biovision-base 0.5.170614

data/app/controllers/browsers_controller.rb

@@ -0,0 +1,63 @@
+class BrowsersController < AdminController
+  before_action :set_entity, only: [:edit, :update, :destroy]
+  before_action :restrict_editing, only: [:edit, :update, :destroy]
+
+  # get /browsers/new
+  def new
+    @entity = Browser.new
+  end
+
+  # post /browsers
+  def create
+    @entity = Browser.new entity_parameters
+    if @entity.save
+      redirect_to admin_browser_path(@entity)
+    else
+      render :new, status: :bad_request
+    end
+  end
+
+  # get /browsers/:id/edit
+  def edit
+  end
+
+  # patch /browsers/:id
+  def update
+    if @entity.update entity_parameters
+      redirect_to admin_browser_path(@entity), notice: t('browsers.update.success')
+    else
+      render :edit, status: :bad_request
+    end
+  end
+
+  # delete /browsers/:id
+  def destroy
+    if @entity.update! deleted: true
+      flash[:notice] = t('browsers.destroy.success')
+    end
+    redirect_to admin_browsers_path
+  end
+
+  private
+
+  def restrict_access
+    require_privilege :administrator
+  end
+
+  def set_entity
+    @entity = Browser.find_by(id: params[:id], deleted: false)
+    if @entity.nil?
+      handle_http_404('Browser is not found or was deleted')
+    end
+  end
+
+  def restrict_editing
+    if @entity.locked?
+      redirect_to admin_browser_path(@entity), alert: t('browsers.edit.forbidden')
+    end
+  end
+
+  def entity_parameters
+    params.require(:browser).permit(Browser.entity_parameters)
+  end
+end

data/app/controllers/codes_controller.rb

@@ -0,0 +1,60 @@
+class CodesController < AdminController
+  before_action :set_entity, only: [:edit, :update, :destroy]
+
+  # get /codes/new
+  def new
+    @entity = Code.new
+  end
+
+  # post /codes
+  def create
+    @entity = Code.new(creation_parameters)
+    if @entity.save
+      redirect_to admin_code_path(@entity.id)
+    else
+      render :new, status: :bad_request
+    end
+  end
+
+  # get /codes/:id/edit
+  def edit
+  end
+
+  # patch /codes/:id
+  def update
+    if @entity.update(entity_parameters)
+      redirect_to admin_code_path(@entity.id), notice: t('codes.update.success')
+    else
+      render :edit, status: :bad_request
+    end
+  end
+
+  # delete /codes/:id
+  def destroy
+    if @entity.destroy
+      flash[:notice] = t('codes.destroy.success')
+    end
+    redirect_to admin_codes_path
+  end
+
+  protected
+
+  def restrict_access
+    require_privilege :administrator
+  end
+
+  def set_entity
+    @entity = Code.find_by(id: params[:id])
+    if @entity.nil?
+      handle_http_404('Cannot find code')
+    end
+  end
+
+  def entity_parameters
+    params.require(:code).permit(Code.entity_parameters)
+  end
+
+  def creation_parameters
+    params.require(:code).permit(Code.creation_parameters)
+  end
+end

data/app/controllers/concerns/authentication.rb

@@ -0,0 +1,19 @@
+module Authentication
+  extend ActiveSupport::Concern
+
+  def redirect_authenticated_user
+    redirect_to my_path unless current_user.nil?
+  end
+
+  # @param [User] user
+  def create_token_for_user(user)
+    token = user.tokens.create!(tracking_for_entity)
+
+    cookies['token'] = {
+      value: token.cookie_pair,
+      expires: 1.year.from_now,
+      domain: :all,
+      httponly: true
+    }
+  end
+end

