2015-05-05 03:10:25 +02:00
class API :: MembersController < API :: ApiController
before_action :authenticate_user! , except : [ :last_subscribed ]
2016-03-23 18:39:41 +01:00
before_action :set_member , only : [ :update , :destroy , :merge ]
2015-05-05 03:10:25 +02:00
respond_to :json
def index
2016-03-23 18:39:41 +01:00
@requested_attributes = params [ :requested_attributes ]
2016-06-23 11:42:10 +02:00
@query = policy_scope ( User )
2016-06-16 16:09:22 +02:00
unless params [ :page ] . nil? and params [ :size ] . nil?
2016-06-23 11:42:10 +02:00
@query = @query . page ( params [ :page ] . to_i ) . per ( params [ :size ] . to_i )
2016-06-16 16:09:22 +02:00
end
2016-06-23 11:42:10 +02:00
# remove unmerged profiles from list
@members = @query . to_a
@members . delete_if { | u | u . need_completion? }
2015-05-05 03:10:25 +02:00
end
def last_subscribed
2016-06-27 12:49:20 +02:00
@query = User . active . with_role ( :member ) . includes ( profile : [ :user_avatar ] ) . where ( 'is_allow_contact = true AND confirmed_at IS NOT NULL' ) . order ( 'created_at desc' ) . limit ( params [ :last ] )
2016-06-23 11:42:10 +02:00
# remove unmerged profiles from list
@members = @query . to_a
@members . delete_if { | u | u . need_completion? }
2016-03-23 18:39:41 +01:00
@requested_attributes = [ 'profile' ]
2015-05-05 03:10:25 +02:00
render :index
end
def show
@member = User . friendly . find ( params [ :id ] )
authorize @member
end
def create
authorize User
if ! user_params [ :password ] and ! user_params [ :password_confirmation ]
generated_password = Devise . friendly_token . first ( 8 )
@member = User . new ( user_params . merge ( password : generated_password ) . permit! )
else
@member = User . new ( user_params . permit! )
end
2016-03-23 18:39:41 +01:00
# if the user is created by an admin and the authentication is made through an SSO, generate a migration token
if current_user . is_admin? and AuthProvider . active . providable_type != DatabaseProvider . name
@member . generate_auth_migration_token
end
2015-05-05 03:10:25 +02:00
if @member . save
2016-03-23 18:39:41 +01:00
@member . generate_admin_invoice
2015-05-05 03:10:25 +02:00
@member . send_confirmation_instructions
if ! user_params [ :password ] and ! user_params [ :password_confirmation ]
2016-03-23 18:39:41 +01:00
UsersMailer . delay . notify_user_account_created ( @member , generated_password )
2015-05-05 03:10:25 +02:00
else
2016-03-23 18:39:41 +01:00
UsersMailer . delay . notify_user_account_created ( @member , user_params [ :password ] )
2015-05-05 03:10:25 +02:00
end
render :show , status : :created , location : member_path ( @member )
else
render json : @member . errors , status : :unprocessable_entity
end
end
def update
authorize @member
2016-03-23 18:39:41 +01:00
@flow_worker = MembersFlowWorker . new ( @member )
2015-05-05 03:10:25 +02:00
2016-03-23 18:39:41 +01:00
if user_params [ :group_id ] and @member . group_id != user_params [ :group_id ] . to_i and @member . subscribed_plan != nil
# here a group change is requested but unprocessable, handle the exception
@member . errors [ :group_id ] = t ( 'members.unable_to_change_the_group_while_a_subscription_is_running' )
2015-05-05 03:10:25 +02:00
render json : @member . errors , status : :unprocessable_entity
2016-03-23 18:39:41 +01:00
else
# otherwise, run the user update
if @flow_worker . update ( user_params )
# Update password without logging out
sign_in ( @member , :bypass = > true ) unless current_user . id != params [ :id ] . to_i
render :show , status : :ok , location : member_path ( @member )
else
render json : @member . errors , status : :unprocessable_entity
end
end
end
def destroy
authorize @member
@member . soft_destroy
sign_out ( @member )
head :no_content
end
2016-03-31 11:52:49 +02:00
# export subscriptions
2016-03-23 18:39:41 +01:00
def export_subscriptions
authorize :export
2016-07-12 13:10:06 +02:00
2016-07-27 17:00:06 +02:00
