diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/agents_controller.rb | 10 | ||||
-rw-r--r-- | app/controllers/resources_controller.rb | 12 | ||||
-rw-r--r-- | app/controllers/welcome_controller.rb | 21 |
3 files changed, 26 insertions, 17 deletions
diff --git a/app/controllers/agents_controller.rb b/app/controllers/agents_controller.rb index 105e443..fcbaebe 100644 --- a/app/controllers/agents_controller.rb +++ b/app/controllers/agents_controller.rb @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-or-later class AgentsController < ApplicationController - before_action :set_agent, only: [:new, :show, :edit, :update, :delete, :destroy] + before_action :set_agent, only: [:new, :show, :edit, :update, :delete, :destroy] # GET /agents def index @@ -26,7 +26,7 @@ class AgentsController < ApplicationController # GET /agents/:id/edit def edit - flash.now[:notice] = 'Please ask a maintainer to edit this resource!' unless current_user_maintainer? + flash.now[:notice] = 'Please ask a maintainer to edit this resource!' unless current_agent == @agent end # PATCH /agents/:id @@ -36,7 +36,7 @@ class AgentsController < ApplicationController # 2. Validate each change # 3. Moderate queue or save - return 403 unless current_user_maintainer? + return 403 unless current_agent == @agent respond_to do |format| if @agent.update(agent_params) @@ -51,7 +51,7 @@ class AgentsController < ApplicationController # GET /agents/:id/delete def delete - flash.now[:notice] = 'Please ask a maintainer to delete your Agent!' unless current_user_maintainer? + flash.now[:notice] = 'Please ask a maintainer to delete your Agent!' unless current_agent == @agent end # DELETE /agents/:id @@ -59,7 +59,7 @@ class AgentsController < ApplicationController return 403 # Yeah, right? # Check list # 1. User belongs to Agent and is :maintainer? - if !(current_user_maintainer? && current_user_leader?) + unless current_agent == @agent msg = 'You must be a maintainer and a leader to delete your Agent!' respond_to do |format| format.html { redirect_to :show, notice: msg } diff --git a/app/controllers/resources_controller.rb b/app/controllers/resources_controller.rb index 52d89ea..2fa392f 100644 --- a/app/controllers/resources_controller.rb +++ b/app/controllers/resources_controller.rb @@ -18,13 +18,15 @@ class ResourcesController < ApplicationController def create # TODO Background job to list similar items # TODO If there's a match, return to user with new record or list of mergeable ones - return 403 unless (current_user_editor? || current_user_observer?) classification = resource_params.delete(:classification) || { section_ids: [] } + Rails.logger.info resource_params + @resource = current_agent.resources.build(resource_params) respond_to do |format| + Rails.logger.info "format: #{format} - Res: #{@resource.inspect}" if @resource.save classification[:section_ids].each { |id| @resource.classifications.find_or_create_by(section_id: id) } format.html { redirect_to @resource, notice: 'Merci de votre contribution !' } @@ -43,8 +45,7 @@ class ResourcesController < ApplicationController # GET /resources/:id/edit def edit # TODO Add a moderation queue for unauthorized but valid changes - flash.now[:notice] = 'Please ask an editor or a maintainer to edit this resource!' unless (current_user_editor? || current_user_maintainer?) - + flash.now[:notice] = 'Please ask an editor or a maintainer to edit this resource!' unless @resource.agent == current_agent Rails.logger.info "EDIT: #{@resource.uuid} #{@resource.name} // #{current_agent.id}" end @@ -56,7 +57,8 @@ class ResourcesController < ApplicationController # 2. Validate each change # 3. Moderate queue or save - return 403 unless (current_user_editor? || current_user_maintainer?) + # TODO: pass this to current_agent and version resource + return 403 unless current_agent == @resource.agent respond_to do |format| if @resource.update(resource_params) @@ -78,7 +80,7 @@ class ResourcesController < ApplicationController def destroy # Check list # 1. User belongs to Agent and is :maintainer? - if !current_user_maintainer? + if @resource.agent != current_agent msg = 'You must be a maintainer to delete resources!' respond_to do |format| format.html { redirect_to :show, notice: msg } diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb index 5fce0cf..ad9cd95 100644 --- a/app/controllers/welcome_controller.rb +++ b/app/controllers/welcome_controller.rb @@ -102,20 +102,27 @@ class WelcomeController < ApplicationController # Set @current_user to existing or new User record from SSO user info def find_or_create_current_user - @current_user = User.find_by(external_id: @sso.user_info[:external_id]) || + user_data = { + external_id: @sso.user_info[:external_id], + avatar_url: @sso.user_info[:avatar_url], + email: @sso.user_info[:email], + name: @sso.user_info[:name], + username: @sso.user_info[:username] + } + + @current_user = User.find_by(external_id: user_data[:external_id]) || begin Rails.logger.info('new user...') - u = User.create( - external_id: @sso.user_info[:external_id], - avatar_url: @sso.user_info[:avatar_url], - email: @sso.user_info[:email], - name: @sso.user_info[:name], - username: @sso.user_info[:username]) + u = User.create(user_data) Rails.logger.info('created user %s' % u.inspect) u rescue Exception => e Rails.logger.warning("#{e.type}: #{e.message}") end + + user_data.reverse_merge!(@current_user.attributes.symbolize_keys) + @current_user.update(user_data) if user_data != @current_user.attributes + @current_user end # Update user agents |