Merge 9fe5cc2 into 7215b8d

.rspec

@@ -1,2 +1,2 @@
 --color
---require spec_helper
+--format progress

Guardfile

@@ -1,7 +1,7 @@
 # More info at https://github.com/guard/guard#readme
 notification :off
 
-guard :rspec, cmd: 'bin/rspec --format progress --color' do
+guard :rspec, cmd: 'bin/rspec' do
   watch(%r{^spec/.+_spec\.rb$})
   watch('spec/spec_helper.rb')                         { 'spec' }
 

app/controllers/admin/base_controller.rb

@@ -15,7 +15,7 @@ def admin_controller?
     private
 
     def verify_admin
-      fail CanCan::AccessDenied, 'Administrator access only.' unless Access::Check.is_admin?(current_user)
+      fail CanCan::AccessDenied, 'Administrator access only.' unless Access::Core.is_admin?(current_user)
     end
   end
 end

app/controllers/analysis_controller.rb

@@ -91,9 +91,9 @@ def system_audio_recordings
 
   def authorise_custom(request_params, user)
 
-    # Can't do anything if not logged in, not in user or admin role, or not confirmed
-    if user.blank? || (!Access::Check.is_standard_user?(user) && !Access::Check.is_admin?(user)) || !user.confirmed?
-      fail CanCan::AccessDenied, 'Anonymous users, non-admin and non-users, or unconfirmed users cannot access analysis data.'
+    # TODO: the access depends on the project access
+    if user.blank? || (!Access::Core.is_standard_user?(user) && !Access::Core.is_admin?(user))
+      fail CanCan::AccessDenied, 'TODO: the access depends on the project access.'
     end
 
     auth_custom_audio_recording(request_params.slice(:audio_recording_id))

app/controllers/analysis_jobs_controller.rb

@@ -105,7 +105,7 @@ def analysis_job_update_params
   end
 
   def get_analysis_jobs
-    Access::Query.analysis_jobs(current_user, Access::Core.levels_allow)
+    Access::ByPermission.analysis_jobs(current_user, Access::Core.levels)
   end
 
 end

app/controllers/application_controller.rb

@@ -26,6 +26,7 @@ class ApplicationController < ActionController::Base
   rescue_from ActiveRecord::RecordNotUnique, with: :record_not_unique_response
   rescue_from ActionController::BadRequest, with: :bad_request_response
   rescue_from ActionController::InvalidAuthenticityToken, with: :invalid_csrf_response
+  rescue_from ActionController::UnknownFormat, with: :unknown_format_response
 
   # Custom errors - these use the message in the error
   # RoutingArgumentError - error handling for routes that take a combination of attributes
@@ -63,8 +64,23 @@ class ApplicationController < ActionController::Base
                     (session[:last_seen_at].blank? || Time.zone.at(session[:last_seen_at].to_i) < 10.minutes.ago)
                 }
 
+  # A dummy method to get rid of all the Rubymine errors.
+  # @return [User]
+  def current_user
+    super
+  end
+
+  # A dummy method to get rid of all the Rubymine errors.
+  # @return [Boolean]
+  def user_signed_in?
+    super
+  end
+
   protected
 
+  # Add archived at header to HTTP response
+  # @param [ActiveRecord::Base] model
+  # @return [void]
   def add_archived_at_header(model)
     if model.respond_to?(:deleted_at) && !model.deleted_at.blank?
       response.headers['X-Archived-At'] = model.deleted_at.httpdate # must be a string, can't just pass a Date or Time
@@ -153,6 +169,11 @@ def auth_custom_audio_event(request_params, audio_recording)
     audio_event
   end
 
+  # Authorise audio event by audio recording and offsets
+  # @param [Hash] request_params
+  # @param [AudioRecording] audio_recording
+  # @param [AudioEvent] audio_event
+  # @return [void]
   def auth_custom_offsets(request_params, audio_recording, audio_event)
     # check offsets are within range
 
