-
Notifications
You must be signed in to change notification settings - Fork 434
/
group_controller.rb
85 lines (70 loc) · 2.44 KB
/
group_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
class GroupController < ApplicationController
include ValidationHelper
validate_action groupinfo: { method: :get, response: :group }
validate_action groupinfo: { method: :put, request: :group, response: :status }
validate_action groupinfo: { method: :delete, response: :status }
# raise an exception if authorize has not yet been called.
after_action :verify_authorized, except: [:index, :show]
rescue_from Pundit::NotAuthorizedError do |exception|
pundit_action = case exception.query.to_s
when "index?" then "list"
when "show?" then "view"
when "create?" then "create"
when "new?" then "create"
when "update?" then "update"
when "destroy?" then "delete"
else exception.query
end
render_error status: 403, errorcode: "No permission to #{pundit_action} group"
end
def index
if params[:login]
user = User.find_by_login!(params[:login])
@list = user.groups
else
@list = Group.all
end
@list = @list.find_all { |group| group.title.starts_with? params[:prefix] } if params[:prefix]
end
# DELETE for removing it
def delete
group = Group.find_by_title!(params[:title])
authorize group, :destroy?
group.destroy
render_ok
end
# GET for showing the group
def show
@group = Group.find_by_title!(params[:title])
end
# PUT for rewriting it completely including defined user list.
def update
group = Group.find_by_title(params[:title])
if group.nil?
authorize Group, :create?
group = Group.create(title: params[:title])
end
authorize group, :update?
xmlhash = Xmlhash.parse(request.raw_post)
raise InvalidParameterError, "group name from path and xml mismatch" unless group.title == xmlhash.value('title')
group.update_from_xml(xmlhash)
group.save!
render_ok
end
# POST for editing it, adding or remove users
def command
group = Group.find_by_title!(URI.unescape(params[:title]))
authorize group, :update?
user = User.find_by_login!(params[:userid]) if params[:userid]
if params[:cmd] == "add_user"
group.add_user user
elsif params[:cmd] == "remove_user"
group.remove_user user
elsif params[:cmd] == "set_email"
group.set_email params[:email]
else
raise UnknownCommandError, "cmd must be set to add_user or remove_user"
end
render_ok
end
end