1
0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2024-11-29 10:24:20 +01:00
fab-manager/app/controllers/api/members_controller.rb
2016-05-30 15:39:19 +02:00

203 lines
7.2 KiB
Ruby

class API::MembersController < API::ApiController
before_action :authenticate_user!, except: [:last_subscribed]
before_action :set_member, only: [:update, :destroy, :merge]
respond_to :json
def index
@requested_attributes = params[:requested_attributes]
@members = policy_scope(User)
end
def last_subscribed
@members = User.active.with_role(:member).includes(:profile).where('is_allow_contact = true AND confirmed_at IS NOT NULL').order('created_at desc').limit(params[:last])
@requested_attributes = ['profile']
render :index
end
def show
@member = User.friendly.find(params[:id])
authorize @member
end
def create
authorize User
if !user_params[:password] and !user_params[:password_confirmation]
generated_password = Devise.friendly_token.first(8)
@member = User.new(user_params.merge(password: generated_password).permit!)
else
@member = User.new(user_params.permit!)
end
# if the user is created by an admin and the authentication is made through an SSO, generate a migration token
if current_user.is_admin? and AuthProvider.active.providable_type != DatabaseProvider.name
@member.generate_auth_migration_token
end
if @member.save
@member.generate_admin_invoice
@member.send_confirmation_instructions
if !user_params[:password] and !user_params[:password_confirmation]
UsersMailer.delay.notify_user_account_created(@member, generated_password)
else
UsersMailer.delay.notify_user_account_created(@member, user_params[:password])
end
render :show, status: :created, location: member_path(@member)
else
render json: @member.errors, status: :unprocessable_entity
end
end
def update
authorize @member
@flow_worker = MembersFlowWorker.new(@member)
if user_params[:group_id] and @member.group_id != user_params[:group_id].to_i and @member.subscribed_plan != nil
# here a group change is requested but unprocessable, handle the exception
@member.errors[:group_id] = t('members.unable_to_change_the_group_while_a_subscription_is_running')
render json: @member.errors, status: :unprocessable_entity
else
# otherwise, run the user update
if @flow_worker.update(user_params)
# Update password without logging out
sign_in(@member, :bypass => true) unless current_user.id != params[:id].to_i
render :show, status: :ok, location: member_path(@member)
else
render json: @member.errors, status: :unprocessable_entity
end
end
end
def destroy
authorize @member
@member.soft_destroy
sign_out(@member)
head :no_content
end
# export subscriptions
def export_subscriptions
authorize :export
@datas = Subscription.includes(:plan, :user).all
respond_to do |format|
format.html
format.xls
end
end
# export reservations
def export_reservations
authorize :export
@datas = Reservation.includes(:user, :slots).all
respond_to do |format|
format.html
format.xls
end
end
def export_members
authorize :export
@datas = User.with_role(:member).includes(:group, :subscriptions, :profile)
respond_to do |format|
format.html
format.xls
end
end
def merge
authorize @member
# here the user query to be mapped to his already existing account
token = params.require(:user).permit(:auth_token)[:auth_token]
@account = User.find_by_auth_token(token)
if @account
@flow_worker = MembersFlowWorker.new(@account)
begin
if @flow_worker.merge_from_sso(@member)
@member = @account
# finally, log on the real account
sign_in(@member, :bypass => true)
render :show, status: :ok, location: member_path(@member)
else
render json: @member.errors, status: :unprocessable_entity
end
rescue DuplicateIndexError => error
render json: {error: t('members.please_input_the_authentication_code_sent_to_the_address', EMAIL: error.message)}, status: :unprocessable_entity
end
else
render json: {error: t('members.your_authentication_code_is_not_valid')}, status: :unprocessable_entity
end
end
def list
authorize User
p = params.require(:query).permit(:search, :order_by, :page, :size)
unless p[:page].is_a? Integer
render json: {error: 'page must be an integer'}, status: :unprocessable_entity
end
unless p[:size].is_a? Integer
render json: {error: 'size must be an integer'}, status: :unprocessable_entity
end
direction = (p[:order_by][0] == '-' ? 'DESC' : 'ASC')
order_key = (p[:order_by][0] == '-' ? p[:order_by][1, p[:order_by].size] : p[:order_by])
case order_key
when 'last_name'
order_key = 'profiles.last_name'
when 'first_name'
order_key = 'profiles.first_name'
when 'email'
order_key = 'users.email'
when 'phone'
order_key = 'profiles.phone'
when 'group'
order_key = 'groups.name'
when 'plan'
order_key = 'plans.base_name'
else
order_key = 'users.id'
end
@members = User.includes(:profile, :group)
.joins(:profile, :group, 'LEFT JOIN "subscriptions" ON "subscriptions"."user_id" = "users"."id" LEFT JOIN "plans" ON "plans"."id" = "subscriptions"."plan_id"')
.order("#{order_key} #{direction}")
.page(p[:page])
.per(p[:size])
# ILIKE => PostgreSQL case-insensitive LIKE
@members = @members.where('profiles.first_name ILIKE :search OR profiles.last_name ILIKE :search OR profiles.phone ILIKE :search OR email ILIKE :search OR groups.name ILIKE :search OR plans.base_name ILIKE :search', search: "%#{p[:search]}%") if p[:search].size > 0
@members
end
private
def set_member
@member = User.find(params[:id])
end
def user_params
if current_user.id == params[:id].to_i
params.require(:user).permit(:username, :email, :password, :password_confirmation, :group_id, :is_allow_contact,
profile_attributes: [:id, :first_name, :last_name, :gender, :birthday, :phone, :interest, :software_mastered, :website, :job,
:facebook, :twitter, :google_plus, :viadeo, :linkedin, :instagram, :youtube, :vimeo, :dailymotion, :github, :echosciences, :pinterest, :lastfm, :flickr,
:user_avatar_attributes => [:id, :attachment, :_destroy], :address_attributes => [:id, :address]])
elsif current_user.is_admin?
params.require(:user).permit(:username, :email, :password, :password_confirmation, :invoicing_disabled, :is_allow_contact,
:group_id, training_ids: [], tag_ids: [],
profile_attributes: [:id, :first_name, :last_name, :gender, :birthday, :phone, :interest, :software_mastered, :website, :job,
:facebook, :twitter, :google_plus, :viadeo, :linkedin, :instagram, :youtube, :vimeo, :dailymotion, :github, :echosciences, :pinterest, :lastfm, :flickr,
user_avatar_attributes: [:id, :attachment, :_destroy], address_attributes: [:id, :address]])
end
end
end