@@ -372,6 +393,19 @@ def invalid_csrf_response(error)
     )
   end
 
+  def unknown_format_response(error)
+    # similar to 406 - can't send in format requested
+
+    request.format = :json
+
+    render_error(
+        :not_acceptable,
+        "This resource is not available in this format '#{request.format}'.",
+        error,
+        'unknown_format_response'
+    )
+  end
+
   def access_denied_response(error)
     if current_user && current_user.confirmed?
       render_error(

app/controllers/audio_event_comments_controller.rb

@@ -9,7 +9,7 @@ def index
 
     @audio_event_comments, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.audio_event_comments(@audio_event, current_user),
+        Access::ByPermission.audio_event_comments(current_user, Access::Core.levels, @audio_event),
         AudioEventComment,
         AudioEventComment.filter_settings
     )
@@ -58,7 +58,7 @@ def update
     # allow any logged in user to flag an audio comment
     # only the user that created the audio comment (or admin) can update any other attribute
     is_creator = @audio_event_comment.creator.id == current_user.id
-    is_admin = Access::Check.is_admin?(current_user)
+    is_admin = Access::Core.is_admin?(current_user)
     is_changing_only_flag =
         (audio_event_comment_update_params.include?(:audio_event_comment) &&
             ([:flag] - audio_event_comment_update_params[:audio_event_comment].symbolize_keys.keys).empty?)
@@ -93,7 +93,7 @@ def filter
 
     filter_response, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.comments(current_user),
+        Access::ByPermission.audio_event_comments(current_user),
         AudioEventComment,
         AudioEventComment.filter_settings
     )

app/controllers/audio_events_controller.rb

@@ -12,7 +12,7 @@ def index
 
     @audio_events, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.audio_recording_audio_events(@audio_recording, current_user),
+        Access::ByPermission.audio_events(current_user, Access::Core.levels, @audio_recording),
         AudioEvent,
         AudioEvent.filter_settings
     )
@@ -88,7 +88,7 @@ def filter
 
     filter_response, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.audio_events(current_user),
+        Access::ByPermission.audio_events(current_user),
         AudioEvent,
         AudioEvent.filter_settings
     )

app/controllers/audio_recordings_controller.rb

@@ -10,7 +10,7 @@ def index
 
     @audio_recordings, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.audio_recordings(current_user),
+        Access::ByPermission.audio_recordings(current_user),
         AudioRecording,
         AudioRecording.filter_settings
     )
@@ -50,9 +50,9 @@ def create
     uploader_id = audio_recording_params[:uploader_id].to_i
     user_exists = User.exists?(uploader_id)
     user = User.where(id: uploader_id).first
-    actual_level = Access::Level.project(user, @project)
+    actual_level = Access::Core.user_levels(user, @project)
     requested_level = :writer
-    is_allowed = Access::Check.allowed?(requested_level, actual_level)
+    is_allowed = Access::Core.allowed?(requested_level, actual_level)
 
     if !user_exists || !is_allowed
       respond_error(
@@ -133,23 +133,23 @@ def update
   # this is used by the harvester, do not change!
   # GET /projects/:project_id/sites/:site_id/audio_recordings/check_uploader/:uploader_id
   def check_uploader
-    #do_authorize_class - custom auth
+    #do_authorize_class - not used, this action does a custom auth
     get_project_site
 
     # current user should be the harvester
     # uploader_id must have write access to the project
 
     if current_user.blank?
       fail CanCan::AccessDenied.new(I18n.t('devise.failure.unauthenticated'), :check_uploader, AudioRecording)
-    elsif Access::Check.is_harvester?(current_user)
+    elsif Access::Core.is_harvester?(current_user)
       # auth check is skipped, so auth is checked manually here
       uploader_id = params[:uploader_id].to_i
       user_exists = User.exists?(uploader_id)
       user = User.where(id: uploader_id).first
 
-      actual_level = Access::Level.project(user, @project)
+      actual_level = Access::Core.user_levels(user, @project)
       requested_level = :writer
-      is_allowed = Access::Check.allowed?(requested_level, actual_level)
+      is_allowed = Access::Core.allowed?(requested_level, actual_level)
 
       if !user_exists || !is_allowed
         respond_error(
@@ -190,7 +190,7 @@ def filter
 
     filter_response, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.audio_recordings(current_user),
+        Access::ByPermission.audio_recordings(current_user),
         AudioRecording,
         AudioRecording.filter_settings
     )
@@ -203,7 +203,7 @@ def update_status_user_check
     # auth is checked manually here - not sure if this is necessary or not
     if current_user.blank?
       fail CanCan::AccessDenied.new(I18n.t('devise.failure.unauthenticated'), :update_status_user_check, AudioRecording)
-    elsif Access::Check.is_harvester?(current_user)
+    elsif Access::Core.is_harvester?(current_user)
       update_status_params_check
     else
       respond_error(:forbidden, 'only harvester can update audio recordings')

app/controllers/bookmarks_controller.rb

@@ -7,7 +7,7 @@ def index
 
     @bookmarks, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.bookmarks_modified(current_user),
+        Access::ByUserModified.bookmarks(current_user),
         Bookmark,
         Bookmark.filter_settings
     )
@@ -71,7 +71,7 @@ def filter
 
     filter_response, opts = Settings.api_response.response_advanced(
         api_filter_params,
-        Access::Query.bookmarks_modified(current_user),
+        Access::ByUserModified.bookmarks(current_user),
         Bookmark,
         Bookmark.filter_settings
     )

app/controllers/media_controller.rb

@@ -59,9 +59,9 @@ def show
 
   def authorise_custom(request_params, user)
 
