From 3e177b5177a955f25e77baf5c04eb56b194bb622 Mon Sep 17 00:00:00 2001 From: Sylvain Date: Tue, 28 Apr 2020 12:48:03 +0200 Subject: [PATCH] managers events views --- .../javascripts/controllers/events.js.erb | 53 ++++++++++--------- .../templates/admin/events/index.html.erb | 7 ++- app/assets/templates/events/show.html.erb | 8 +-- .../api/reservations_controller.rb | 4 +- app/controllers/confirmations_controller.rb | 3 ++ app/controllers/passwords_controller.rb | 5 +- app/controllers/social_bot_controller.rb | 23 ++++---- app/models/user.rb | 2 +- app/policies/event_policy.rb | 2 +- 9 files changed, 61 insertions(+), 46 deletions(-) diff --git a/app/assets/javascripts/controllers/events.js.erb b/app/assets/javascripts/controllers/events.js.erb index d81811991..40768ee4b 100644 --- a/app/assets/javascripts/controllers/events.js.erb +++ b/app/assets/javascripts/controllers/events.js.erb @@ -126,8 +126,8 @@ Application.Controllers.controller('EventsController', ['$scope', '$state', 'Eve } ]); -Application.Controllers.controller('ShowEventController', ['$scope', '$state', '$stateParams', '$rootScope', 'Event', '$uibModal', 'Member', 'Reservation', 'Price', 'CustomAsset', 'Slot', 'eventPromise', 'growl', '_t', 'Wallet', 'helpers', 'dialogs', 'priceCategoriesPromise', 'settingsPromise', - function ($scope, $state, $stateParams, $rootScope, Event, $uibModal, Member, Reservation, Price, CustomAsset, Slot, eventPromise, growl, _t, Wallet, helpers, dialogs, priceCategoriesPromise, settingsPromise) { +Application.Controllers.controller('ShowEventController', ['$scope', '$state', '$stateParams', '$rootScope', 'Event', '$uibModal', 'Member', 'Reservation', 'Price', 'CustomAsset', 'Slot', 'eventPromise', 'growl', '_t', 'Wallet', 'AuthService', 'helpers', 'dialogs', 'priceCategoriesPromise', 'settingsPromise', + function ($scope, $state, $stateParams, $rootScope, Event, $uibModal, Member, Reservation, Price, CustomAsset, Slot, eventPromise, growl, _t, Wallet, AuthService, helpers, dialogs, priceCategoriesPromise, settingsPromise) { /* PUBLIC SCOPE */ // reservations for the currently shown event @@ -245,32 +245,32 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', ' if ($scope.event.nb_total_places > 0) { $scope.reserveSuccess = false; if (!$scope.isAuthenticated()) { - return $scope.login(null, function (user) { - if (user.role !== 'admin') { - return $scope.ctrl.member = user; + $scope.login(null, function (user) { + if (user.role !== 'admin' || user.role !== 'manager') { + $scope.ctrl.member = user; } const sameTimeReservations = findReservationsAtSameTime(); if (sameTimeReservations.length > 0) { showReserveSlotSameTimeModal(sameTimeReservations, function(res) { - return $scope.reserve.toReserve = !$scope.reserve.toReserve; + $scope.reserve.toReserve = !$scope.reserve.toReserve; }); } else { - return $scope.reserve.toReserve = !$scope.reserve.toReserve; + $scope.reserve.toReserve = !$scope.reserve.toReserve; } }); } else { - if ($scope.currentUser.role === 'admin') { - return $scope.reserve.toReserve = !$scope.reserve.toReserve; + if (AuthService.isAuthorized(['admin', 'manager'])) { + $scope.reserve.toReserve = !$scope.reserve.toReserve; } else { Member.get({ id: $scope.currentUser.id }, function (member) { $scope.ctrl.member = member; const sameTimeReservations = findReservationsAtSameTime(); if (sameTimeReservations.length > 0) { showReserveSlotSameTimeModal(sameTimeReservations, function(res) { - return $scope.reserve.toReserve = !$scope.reserve.toReserve; + $scope.reserve.toReserve = !$scope.reserve.toReserve; }); } else { - return $scope.reserve.toReserve = !$scope.reserve.toReserve; + $scope.reserve.toReserve = !$scope.reserve.toReserve; } }); } @@ -286,9 +286,9 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', ' resetEventReserve(); $scope.reserveSuccess = false; if ($scope.ctrl.member) { - return Member.get({ id: $scope.ctrl.member.id }, function (member) { + Member.get({ id: $scope.ctrl.member.id }, function (member) { $scope.ctrl.member = member; - return getReservations($scope.event.id, 'Event', $scope.ctrl.member.id); + getReservations($scope.event.id, 'Event', $scope.ctrl.member.id); }); } }; @@ -303,14 +303,17 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', ' return Wallet.getWalletByUser({ user_id: $scope.ctrl.member.id }, function (wallet) { const amountToPay = helpers.getAmountToPay($scope.reserve.amountTotal, wallet.amount); - if (($scope.currentUser.role !