export = Export . where ( { category : 'users' , export_type : 'subscriptions' } ) . where ( 'created_at > ?' , Subscription . maximum ( 'updated_at' ) ) . last
if export . nil? || ! FileTest . exist? ( export . file )
@export = Export . new ( { category : 'users' , export_type : 'subscriptions' , user : current_user } )
if @export . save
render json : { export_id : @export . id } , status : :ok
else
render json : @export . errors , status : :unprocessable_entity
end
else
send_file File . join ( Rails . root , export . file ) , :type = > 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' , :disposition = > 'attachment'
end
2016-03-23 18:39:41 +01:00
end
# export reservations
def export_reservations
authorize :export
2016-07-12 13:00:56 +02:00
2016-07-27 17:00:06 +02:00
export = Export . where ( { category : 'users' , export_type : 'reservations' } ) . where ( 'created_at > ?' , Reservation . maximum ( 'updated_at' ) ) . last
if export . nil? || ! FileTest . exist? ( export . file )
@export = Export . new ( { category : 'users' , export_type : 'reservations' , user : current_user } )
if @export . save
render json : { export_id : @export . id } , status : :ok
else
render json : @export . errors , status : :unprocessable_entity
end
else
send_file File . join ( Rails . root , export . file ) , :type = > 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' , :disposition = > 'attachment'
end
2015-05-05 03:10:25 +02:00
end
def export_members
authorize :export
2016-07-12 12:48:26 +02:00
2016-07-27 17:00:06 +02:00
export = Export . where ( { category : 'users' , export_type : 'members' } ) . where ( 'created_at > ?' , User . with_role ( :member ) . maximum ( 'updated_at' ) ) . last
if export . nil? || ! FileTest . exist? ( export . file )
@export = Export . new ( { category : 'users' , export_type : 'members' , user : current_user } )
if @export . save
render json : { export_id : @export . id } , status : :ok
else
render json : @export . errors , status : :unprocessable_entity
end
else
send_file File . join ( Rails . root , export . file ) , :type = > 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' , :disposition = > 'attachment'
end
2015-05-05 03:10:25 +02:00
end
2016-03-23 18:39:41 +01:00
def merge
authorize @member
# here the user query to be mapped to his already existing account
token = params . require ( :user ) . permit ( :auth_token ) [ :auth_token ]
@account = User . find_by_auth_token ( token )
if @account
@flow_worker = MembersFlowWorker . new ( @account )
begin
if @flow_worker . merge_from_sso ( @member )
@member = @account
# finally, log on the real account
sign_in ( @member , :bypass = > true )
render :show , status : :ok , location : member_path ( @member )
else
render json : @member . errors , status : :unprocessable_entity
end
rescue DuplicateIndexError = > error
render json : { error : t ( 'members.please_input_the_authentication_code_sent_to_the_address' , EMAIL : error . message ) } , status : :unprocessable_entity
end
else
render json : { error : t ( 'members.your_authentication_code_is_not_valid' ) } , status : :unprocessable_entity
end
end
2016-05-30 15:39:19 +02:00
def list
authorize User
p = params . require ( :query ) . permit ( :search , :order_by , :page , :size )
unless p [ :page ] . is_a? Integer
render json : { error : 'page must be an integer' } , status : :unprocessable_entity
end
unless p [ :size ] . is_a? Integer
render json : { error : 'size must be an integer' } , status : :unprocessable_entity
end
direction = ( p [ :order_by ] [ 0 ] == '-' ? 'DESC' : 'ASC' )
order_key = ( p [ :order_by ] [ 0 ] == '-' ? p [ :order_by ] [ 1 , p [ :order_by ] . size ] : p [ :order_by ] )
case order_key
when 'last_name'
order_key = 'profiles.last_name'
when 'first_name'
order_key = 'profiles.first_name'
when 'email'
order_key = 'users.email'
when 'phone'
order_key = 'profiles.phone'
when 'group'
order_key = 'groups.name'
when 'plan'
order_key = 'plans.base_name'
else
order_key = 'users.id'
end
2016-06-27 12:47:03 +02:00
@query = User . includes ( :profile , :group , :subscriptions )
