2019-01-21 15:17:56 +01:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
# API Controller for resources of type User with role 'member'
|
2023-02-24 17:26:55 +01:00
|
|
|
class API::MembersController < API::APIController
|
2015-05-05 03:10:25 +02:00
|
|
|
before_action :authenticate_user!, except: [:last_subscribed]
|
2022-03-18 19:44:30 +01:00
|
|
|
before_action :set_member, only: %i[update destroy merge complete_tour update_role validate]
|
2023-02-17 13:01:11 +01:00
|
|
|
before_action :set_operator, only: %i[show update create merge validate]
|
2015-05-05 03:10:25 +02:00
|
|
|
respond_to :json
|
|
|
|
|
|
|
|
def index
|
2016-03-23 18:39:41 +01:00
|
|
|
@requested_attributes = params[:requested_attributes]
|
2016-06-23 11:42:10 +02:00
|
|
|
@query = policy_scope(User)
|
2016-06-16 16:09:22 +02:00
|
|
|
|
2019-01-21 15:17:56 +01:00
|
|
|
@query = @query.page(params[:page].to_i).per(params[:size].to_i) unless params[:page].nil? && params[:size].nil?
|
2016-06-23 11:42:10 +02:00
|
|
|
|
|
|
|
# remove unmerged profiles from list
|
|
|
|
@members = @query.to_a
|
2018-12-12 17:24:31 +01:00
|
|
|
@members.delete_if(&:need_completion?)
|
2015-05-05 03:10:25 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
def last_subscribed
|
2022-10-03 14:22:15 +02:00
|
|
|
@query, @members = Members::MembersService.last_registered(params[:last])
|
2016-06-23 11:42:10 +02:00
|
|
|
|
2016-03-23 18:39:41 +01:00
|
|
|
@requested_attributes = ['profile']
|
2015-05-05 03:10:25 +02:00
|
|
|
render :index
|
|
|
|
end
|
|
|
|
|
|
|
|
def show
|
|
|
|
@member = User.friendly.find(params[:id])
|
|
|
|
authorize @member
|
|
|
|
end
|
|
|
|
|
|
|
|
def create
|
2020-04-28 15:34:17 +02:00
|
|
|
authorize :user, :create_member?
|
2015-05-05 03:10:25 +02:00
|
|
|
|
2022-07-19 16:29:28 +02:00
|
|
|
@member = User.new(Members::MembersService.handle_organization(user_params.permit!))
|
2019-01-21 15:17:56 +01:00
|
|
|
members_service = Members::MembersService.new(@member)
|
2016-03-23 18:39:41 +01:00
|
|
|
|
2019-01-21 15:17:56 +01:00
|
|
|
if members_service.create(current_user, user_params)
|
2015-05-05 03:10:25 +02:00
|
|
|
render :show, status: :created, location: member_path(@member)
|
|
|
|
else
|
|
|
|
render json: @member.errors, status: :unprocessable_entity
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def update
|
|
|
|
authorize @member
|
2019-01-21 15:17:56 +01:00
|
|
|
members_service = Members::MembersService.new(@member)
|
2015-05-05 03:10:25 +02:00
|
|
|
|
2022-12-21 19:24:54 +01:00
|
|
|
if members_service.update(user_params, current_user, params[:user][:current_password])
|
2019-01-21 15:17:56 +01:00
|
|
|
# Update password without logging out
|
2020-06-02 19:18:57 +02:00
|
|
|
bypass_sign_in(@member) unless current_user.id != params[:id].to_i
|
2019-01-21 15:17:56 +01:00
|
|
|
render :show, status: :ok, location: member_path(@member)
|
2016-03-23 18:39:41 +01:00
|
|
|
else
|
2019-01-21 15:17:56 +01:00
|
|
|
render json: @member.errors, status: :unprocessable_entity
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def destroy
|
|
|
|
authorize @member
|
2019-06-11 16:56:11 +02:00
|
|
|
@member.destroy
|
2019-10-29 09:59:21 +01:00
|
|
|
sign_out(@member) if @member.id == current_user.id
|
2016-03-23 18:39:41 +01:00
|
|
|
head :no_content
|
|
|
|
end
|
|
|
|
|
2016-03-31 11:52:49 +02:00
|
|
|
# export subscriptions
|