== 'admin') && (amountToPay > 0)) { + if ((AuthService.isAuthorized(['member']) && amountToPay > 0) + || (AuthService.isAuthorized('manager') && $scope.ctrl.member.id === $rootScope.currentUser.id && amountToPay > 0)) { if ($rootScope.fablabWithoutOnlinePayment) { growl.error(_t('app.public.events_show.online_payment_disabled')); } else { return payByStripe(reservation); } } else { - if (($scope.currentUser.role === 'admin') || (amountToPay === 0)) { + if (AuthService.isAuthorized('admin') + || (AuthService.isAuthorized('manager') && $scope.ctrl.member.id !== $rootScope.currentUser.id) + || amountToPay === 0) { return payOnSite(reservation); } } @@ -564,7 +567,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', ' } // watch when a coupon is applied to re-compute the total price - return $scope.$watch('coupon.applied', function (newValue, oldValue) { + $scope.$watch('coupon.applied', function (newValue, oldValue) { if ((newValue !== null) || (oldValue !== null)) { return $scope.computeEventAmount(); } @@ -577,7 +580,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', ' * @param reservable_type {string} 'Event' * @param user_id {number} the user's id (current or managed) */ - var getReservations = function (reservable_id, reservable_type, user_id) { + const getReservations = function (reservable_id, reservable_type, user_id) { Reservation.query({ reservable_id, reservable_type, @@ -592,7 +595,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', ' * @param event {Object} Current event * @return {{user_id:number, reservable_id:number, reservable_type:string, slots_attributes:Array, nb_reserve_places:number}} */ - var mkReservation = function (member, reserve, event) { + const mkReservation = function (member, reserve, event) { const reservation = { user_id: member.id, reservable_id: event.id, @@ -628,7 +631,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', ' * @param coupon {Object} Coupon as returned from the API * @return {{reservation:Object, coupon_code:string}} */ - var mkRequestParams = function (reservation, coupon) { + const mkRequestParams = function (reservation, coupon) { const params = { reservation, coupon_code: ((coupon ? coupon.code : undefined)) @@ -640,7 +643,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', ' /** * Set the current reservation to the default values. This implies the reservation form to be hidden. */ - var resetEventReserve = function () { + const resetEventReserve = function () { if ($scope.event) { $scope.reserve = { nbPlaces: { @@ -666,7 +669,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', ' * Open a modal window which trigger the stripe payment process * @param reservation {Object} to book */ - var payByStripe = function (reservation) { + const payByStripe = function (reservation) { $uibModal.open({ templateUrl: '<%= asset_path "stripe/payment_modal.html" %>', size: 'md', @@ -730,7 +733,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', ' * Open a modal window which trigger the local payment process * @param reservation {Object} to book */ - var payOnSite = function (reservation) { + const payOnSite = function (reservation) { $uibModal.open({ templateUrl: '<%= asset_path "shared/valid_reservation_modal.html" %>', size: 'sm', @@ -808,7 +811,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', ' * What to do after the payment was successful * @param reservation {Object} booked reservation */ - var afterPayment = function (reservation) { + const afterPayment = function (reservation) { $scope.event.nb_free_places = $scope.event.nb_free_places - reservation.total_booked_seats; resetEventReserve(); $scope.reserveSuccess = true; @@ -822,7 +825,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', ' /** * Find user's reservations, the same date at the same time, with event */ - var findReservationsAtSameTime = function () { + const findReservationsAtSameTime = function () { let sameTimeReservations = [ 'training_reservations', 'machine_reservations', @@ -848,7 +851,7 @@ Application.Controllers.controller('ShowEventController', ['$scope', '$state', ' * @param sameTimeReservations {Array} reservations the same date at the same time * @param callback {function} callback will invoke when user confirm */ - var showReserveSlotSameTimeModal = function(sameTimeReservations, callback) { + const showReserveSlotSameTimeModal = function(sameTimeReservations, callback) { const modalInstance = $uibModal.open({ animation: true, templateUrl: '<%= asset_path "shared/_reserve_slot_same_time.html" %>', diff --git a/app/assets/templates/admin/events/index.html.erb b/app/assets/templates/admin/events/index.html.erb index 59a95be1d..52cfce047 100644 --- a/app/assets/templates/admin/events/index.html.erb +++ b/app/assets/templates/admin/events/index.html.erb @@ -11,7 +11,7 @@ -
