-
Notifications
You must be signed in to change notification settings - Fork 118
Expand file tree
/
Copy pathusers_controller.rb
More file actions
162 lines (144 loc) · 5.4 KB
/
users_controller.rb
File metadata and controls
162 lines (144 loc) · 5.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
# frozen_string_literal: true
module SuperAdmin
# Controller for performing CRUD operations for other users
class UsersController < ApplicationController
include OrgSelectable
after_action :verify_authorized
# GET /super_admin/users/:id/edit
def edit
@user = User.find(params[:id])
authorize @user
@departments = @user.org.departments.order(:name)
@plans = Plan.active(@user).page(1)
render 'super_admin/users/edit',
locals: { user: @user,
departments: @departments,
plans: @plans,
languages: @languages,
orgs: @orgs,
identifier_schemes: @identifier_schemes,
default_org: @user.org }
end
# PUT /super_admin/users/:id
# rubocop:disable Metrics/AbcSize, Metrics/MethodLength
def update
@user = User.find(params[:id])
authorize @user
@departments = @user.org.departments.order(:name)
@plans = Plan.active(@user).page(1)
# See if the user selected a new Org via the Org Lookup and
# convert it into an Org
attrs = user_params
lookup = org_from_params(params_in: attrs)
identifiers = identifiers_from_params(params_in: attrs)
# Remove the extraneous Org Selector hidden fields
attrs = remove_org_selection_params(params_in: attrs)
attrs = handle_confirmed_at_param(attrs)
if @user.update(attrs)
# If its a new Org create it
if lookup.present? && lookup.new_record?
lookup.save
identifiers.each do |identifier|
identifier.identifiable = lookup
identifier.save
end
lookup.reload
end
@user.update(org_id: lookup.id) if lookup.present?
flash.now[:notice] = success_message(@user, _('updated'))
else
flash.now[:alert] = failure_message(@user, _('update'))
end
render :edit
end
# rubocop:enable Metrics/AbcSize, Metrics/MethodLength
# PUT /super_admin/users/:id/merge
# rubocop:disable Metrics/AbcSize
def merge
@user = User.find(params[:id])
authorize @user
if params[:id] == params[:merge_id]
flash.now[:alert] = _("You attempted to merge 2 accounts with the same email address.
Please merge with a different email address.")
else
merge_accounts
end
# After merge attempt get departments and plans
@departments = @user.org.departments.order(:name)
@plans = Plan.active(@user).page(1)
render :edit
end
# rubocop:enable Metrics/AbcSize
# GET /super_admin/users/:id/search
# rubocop:disable Metrics/AbcSize
def search
@user = User.find(params[:id])
@users = User.where('email LIKE ?', "%#{params[:email]}%")
authorize @users
@departments = @user.org.departments.order(:name)
@plans = Plan.active(@user).page(1)
# WHAT TO RETURN!?!?!
if @users.present? # found a user, or Users, submit for merge
render json: {
form: render_to_string(partial: 'confirm_merge')
}
else # NO USER, re-render w/error?
flash.now[:alert] = 'Unable to find user'
render :edit # re-do as responding w/ json
end
end
# rubocop:enable Metrics/AbcSize
# PUT /super_admin/users/:id/archive
# rubocop:disable Metrics/AbcSize
def archive
@user = User.find(params[:id])
authorize @user
@departments = @user.org.departments.order(:name)
@plans = Plan.active(@user).page(1)
if @user.archive
flash.now[:notice] = success_message(@user, _('archived'))
else
flash.now[:alert] = failure_message(@user, _('archive'))
end
render :edit
end
# rubocop:enable Metrics/AbcSize
private
def user_params
params.require(:user).permit(:email,
:firstname,
:surname,
:org_id, :org_name, :org_crosswalk,
:department_id,
:language_id,
:other_organisation,
:confirmed_at)
end
def merge_accounts
remove = User.find(params[:merge_id])
if @user.merge(remove)
flash.now[:notice] = success_message(@user, _('merged'))
else
flash.now[:alert] = failure_message(@user, _('merge'))
end
end
def handle_confirmed_at_param(attrs)
# NOTE: The :confirmed_at param is controlled by a check_box in the form
# `app/views/super_admin/users/_email_confirmation_status.html.erb`.
# When the checkbox is checked, Rails submits the string '1' (indicating "confirmed").
# When unchecked, it submits the string '0' (indicating "unconfirmed").
# if an unconfirmed email is now being confirmed
if [email protected]? && attrs[:confirmed_at] == '1'
attrs[:confirmed_at] = Time.current
# elsif a confirmed email is now being unconfirmed and the user is not a super admin
elsif @user.confirmed? && attrs[:confirmed_at] == '0' && [email protected]_super_admin?
attrs[:confirmed_at] = nil
else
# else delete the param
# (keeps value nil for unconfirmed user and maintains previous Time value for confirmed user)
attrs.delete(:confirmed_at)
end
attrs
end
end
end