2016-03-23 18:39:41 +01:00
|
|
|
def export_subscriptions
|
|
|
|
authorize :export
|
2016-07-12 13:10:06 +02:00
|
|
|
|
2023-10-02 15:14:23 +02:00
|
|
|
export = ExportService.last_export('users/subscriptions')
|
2016-07-27 17:00:06 +02:00
|
|
|
if export.nil? || !FileTest.exist?(export.file)
|
2019-01-21 15:17:56 +01:00
|
|
|
@export = Export.new(category: 'users', export_type: 'subscriptions', user: current_user)
|
2016-07-27 17:00:06 +02:00
|
|
|
if @export.save
|
2018-12-12 17:24:31 +01:00
|
|
|
render json: { export_id: @export.id }, status: :ok
|
2016-07-27 17:00:06 +02:00
|
|
|
else
|
|
|
|
render json: @export.errors, status: :unprocessable_entity
|
|
|
|
end
|
|
|
|
else
|
2022-10-03 14:22:15 +02:00
|
|
|
send_file Rails.root.join(export.file),
|
2018-12-12 17:24:31 +01:00
|
|
|
type: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
|
|
|
|
disposition: 'attachment'
|
2016-07-27 17:00:06 +02:00
|
|
|
end
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
# export reservations
|
|
|
|
def export_reservations
|
|
|
|
authorize :export
|
2016-07-12 13:00:56 +02:00
|
|
|
|
2022-10-03 14:22:15 +02:00
|
|
|
export = ExportService.last_export('users/reservations')
|
2016-07-27 17:00:06 +02:00
|
|
|
if export.nil? || !FileTest.exist?(export.file)
|
2018-12-12 17:24:31 +01:00
|
|
|
@export = Export.new(category: 'users', export_type: 'reservations', user: current_user)
|
2016-07-27 17:00:06 +02:00
|
|
|
if @export.save
|
2018-12-12 17:24:31 +01:00
|
|
|
render json: { export_id: @export.id }, status: :ok
|
2016-07-27 17:00:06 +02:00
|
|
|
else
|
|
|
|
render json: @export.errors, status: :unprocessable_entity
|
|
|
|
end
|
|
|
|
else
|
2022-10-03 14:22:15 +02:00
|
|
|
send_file Rails.root.join(export.file),
|
2018-12-12 17:24:31 +01:00
|
|
|
type: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
|
|
|
|
disposition: 'attachment'
|
2016-07-27 17:00:06 +02:00
|
|
|
end
|
2015-05-05 03:10:25 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
def export_members
|
|
|
|
authorize :export
|
2016-07-12 12:48:26 +02:00
|
|
|
|
2022-10-03 14:22:15 +02:00
|
|
|
export = ExportService.last_export('users/members')
|
2016-07-27 17:00:06 +02:00
|
|
|
if export.nil? || !FileTest.exist?(export.file)
|
2019-01-21 15:17:56 +01:00
|
|
|
@export = Export.new(category: 'users', export_type: 'members', user: current_user)
|
2016-07-27 17:00:06 +02:00
|
|
|
if @export.save
|
2018-12-12 17:24:31 +01:00
|
|
|
render json: { export_id: @export.id }, status: :ok
|
2016-07-27 17:00:06 +02:00
|
|
|
else
|
|
|
|
render json: @export.errors, status: :unprocessable_entity
|
|
|
|
end
|
|
|
|
else
|
2022-10-03 14:22:15 +02:00
|
|
|
send_file Rails.root.join(export.file),
|
2018-12-12 17:24:31 +01:00
|
|
|
type: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
|
|
|
|
disposition: 'attachment'
|
2016-07-27 17:00:06 +02:00
|
|
|
end
|
2015-05-05 03:10:25 +02:00
|
|
|
end
|
|
|
|
|
2019-01-21 15:17:56 +01:00
|
|
|
# the user is querying to be mapped to his already existing account
|
2016-03-23 18:39:41 +01:00
|
|
|
def merge
|
|
|
|
authorize @member
|
|
|
|
|
2019-01-21 15:17:56 +01:00
|
|
|
token = token_param
|
2016-03-23 18:39:41 +01:00
|
|
|
|
2016-11-23 16:30:19 +01:00
|
|
|
@account = User.find_by(auth_token: token)
|
2016-03-23 18:39:41 +01:00
|
|
|
if @account
|
2019-01-21 15:17:56 +01:00
|
|
|
members_service = Members::MembersService.new(@account)