data/app/controllers/concerns/biovision/admin/privileges.rb

@@ -0,0 +1,34 @@
+module Biovision::Admin::Privileges
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :set_entity, except: [:index]
+  end
+
+  # get /admin/privileges
+  def index
+    @collection = ::Privilege.for_tree
+  end
+
+  # get /admin/privileges/:id
+  def show
+  end
+
+  # get /admin/privileges/:id/users
+  def users
+    @collection = @entity.users.page_for_administration(current_page)
+  end
+
+  protected
+
+  def restrict_access
+    require_privilege :administrator
+  end
+
+  def set_entity
+    @entity = ::Privilege.find_by(id: params[:id], deleted: false)
+    if @entity.nil?
+      handle_http_404("Cannot find non-deleted privilege #{params[:id]}")
+    end
+  end
+end

data/app/controllers/concerns/entity_priority.rb

@@ -0,0 +1,7 @@
+module EntityPriority
+  extend ActiveSupport::Concern
+
+  def priority
+    render json: { data: @entity.change_priority(params[:delta].to_s.to_i) }
+  end
+end

data/app/controllers/concerns/lockable_entity.rb

@@ -0,0 +1,23 @@
+module LockableEntity
+  extend ActiveSupport::Concern
+
+  def lock
+    @entity.update!(locked: true)
+
+    render json: { data: { locked: @entity.locked? } }
+  end
+
+  def unlock
+    @entity.update!(locked: false)
+
+    render json: { data: { locked: @entity.locked? } }
+  end
+
+  protected
+
+  def check_entity_lock
+    if @entity.locked?
+      render json: { errors: { locked: @entity.locked } }, status: :forbidden
+    end
+  end
+end

data/app/controllers/concerns/toggleable_entity.rb

@@ -0,0 +1,7 @@
+module ToggleableEntity
+  extend ActiveSupport::Concern
+
+  def toggle
+    render json: { data: @entity.toggle_parameter(params[:parameter].to_s) }
+  end
+end

data/app/controllers/editable_pages_controller.rb

@@ -0,0 +1,60 @@
+class EditablePagesController < AdminController
+  before_action :set_entity, only: [:edit, :update, :destroy]
+
+  # get /editable_pages/new
+  def new
+    @entity = EditablePage.new
+  end
+
+  # post /editable_pages
+  def create
+    @entity = EditablePage.new(creation_parameters)
+    if @entity.save
+      redirect_to(admin_editable_page_path(@entity.id))
+    else
+      render :new, status: :bad_request
+    end
+  end
+
+  # get /editable_pages/:id/edit
+  def edit
+  end
+
+  # patch /editable_pages/:id
+  def update
+    if @entity.update entity_parameters
+      redirect_to admin_editable_page_path(@entity), notice: t('editable_pages.update.success')
+    else
+      render :edit, status: :bad_request
+    end
+  end
+
+  # delete /editable_pages/:id
+  def destroy
+    if @entity.destroy
+      flash[:notice] = t('editable_pages.destroy.success')
+    end
+    redirect_to(admin_editable_pages_path)
+  end
+
+  protected
+
+  def restrict_access
+    require_privilege :chief_editor
+  end
+
+  def set_entity
+    @entity = EditablePage.find_by(id: params[:id])
+    if @entity.nil?
+      handle_http_404('Cannot find editable_page')
+    end
+  end
+
+  def entity_parameters
+    params.require(:editable_page).permit(EditablePage.entity_parameters)
+  end
+
+  def creation_parameters
+    params.require(:editable_page).permit(EditablePage.creation_parameters)
+  end
+end

data/app/controllers/index_controller.rb

@@ -0,0 +1,5 @@
+class IndexController < ApplicationController
+  # get /
+  def index
+  end
+end

data/app/controllers/metrics_controller.rb

@@ -0,0 +1,33 @@
+class MetricsController < AdminController
+  before_action :set_entity, only: [:edit, :update]
+
+  # get /metrics/:id/edit
+  def edit
+  end
+
+  # patch /metrics/:id
+  def update
+    if @entity.update entity_parameters
+      redirect_to admin_metric_path(@entity.id), notice: t('metrics.update.success')
+    else
+      render :edit, status: :bad_request
+    end
+  end
+
+  private
+
+  def restrict_access
+    require_privilege :metrics_manager
+  end
+
+  def set_entity
+    @entity = Metric.find_by(id: params[:id])
+    if @entity.nil?
+      handle_http_404('Cannot find metric')
+    end
+  end
+
+  def entity_parameters
+    params.require(:metric).permit(Metric.entity_parameters)
+  end
+end

