[FIX] Availability of agents

3 files changed, 26 insertions, 17 deletions

diff --git a/app/controllers/agents_controller.rb b/app/controllers/agents_controller.rb
index 105e443..fcbaebe 100644
--- a/app/controllers/agents_controller.rb
+++ b/app/controllers/agents_controller.rb
@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
 class AgentsController < ApplicationController
-    before_action :set_agent, only: [:new, :show, :edit, :update, :delete, :destroy]
+  before_action :set_agent, only: [:new, :show, :edit, :update, :delete, :destroy]
 
   # GET /agents
   def index
@@ -26,7 +26,7 @@ class AgentsController < ApplicationController
 
   # GET /agents/:id/edit
   def edit
-    flash.now[:notice] = 'Please ask a maintainer to edit this resource!' unless current_user_maintainer?
+    flash.now[:notice] = 'Please ask a maintainer to edit this resource!' unless current_agent == @agent
   end
 
   # PATCH /agents/:id
@@ -36,7 +36,7 @@ class AgentsController < ApplicationController
     # 2. Validate each change
     # 3. Moderate queue or save
 
-    return 403 unless current_user_maintainer?
+    return 403 unless current_agent == @agent
 
     respond_to do |format|
       if @agent.update(agent_params)
@@ -51,7 +51,7 @@ class AgentsController < ApplicationController
 
   # GET /agents/:id/delete
   def delete
-    flash.now[:notice] = 'Please ask a maintainer to delete your Agent!' unless current_user_maintainer?
+    flash.now[:notice] = 'Please ask a maintainer to delete your Agent!' unless current_agent == @agent
   end
 
   # DELETE /agents/:id
@@ -59,7 +59,7 @@ class AgentsController < ApplicationController
     return 403 # Yeah, right?
     # Check list
     # 1. User belongs to Agent and is :maintainer?
-    if !(current_user_maintainer? && current_user_leader?)
+    unless current_agent == @agent
       msg = 'You must be a maintainer and a leader to delete your Agent!'
       respond_to do |format|
         format.html { redirect_to :show, notice: msg }
diff --git a/app/controllers/resources_controller.rb b/app/controllers/resources_controller.rb
index 52d89ea..2fa392f 100644
--- a/app/controllers/resources_controller.rb
+++ b/app/controllers/resources_controller.rb
@@ -18,13 +18,15 @@ class ResourcesController < ApplicationController
   def create
     # TODO Background job to list similar items
     # TODO If there's a match, return to user with new record or list of mergeable ones
-    return 403 unless (current_user_editor? || current_user_observer?)
 
     classification = resource_params.delete(:classification) || { section_ids: [] }
 
+    Rails.logger.info resource_params
+
     @resource = current_agent.resources.build(resource_params)
 
     respond_to do |format|
+      Rails.logger.info "format: #{format} - Res: #{@resource.inspect}"
       if @resource.save
         classification[:section_ids].each { |id| @resource.classifications.find_or_create_by(section_id: id)  }
         format.html { redirect_to @resource, notice: 'Merci de votre contribution !' }
@@ -43,8 +45,7 @@ class ResourcesController < ApplicationController
   # GET /resources/:id/edit
   def edit
     # TODO Add a moderation queue for unauthorized but valid changes
-    flash.now[:notice] = 'Please ask an editor or a maintainer to edit this resource!' unless (current_user_editor? || current_user_maintainer?)
-
+    flash.now[:notice] = 'Please ask an editor or a maintainer to edit this resource!' unless @resource.agent == current_agent
 
     Rails.logger.info "EDIT: #{@resource.uuid} #{@resource.name} // #{current_agent.id}"
   end
@@ -56,7 +57,8 @@ class ResourcesController < ApplicationController
     # 2. Validate each change
     # 3. Moderate queue or save
 
-    return 403 unless (current_user_editor? || current_user_maintainer?)
+    # TODO: pass this to current_agent and version resource
+    return 403 unless current_agent == @resource.agent
 
     respond_to do |format|
       if @resource.update(resource_params)
@@ -78,7 +80,7 @@ class ResourcesController < ApplicationController
   def destroy
     # Check list
     # 1. User belongs to Agent and is :maintainer?
-    if !current_user_maintainer?
+    if @resource.agent != current_agent
       msg = 'You must be a maintainer to delete resources!'
       respond_to do |format|
         format.html { redirect_to :show, notice: msg }
diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb
index 5fce0cf..ad9cd95 100644
--- a/app/controllers/welcome_controller.rb
+++ b/app/controllers/welcome_controller.rb
@@ -102,20 +102,27 @@ class WelcomeController < ApplicationController
 
   # Set @current_user to existing or new User record from SSO user info
   def find_or_create_current_user
-    @current_user = User.find_by(external_id: @sso.user_info[:external_id]) ||
+    user_data = {
+      external_id: @sso.user_info[:external_id],
+      avatar_url: @sso.user_info[:avatar_url],
+      email: @sso.user_info[:email],
+      name: @sso.user_info[:name],
+      username: @sso.user_info[:username]
+    }
+
+    @current_user = User.find_by(external_id: user_data[:external_id]) ||
                     begin
                       Rails.logger.info('new user...')
-                      u = User.create(
-                        external_id: @sso.user_info[:external_id],
-                        avatar_url: @sso.user_info[:avatar_url],
-                        email: @sso.user_info[:email],
-                        name: @sso.user_info[:name],
-                        username: @sso.user_info[:username])
+                      u = User.create(user_data)
                       Rails.logger.info('created user %s' % u.inspect)
                       u
                     rescue Exception => e
                       Rails.logger.warning("#{e.type}: #{e.message}")
                     end
+
+    user_data.reverse_merge!(@current_user.attributes.symbolize_keys)
+    @current_user.update(user_data) if user_data != @current_user.attributes
+    @current_user
   end
 
   # Update user agents