|
2016-03-23 18:39:41 +01:00
|
|
|
begin
|
2018-12-12 17:24:31 +01:00
|
|
|
if members_service.merge_from_sso(@member)
|
2016-03-23 18:39:41 +01:00
|
|
|
@member = @account
|
|
|
|
# finally, log on the real account
|
2018-12-12 17:24:31 +01:00
|
|
|
sign_in(@member, bypass: true)
|
2016-03-23 18:39:41 +01:00
|
|
|
render :show, status: :ok, location: member_path(@member)
|
|
|
|
else
|
|
|
|
render json: @member.errors, status: :unprocessable_entity
|
|
|
|
end
|
2022-10-03 14:22:15 +02:00
|
|
|
rescue DuplicateIndexError => e
|
|
|
|
render json: { error: t('members.please_input_the_authentication_code_sent_to_the_address', EMAIL: e.message) },
|
2019-01-21 15:17:56 +01:00
|
|
|
status: :unprocessable_entity
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|
|
|
|
else
|
2018-12-12 17:24:31 +01:00
|
|
|
render json: { error: t('members.your_authentication_code_is_not_valid') }, status: :unprocessable_entity
|
2016-03-23 18:39:41 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-05-30 15:39:19 +02:00
|
|
|
def list
|
|
|
|
authorize User
|
|
|
|
|
2019-01-21 15:17:56 +01:00
|
|
|
render json: { error: 'page must be an integer' }, status: :unprocessable_entity and return unless query_params[:page].is_a? Integer
|
|
|
|
render json: { error: 'size must be an integer' }, status: :unprocessable_entity and return unless query_params[:size].is_a? Integer
|
2016-05-30 15:39:19 +02:00
|
|
|
|
2019-01-21 15:17:56 +01:00
|
|
|
query = Members::ListService.list(query_params)
|
|
|
|
@max_members = query.except(:offset, :limit, :order).count
|
|
|
|
@members = query.to_a
|
2016-05-30 15:39:19 +02:00
|
|
|
end
|
|
|
|
|
2016-06-14 09:57:39 +02:00
|
|
|
def search
|
2022-10-24 17:39:16 +02:00
|
|
|
@members = Members::ListService.search(current_user, params[:query], params[:subscription])
|
2016-06-14 09:57:39 +02:00
|
|
|
end
|
|
|
|
|
2016-06-21 14:39:44 +02:00
|
|
|
def mapping
|
|
|
|
authorize User
|
|
|
|
|
|
|
|
@members = User.includes(:profile)
|
|
|
|
end
|
|
|
|
|
2020-02-18 17:36:45 +01:00
|
|
|
def complete_tour
|
|
|
|
authorize @member
|
|
|
|
|
2020-05-27 18:49:53 +02:00
|
|
|
if Setting.get('feature_tour_display') == 'session'
|
2020-03-02 11:17:28 +01:00
|
|
|
render json: { tours: [params[:tour]] }
|
|
|
|
else
|
|
|
|
tours = "#{@member.profile.tours} #{params[:tour]}"
|
2022-10-03 14:22:15 +02:00
|
|
|
@member.profile.update(tours: tours.strip)
|
2020-02-18 17:36:45 +01:00
|
|
|
|
2020-03-02 11:17:28 +01:00
|
|
|
render json: { tours: @member.profile.tours.split }
|
|
|
|
end
|
2020-02-18 17:36:45 +01:00
|
|
|
end
|
|
|
|
|
2020-05-04 18:32:25 +02:00
|
|
|
def update_role
|
|
|
|
authorize @member
|
|
|
|
|
2022-10-03 14:22:15 +02:00
|
|
|
service = Members::MembersService.new(@member)
|
|
|
|
service.update_role(params[:role], params[:group_id])
|
2020-05-05 11:28:04 +02:00
|
|
|
|
2020-05-04 18:32:25 +02:00
|
|
|
render json: @member
|
|
|
|
end
|
|
|
|
|
2022-05-10 10:50:41 +02:00
|
|
|
def current
|
|
|
|
@member = current_user
|
|
|
|
authorize @member
|
|
|
|
render json: @member
|
|
|
|
end
|
|
|
|
|
2022-03-18 19:44:30 +01:00
|
|
|
def validate
|
|
|
|
authorize @member
|
|
|
|
|
|
|
|
members_service = Members::MembersService.new(@member)
|
|
|
|
|
2022-06-01 10:45:24 +02:00
|
|
|
uparams = params.require(:user).permit(:validated_at)
|
|
|
|
if members_service.validate(uparams[:validated_at].present?)
