class ResourcesController < ApplicationController before_action :set_resource, only: [:new, :show, :edit, :update, :delete, :destroy] # GET /resources def index @resources = Resource.order(:uuid).page params[:page] end # GET /resources/new def new end # POST /resources def create # TODO Background job to list similar items # TODO If there's a match, return to user with new record or list of mergeable ones return 403 unless (current_user_editor? || current_user_observer?) classification = resource_params.delete(:classification) || { section_ids: [] } @resource = current_agent.resources.build(resource_params) respond_to do |format| if @resource.save classification[:section_ids].each { |id| @resource.classifications.find_or_create_by(section_id: id) } format.html { redirect_to @resource, notice: 'Merci de votre contribution !' } format.json { render :show, status: :created, location: @resource } else format.html { render :new } format.json { render json: @resource.errors, status: :unprocessable_entity } end end end # GET /resources/:id def show end # GET /resources/:id/edit def edit # TODO Add a moderation queue for unauthorized but valid changes flash.now[:notice] = 'Please ask an editor or a maintainer to edit this resource!' unless (current_user_editor? || current_user_maintainer?) end # PATCH /resources/:id def update # Check list: # 1. Compare records for changes # 2. Validate each change # 3. Moderate queue or save return 403 unless (current_user_editor? || current_user_maintainer?) respond_to do |format| if @resource.update(resource_params) format.html { redirect_to @resource, notice: 'Merci de votre contribution !' } format.json { render :show, status: :ok, location: @resource } else format.html { render :edit } format.json { render json: @resource.errors, status: :unprocessable_entity } end end end # GET /resources/:id/delete def delete flash.now[:notice] = 'Please ask a maintainer to delete this resource!' unless current_user_maintainer? end # DELETE /resources/:id def destroy # Check list # 1. User belongs to Agent and is :maintainer? if !current_user_maintainer? msg = 'You must be a maintainer to delete resources!' respond_to do |format| format.html { redirect_to :show, notice: msg } format.js { render json: '{}', status: :forbidden, message: msg } end else @resource.destroy respond_to do |format| format.html { redirect_to :index, notice: 'OK, resource record successfully remove.' } format.js { head :no_content } end end end private def resource_params params .require(:resource) .permit(:agent_id, :uuid, :name, :summary, :description, :email, :website, :phone_number, :address, :postal_code, :city, :entry_number, :categories, :latitude, :longitude, classification: [ :section_ids ]) end def set_resource @resource = Resource.find_by(uuid: params[:id]) || current_agent.resources.build end end