+
{{ 'app.admin.events.add_an_event' }}
@@ -26,7 +26,7 @@ ui-tour-scroll-parent-id="content-main" post-render="setupEventsTour">
-
+
'"> @@ -41,6 +41,9 @@
+
+ '"> +
diff --git a/app/assets/templates/events/show.html.erb b/app/assets/templates/events/show.html.erb index 0bd47b4b0..efeaa46a9 100644 --- a/app/assets/templates/events/show.html.erb +++ b/app/assets/templates/events/show.html.erb @@ -14,11 +14,11 @@
-
+
- {{ 'app.shared.buttons.edit' | translate }} - + {{ 'app.shared.buttons.edit' | translate }} +
@@ -62,7 +62,7 @@ -
+
diff --git a/app/controllers/api/reservations_controller.rb b/app/controllers/api/reservations_controller.rb index fca64c1fc..45dc86d39 100644 --- a/app/controllers/api/reservations_controller.rb +++ b/app/controllers/api/reservations_controller.rb @@ -9,13 +9,13 @@ class API::ReservationsController < API::ApiController def index if params[:reservable_id] && params[:reservable_type] && params[:user_id] - params[:user_id] = current_user.id unless current_user.admin? + params[:user_id] = current_user.id unless current_user.admin? || current_user.manager? where_clause = params.permit(:reservable_id, :reservable_type).to_h where_clause[:statistic_profile_id] = StatisticProfile.find_by!(user_id: params[:user_id]) @reservations = Reservation.where(where_clause) - elsif params[:reservable_id] && params[:reservable_type] && current_user.admin? + elsif params[:reservable_id] && params[:reservable_type] && (current_user.admin? || current_user.manager?) @reservations = Reservation.where(params.permit(:reservable_id, :reservable_type)) else @reservations = [] diff --git a/app/controllers/confirmations_controller.rb b/app/controllers/confirmations_controller.rb index 2aeb6930f..a2a1a3405 100644 --- a/app/controllers/confirmations_controller.rb +++ b/app/controllers/confirmations_controller.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +# Devise controller to handle validation of email addresses class ConfirmationsController < Devise::ConfirmationsController # The path used after confirmation. def after_confirmation_path_for(resource_name, resource) diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 644421379..a397e4396 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -1,5 +1,8 @@ +# frozen_string_literal: true + +# Devise controller used for the "forgotten password" feature class PasswordsController < Devise::PasswordsController - # POST /resource/password + # POST /users/password.json def create self.resource = resource_class.send_reset_password_instructions(resource_params) yield resource if block_given? diff --git a/app/controllers/social_bot_controller.rb b/app/controllers/social_bot_controller.rb index 96666a18d..67bf8da77 100644 --- a/app/controllers/social_bot_controller.rb +++ b/app/controllers/social_bot_controller.rb @@ -1,17 +1,20 @@ +# frozen_string_literal: true + +# Handle requests originated by indexer bots of social networks class SocialBotController < ActionController::Base def share case request.original_fullpath - when /(=%2F|\/)projects(%2F|\/)([\-0-9a-z_]+)/ - @project = Project.friendly.find("#{$3}") - render :project, status: :ok - when /(=%2F|\/)events(%2F|\/)([0-9]+)/ - @event = Event.find("#{$3}".to_i) - render :event, status: :ok - when /(=%2F|\/)trainings(%2F|\/)([\-0-9a-z_]+)/ - @training = Training.friendly.find("#{$3}") + when %r{(=%2F|/)projects(%2F|/)([\-0-9a-z_]+)} + @project = Project.friendly.find(Regexp.last_match(3).to_s) + render :project, status: :ok + when %r{(=%2F|/)events(%2F|/)([0-9]+)} + @event = Event.find(Regexp.last_match(3).to_s.to_i) + render :event, status: :ok + when %r{(=%2F|/)trainings(%2F|/)([\-0-9a-z_]+)} + @training = Training.friendly.find(Regexp.last_match(3).to_s) render :training, status: :ok - else - puts "unknown bot request : #{request.original_url}" + else + puts "unknown bot request : #{request.original_url}" end end diff --git a/app/models/user.rb b/app/models/user.rb index d57bb8fe2..6327617de 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -311,7 +311,7 @@ class User < ApplicationRecord protected - # remove projets drafts that are not linked to another user + # remove projects drafts that are not linked to another user def remove_orphan_drafts orphans = my_projects .joins('LEFT JOIN project_users ON projects.id = project_users.project_id') diff --git a/app/policies/event_policy.rb b/app/policies/event_policy.rb index c6855ba0b..4db834236 100644 --- a/app/policies/event_policy.rb +++ b/app/policies/event_policy.rb @@ -18,7 +18,7 @@ class EventPolicy < ApplicationPolicy end def create? - user.admin? + user.admin? || user.manager? end def update?