data/app/controllers/my/confirmations_controller.rb

@@ -0,0 +1,37 @@
+class My::ConfirmationsController < ApplicationController
+  before_action :restrict_anonymous_access, only: [:create, :update]
+  before_action :redirect_confirmed_user, only: [:create, :update]
+
+  # get /my/confirmation
+  def show
+  end
+
+  # post /my/confirmation
+  def create
+    if current_user.email.blank?
+      redirect_to edit_my_profile_path, notice: t('my.confirmations.create.set_email')
+    else
+      code = CodeManager::Confirmation.code_for_user(current_user)
+      CodeSender.email(code.id).deliver_later unless code.nil?
+      redirect_to my_confirmation_path, notice: t('my.confirmations.create.success')
+    end
+  end
+
+  # patch /my/confirmation
+  def update
+    code    = Code.find_by(body: param_from_request(:code))
+    manager = CodeManager::Confirmation.new(code, current_user)
+    if manager.code_is_valid?
+      manager.activate
+      redirect_to my_path
+    else
+      redirect_to my_confirmation_path, alert: t('my.confirmations.update.invalid_code')
+    end
+  end
+
+  protected
+
+  def redirect_confirmed_user
+    redirect_to my_confirmation_path, notice: t(:email_already_confirmed) if current_user.email_confirmed?
+  end
+end

data/app/controllers/my/index_controller.rb

@@ -0,0 +1,7 @@
+class My::IndexController < ApplicationController
+  before_action :restrict_anonymous_access
+
+  # get /my
+  def index
+  end
+end

data/app/controllers/my/profiles_controller.rb

@@ -0,0 +1,81 @@
+class My::ProfilesController < ApplicationController
+  include Authentication
+
+  before_action :redirect_authorized_user, only: [:new, :create]
+  before_action :restrict_anonymous_access, except: [:new, :create]
+
+  # get /my/profile/new
+  def new
+    @user = User.new
+  end
+
+  # post /my/profile
+  def create
+    if params[:agree]
+      redirect_to root_path, notice: t('my.profiles.create.success')
+    else
+      create_user
+    end
+  end
+
+  # get /my/profile
+  def show
+  end
+
+  # get /my/profile/edit
+  def edit
+  end
+
+  # patch /my/profile
+  def update
+    if current_user.update user_parameters
+      redirect_to my_profile_path, notice: t('my.profiles.update.success')
+    else
+      render :edit, status: :bad_request
+    end
+  end
+
+  protected
+
+  def redirect_authorized_user
+    redirect_to my_profile_path if current_user.is_a? User
+  end
+
+  def create_user
+    @user = User.new creation_parameters
+    if @user.save
+      Metric.register(User::METRIC_REGISTRATION)
+      create_token_for_user(@user)
+      redirect_to my_profile_path, notice: t('my.profiles.create.success')
+    else
+      render :new, status: :bad_request
+    end
+  end
+
+  def creation_parameters
+    parameters = params.require(:user).permit(User.new_profile_parameters)
+    parameters.merge(tracking_for_entity)
+  end
+
+  def user_parameters
+    sensitive  = sensitive_parameters
+    editable   = User.profile_parameters + sensitive
+    parameters = params.require(:user).permit(editable)
+    filter_parameters parameters, sensitive
+  end
+
+  def sensitive_parameters
+    if current_user.authenticate params[:password].to_s
+      User.sensitive_parameters
+    else
+      []
+    end
+  end
+
+  def filter_parameters(parameters, sensitive)
+    sensitive.each { |parameter| parameters.except! parameter if parameter.blank? }
+    parameters[:email_confirmed] = false if parameters[:email] && parameters[:email] != current_user.email
+    parameters[:phone_confirmed] = false if parameters[:phone] && parameters[:phone] != current_user.phone
+    parameters
+  end
+end