  # GET - List of all users for an organisation
  # Displays number of roles[was project_group], name, email, and last sign in
  def admin_index
    authorize User
    # Sets the user to the currently logged in user if it is undefined
#    @user = current_user if @user.nil?
#    @users = @user.org.users.includes(:roles)
    @users = current_user.org.users.includes(:roles)
  end

  ##
  # GET - Displays the permissions available to the selected user
  # Permissions which the user already has are pre-selected
  # Selecting new permissions and saving calls the admin_update_permissions action
  def admin_grant_permissions
    @user = User.includes(:perms).find(params[:id])
    authorize @user
    user_perms = current_user.perms
    @perms = user_perms & [Perm.grant_permissions, Perm.modify_templates, Perm.modify_guidance, Perm.use_api, Perm.change_org_details]
  end

  ##
  # POST - updates the permissions for a user
  # redirects to the admin_index action
  # should add validation that the perms given are current perms of the current_user
  def admin_update_permissions
    @user = User.includes(:perms).find(params[:id])
    authorize @user
    perms_ids = params[:perm_ids].blank? ? [] : params[:perm_ids].map(&:to_i)
    perms = Perm.where( id: perms_ids)
    current_user.perms.each do |perm|
      if @user.perms.include? perm
        if ! perms.include? perm
          @user.perms.delete(perm)
          if perm.id == Perm.use_api.id
            @user.remove_token!
          end
        end
      else
        if perms.include? perm
          @user.perms << perm
          if perm.name == Perm.use_api.id
            @user.keep_or_generate_token!
          end
        end
      end
    end

    if @user.save!
      redirect_to({controller: 'users', action: 'admin_index'}, {notice: success_message(_('permissions'), _('saved'))})  # helpers.success key does not exist, replaced with a generic string
    else
      flash[:alert] = failed_update_error(@user, _('user'))
    end
  end

  def update_email_preferences
    prefs = params[:prefs]
    authorize current_user, :update?
    pref = current_user.pref
    # does user not have prefs?
    if pref.blank?
      pref = Pref.new
      pref.settings = {}
      pref.user = current_user
    end
    pref.settings[:email] = booleanize_hash(prefs)
    pref.save

    @tab = params[:tab]
    redirect_to edit_user_registration_path(tab: @tab), notice: success_message(_('preferences'), _('saved'))
  end

  private

  ##
  # html forms return our boolean values as strings, this converts them to true/false
  def booleanize_hash(node)
    #leaf: convert to boolean and return
    #hash: iterate over leaves
    unless node.is_a?(Hash)
      return node == "true"
    end
    node.each do |key, value|
      node[key] = booleanize_hash(value)
    end
  end

end