2016-05-30 16:39:20 +02:00
. joins ( :profile , :group , :roles , 'LEFT JOIN "subscriptions" ON "subscriptions"."user_id" = "users"."id" LEFT JOIN "plans" ON "plans"."id" = "subscriptions"."plan_id"' )
. where ( " users.is_active = 'true' AND roles.name = 'member' " )
2016-05-30 15:39:19 +02:00
. order ( " #{ order_key } #{ direction } " )
. page ( p [ :page ] )
. per ( p [ :size ] )
# ILIKE => PostgreSQL case-insensitive LIKE
2016-06-23 11:42:10 +02:00
@query = @query . where ( 'profiles.first_name ILIKE :search OR profiles.last_name ILIKE :search OR profiles.phone ILIKE :search OR email ILIKE :search OR groups.name ILIKE :search OR plans.base_name ILIKE :search' , search : " % #{ p [ :search ] } % " ) if p [ :search ] . size > 0
# remove unmerged profiles from list
@members = @query . to_a
@members . delete_if { | u | u . need_completion? }
2016-05-30 15:39:19 +02:00
@members
end
2016-06-14 09:57:39 +02:00
def search
@members = User . includes ( :profile )
. joins ( :profile , :roles , 'LEFT JOIN "subscriptions" ON "subscriptions"."user_id" = "users"."id"' )
. where ( " users.is_active = 'true' AND roles.name = 'member' " )
2016-06-16 12:55:20 +02:00
. where ( " lower(f_unaccent(profiles.first_name)) ~ regexp_replace(:search, E' \\ \\ s+', '|') OR lower(f_unaccent(profiles.last_name)) ~ regexp_replace(:search, E' \\ \\ s+', '|') " , search : params [ :query ] . downcase )
2016-06-14 09:57:39 +02:00
2016-06-16 09:30:38 +02:00
if current_user . is_member?
# non-admin can only retrieve users with "public profiles"
@members = @members . where ( " users.is_allow_contact = 'true' " )
else
# only admins have the ability to filter by subscription
if params [ :subscription ] === 'true'
@members = @members . where ( 'subscriptions.id IS NOT NULL AND subscriptions.expired_at >= :now' , now : Date . today . to_s )
elsif params [ :subscription ] === 'false'
@members = @members . where ( 'subscriptions.id IS NULL OR subscriptions.expired_at < :now' , now : Date . today . to_s )
end
2016-06-14 09:57:39 +02:00
end
2016-06-23 11:42:10 +02:00
# remove unmerged profiles from list
@members = @members . to_a
@members . delete_if { | u | u . need_completion? }
2016-06-14 09:57:39 +02:00
@members
end
2016-06-21 14:39:44 +02:00
def mapping
authorize User
@members = User . includes ( :profile )
end
2015-05-05 03:10:25 +02:00
private
def set_member
@member = User . find ( params [ :id ] )
end
def user_params
if current_user . id == params [ :id ] . to_i
2016-07-28 12:20:51 +02:00
params . require ( :user ) . permit ( :username , :email , :password , :password_confirmation , :group_id , :is_allow_contact , :is_allow_newsletter ,
2016-05-26 12:34:30 +02:00
profile_attributes : [ :id , :first_name , :last_name , :gender , :birthday , :phone , :interest , :software_mastered , :website , :job ,
2016-05-26 12:05:28 +02:00
:facebook , :twitter , :google_plus , :viadeo , :linkedin , :instagram , :youtube , :vimeo , :dailymotion , :github , :echosciences , :pinterest , :lastfm , :flickr ,
2015-05-05 03:10:25 +02:00
:user_avatar_attributes = > [ :id , :attachment , :_destroy ] , :address_attributes = > [ :id , :address ] ] )
elsif current_user . is_admin?
2016-07-28 12:20:51 +02:00
params . require ( :user ) . permit ( :username , :email , :password , :password_confirmation , :invoicing_disabled , :is_allow_contact , :is_allow_newsletter ,
2016-03-23 18:39:41 +01:00
:group_id , training_ids : [ ] , tag_ids : [ ] ,
2016-05-26 12:34:30 +02:00
profile_attributes : [ :id , :first_name , :last_name , :gender , :birthday , :phone , :interest , :software_mastered , :website , :job ,
2016-05-26 12:05:28 +02:00
:facebook , :twitter , :google_plus , :viadeo , :linkedin , :instagram , :youtube , :vimeo , :dailymotion , :github , :echosciences , :pinterest , :lastfm , :flickr ,
2016-03-23 18:39:41 +01:00
user_avatar_attributes : [ :id , :attachment , :_destroy ] , address_attributes : [ :id , :address ] ] )
2015-05-05 03:10:25 +02:00
end
end
end