|
2022-03-18 19:44:30 +01:00
|
|
|
render :show, status: :ok, location: member_path(@member)
|
|
|
|
else
|
|
|
|
render json: @member.errors, status: :unprocessable_entity
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-05-05 03:10:25 +02:00
|
|
|
private
|
|
|
|
|
2018-12-12 17:24:31 +01:00
|
|
|
def set_member
|
|
|
|
@member = User.find(params[:id])
|
|
|
|
end
|
|
|
|
|
2022-12-20 14:45:01 +01:00
|
|
|
def set_operator
|
|
|
|
@operator = current_user
|
|
|
|
end
|
|
|
|
|
2018-12-12 17:24:31 +01:00
|
|
|
def user_params
|
|
|
|
if current_user.id == params[:id].to_i
|
2019-06-05 12:11:51 +02:00
|
|
|
params.require(:user).permit(:username, :email, :password, :password_confirmation, :group_id, :is_allow_contact, :is_allow_newsletter,
|
2019-06-04 13:33:00 +02:00
|
|
|
profile_attributes: [:id, :first_name, :last_name, :phone, :interest, :software_mastered, :website, :job,
|
|
|
|
:facebook, :twitter, :google_plus, :viadeo, :linkedin, :instagram, :youtube, :vimeo,
|
2018-12-12 17:24:31 +01:00
|
|
|
:dailymotion, :github, :echosciences, :pinterest, :lastfm, :flickr,
|
2022-10-03 14:22:15 +02:00
|
|
|
{ user_avatar_attributes: %i[id attachment destroy] }],
|
2019-05-29 14:28:14 +02:00
|
|
|
invoicing_profile_attributes: [
|
2022-06-22 17:14:19 +02:00
|
|
|
:id, :organization,
|
2022-10-03 14:22:15 +02:00
|
|
|
{
|
|
|
|
address_attributes: %i[id address],
|
|
|
|
organization_attributes: [:id, :name, { address_attributes: %i[id address] }],
|
|
|
|
user_profile_custom_fields_attributes: %i[id value invoicing_profile_id profile_custom_field_id]
|
|
|
|
}
|
2019-06-04 13:33:00 +02:00
|
|
|
],
|
|
|
|
statistic_profile_attributes: %i[id gender birthday])
|
2018-12-12 17:24:31 +01:00
|
|
|
|
2022-12-21 19:24:54 +01:00
|
|
|
elsif current_user.privileged?
|
2019-06-05 12:11:51 +02:00
|
|
|
params.require(:user).permit(:username, :email, :password, :password_confirmation, :is_allow_contact, :is_allow_newsletter, :group_id,
|
2022-06-01 10:45:24 +02:00
|
|
|
tag_ids: [],
|
2019-06-04 13:33:00 +02:00
|
|
|
profile_attributes: [:id, :first_name, :last_name, :phone, :interest, :software_mastered, :website, :job,
|
|
|
|
:facebook, :twitter, :google_plus, :viadeo, :linkedin, :instagram, :youtube, :vimeo,
|
2022-12-20 14:45:01 +01:00
|
|
|
:dailymotion, :github, :echosciences, :pinterest, :lastfm, :flickr, :note,
|
2022-10-03 14:22:15 +02:00
|
|
|
{ user_avatar_attributes: %i[id attachment destroy] }],
|
2019-05-29 14:28:14 +02:00
|
|
|
invoicing_profile_attributes: [
|
2022-12-09 10:56:39 +01:00
|
|
|
:id, :organization, :external_id,
|
2022-10-03 14:22:15 +02:00
|
|
|
{
|
|
|
|
address_attributes: %i[id address],
|
|
|
|
organization_attributes: [:id, :name, { address_attributes: %i[id address] }],
|
|
|
|
user_profile_custom_fields_attributes: %i[id value invoicing_profile_id profile_custom_field_id]
|
|
|
|
}
|
2019-06-04 13:33:00 +02:00
|
|
|
],
|
2022-10-03 14:22:15 +02:00
|
|
|
statistic_profile_attributes: [:id, :gender, :birthday, { training_ids: [] }])
|
2016-03-23 18:39:41 +01:00
|
|
|
|
2015-05-05 03:10:25 +02:00
|
|
|
end
|
2018-12-12 17:24:31 +01:00
|
|
|
end
|
2019-01-21 15:17:56 +01:00
|
|
|
|
|
|
|
def token_param
|
|
|
|
params.require(:user).permit(:auth_token)[:auth_token]
|
|
|
|
end
|
|
|
|
|
|
|
|
def query_params
|
2019-12-20 15:47:42 +01:00
|
|
|
params.require(:query).permit(:search, :filter, :order_by, :page, :size)
|
2019-01-21 15:17:56 +01:00
|
|
|
end
|
2015-05-05 03:10:25 +02:00
|
|
|
end
|