-    # Can't do anything if not logged in, not in user or admin role, or not confirmed
-    if user.blank? || (!Access::Check.is_standard_user?(user) && !Access::Check.is_admin?(user)) || !user.confirmed?
-      fail CanCan::AccessDenied, 'Anonymous users, non-admin and non-users, or unconfirmed users cannot access media.'
+    # TODO: the access depends on the project access
+    if user.blank? || (!Access::Core.is_standard_user?(user) && !Access::Core.is_admin?(user)) || !user.confirmed?
+      fail CanCan::AccessDenied, 'xxxx'
     end
 
     audio_recording = auth_custom_audio_recording(request_params)

app/controllers/permissions_controller.rb

@@ -7,12 +7,24 @@ def index
     get_project
     do_authorize_instance(:update_permissions, @project)
 
+    result = update_permissions
+
+    if result === true
+      flash[:success] = 'Permissions successfully updated.'
+    elsif result === false
+      flash[:error] = 'There was an error updating permissions. Please try again or contact us.'
+    end
+
     respond_to do |format|
-      format.html
+      format.html {
+        redirect_to project_permissions_path(@project) unless result.nil?
+        @permissions = Permission.where(project: @project)
+        @users = User.order(:user_name).page(params[:page])
+      }
       format.json {
         @permissions, opts = Settings.api_response.response_advanced(
             api_filter_params,
-            Access::Query.project_permissions(@project),
+            Access::ByPermission.permissions(@project),
             Permission,
             Permission.filter_settings)
         respond_index(opts)
@@ -51,12 +63,12 @@ def create
     do_authorize_instance
 
     respond_to do |format|
-    if @permission.save
-      format.json { respond_create_success(project_permission_path(@project, @permission)) }
-    else
-      format.json { respond_change_fail }
-    end
+      if @permission.save
+        format.json { respond_create_success(project_permission_path(@project, @permission)) }
+      else
+        format.json { respond_change_fail }
       end
+    end
 
   end
 
@@ -78,7 +90,6 @@ def destroy
   def get_project
     @project = Project.find(params[:project_id])
 
-    # avoid the same project assigned more than once to a site
     if defined?(@permission) && @permission.project.blank?
       @permission.project = @project
     end
@@ -88,4 +99,40 @@ def permission_params
     params.require(:permission).permit(:level, :project_id, :user_id)
   end
 
+  def update_permissions_params
+    params.permit(project_wide: [:logged_in, :anonymous], per_user: [:none, :reader, :writer, :owner])
+  end
+
+  def update_permissions
+    request_params = update_permissions_params
+
+    return nil if !request_params.include?(:project_wide) && !request_params.include?(:per_user)
+    if request_params.include?(:project_wide) && request_params[:project_wide].include?(:logged_in)
+      permission = Permission.where(project: @project, user: nil, allow_logged_in: true, allow_anonymous: false).first
+      permission = Permission.new(project: @project, user: nil, allow_logged_in: true, allow_anonymous: false) if permission.blank?
+      new_level = request_params[:project_wide][:logged_in].to_s
+    elsif request_params.include?(:project_wide) && request_params[:project_wide].include?(:anonymous)
+      permission = Permission.where(project: @project, user: nil, allow_logged_in: false, allow_anonymous: true).first
+      permission = Permission.new(project: @project, user: nil, allow_logged_in: false, allow_anonymous: true) if permission.blank?
+      new_level = request_params[:project_wide][:anonymous].to_s
+    elsif request_params.include?(:per_user)
+      user_id = request_params[:per_user].values.first.to_i
+      permission = Permission.where(project: @project, user_id: user_id, allow_logged_in: false, allow_anonymous: false).first
+      permission = Permission.new(project: @project, user_id: user_id, allow_logged_in: false, allow_anonymous: false) if permission.blank?
+      new_level = request_params[:per_user].keys.first.to_s
+    else
+      permission = nil
+      new_level = nil
+    end
+
+    if new_level.to_s.downcase == 'none'
+      result = permission.destroy
+    else
+      permission.level = new_level
+      result = permission.save
+    end
+
+    result
+  end
+
 end