Skip to content

Commit

Permalink
[webui] Make groups controller RESTful
Browse files Browse the repository at this point in the history 
- Splits save action in create and update actions
    - Removes unecessary override_group before_filter
    - Makes routes RESTful
    - Moves add_user functionality into Group model
    - Introduces strong paramters
  • Loading branch information
@ChrisBr
ChrisBr committed Feb 25, 2016
1 parent 75eee26 commit 78f612e
Show file tree
Hide file tree
Showing 11 changed files with 78 additions and 64 deletions.
89 changes: 43 additions & 46 deletions src/api/app/controllers/webui/groups_controller.rb
View file
@@ -1,83 +1,80 @@
class Webui::GroupsController < Webui::WebuiController
include Webui::WebuiHelper

before_filter :require_admin, only: [:index]
before_filter :overwrite_group, only: [:edit]
before_filter :require_login, except: [:show, :tokens, :autocomplete]
before_filter :set_group, only: [:show, :update, :edit]
after_action :verify_authorized, except: [:show, :autocomplete, :tokens]

def index
authorize Group, :index?
@groups = Group.all
end

def show
required_parameters :id
@group = Group.find_by_title(params[:id])
unless @group
flash[:error] = "Group '#{params[:id]}' does not exist"
redirect_back_or_to controller: 'main', action: 'index'
end
end
def show; end

def new; end
def new
authorize Group, :create?
end

def edit
required_parameters :group
authorize @group, :update?
@roles = Role.global_roles
@members = []
@displayed_group.users.each do |person|
@group.users.each do |person|
user = { 'name' => person.login }
@members << user
end
end

def save
group = Group.where(title: params[:name]).first
if group.nil?
authorize Group, :create?
group = Group.create(title: params[:name])
def create
authorize Group, :create?

group = Group.new(title: group_params[:title])
if group.save && group.replace_members(group_params[:members])
flash[:success] = "Group '#{group.title}' successfully updated."
redirect_to controller: :groups, action: :index
else
redirect_to :back, error: "Group can't be saved: #{group.errors.full_messages.to_sentence}"
end
authorize group, :update?
Group.transaction do
group.users.delete_all
params[:members].split(',').each do |m|
group.users << User.find_by_login!(m)
end
group.save!
end

def update
authorize @group, :update?

if @group.replace_members(group_params[:members])
flash[:success] = "Group '#{@group.title}' successfully updated."
redirect_to controller: :groups, action: :index
else
redirect_to :back, error: "Group can't be saved: #{@group.errors.full_messages.to_sentence}"
end
flash[:success] = "Group '#{group.title}' successfully updated."
redirect_to controller: :groups, action: :index
end

def autocomplete
required_parameters :term
render json: list_groups(params[:term])
groups = Group.where("title LIKE ?", "#{params[:term]}%").pluck(:title)
render json: groups
end

def tokens
required_parameters :q
render json: list_groups(params[:q], true)
groups = Group.where("title LIKE ?", "#{params[:q]}%").pluck(:title).map { |title| { name: title } }
render json: groups
end

def overwrite_group
@displayed_group = @group
group = Group.find_by_title(params['group']) if params['group'].present?
@displayed_group = group if group
end
private

private :overwrite_group
def group_params
params.require(:group).permit(:title, :members)
end

protected
def set_group
required_parameters :title
@group = Group.find_by_title(params[:title])

def list_groups(prefix = nil, hash = nil)
names = []
groups = Group.arel_table
Group.where(groups[:title].matches("#{prefix}%")).pluck(:title).each do |group|
if hash
names << { 'name' => group }
else
names << group
end
# Group.find_by_title! is self implemented and would raise an 500 error
unless @group
flash[:error] = "Group '#{params[:title]}' does not exist"
redirect_back_or_to controller: 'main', action: 'index'
end
names
end
end
12 changes: 12 additions & 0 deletions src/api/app/models/group.rb
View file
Expand Up @@ -87,6 +87,18 @@ def add_user(user)
gu.save!
end

def replace_members(members)
Group.transaction do
users.delete_all
members.split(',').each do |m|
users << User.find_by_login!(m)
end
save!
end
rescue ActiveRecord::RecordInvalid, NotFoundError => exception
errors.add(:base, exception.message)
end

def remove_user(user)
GroupsUser.delete_all(['user_id = ? AND group_id = ?', user.id, self.id])
end
Expand Down
4 changes: 4 additions & 0 deletions src/api/app/policies/group_policy.rb
View file
@@ -1,4 +1,8 @@
class GroupPolicy < ApplicationPolicy
def index?
create?
end

def create?
# Only admins can create new groups atm
@user.is_admin?
Expand Down
2 changes: 1 addition & 1 deletion src/api/app/views/shared/_involved_users.html.erb
View file
Expand Up @@ -76,7 +76,7 @@
<tbody>
<% @groups.each do |group| %>
<tr>
<td><%= link_to(group.title, :controller => 'groups', :action => 'show', id: group.title) %></td>
<td><%= link_to(group.title, :controller => 'groups', :action => 'show', title: group.title) %></td>
<% @roles.each do |role| %>
<%= content_tag(:td, data: { group: group, role: role.title, type: 'group' }) do %>
<% if @package %>
Expand Down
8 changes: 4 additions & 4 deletions src/api/app/views/webui/groups/edit.html.erb
View file
@@ -1,12 +1,12 @@
<% @pagetitle = "Edit User Data" %>

<h2>Edit Group <%= @displayed_group.title %></h2>
<h2>Edit Group <%= @group.title %></h2>

<%= form_tag({:action => 'save'}, {:id => 'group_add_form'}) do %>
<%= form_tag({:action => 'update'}, {:id => 'group_add_form'}) do %>
<p>
<input id="name" name="name" type="hidden" value="<%= @displayed_group.title %>" />
<input id="title" name="title" type="hidden" value="<%= @group.title %>" />
<%= label_tag :members, 'Members:' %><br/>
<input type="text" id="members" name="members" style="display: none;" />
<input type="text" id="members" name="group[members]" style="display: none;" />
<%= submit_tag 'Save' %>
</p>
<% end %>
Expand Down
4 changes: 2 additions & 2 deletions src/api/app/views/webui/groups/index.html.erb
View file
Expand Up @@ -20,14 +20,14 @@
<tbody>
<% @groups.each do |group| %>
<tr id="group-<%= valid_xml_id(group.title) %>">
<td><%= link_to(group.title, {:controller => 'groups', :action => 'show', id: group.title}, {id: group.title}) %></td>
<td><%= link_to(group.title, { :controller => 'groups', :action => 'show', title: group.title }, { id: group.title }) %></td>
<td class='users'>
<% group.groups_users.each_with_index do |member, index| %>
<%= link_to(member.user, user_show_path(member.user)) %><%= ', ' if index < group.groups_users.size - 1 %>
<% end %>
</td>
<td class="nowrap">
<%= link_to(sprited_text('accessories-text-editor', 'Edit Group'), :controller => 'groups', :action => 'edit', :group => group.title) %>
<%= link_to(sprited_text('accessories-text-editor', 'Edit Group'), {:controller => 'groups', :action => 'edit', title: group.title}) %>
</td>
</tr>
<% end %>
Expand Down
10 changes: 5 additions & 5 deletions src/api/app/views/webui/groups/new.html.erb
View file
@@ -1,15 +1,15 @@
<% @pagetitle = "Add Group" %>

<h2>Add group <%= params['group'] %></h2>
<h2>Add Group</h2>

<%= form_tag({:action => 'save'}, {:id => 'group_add_form'}) do %>
<%= form_tag({:action => 'create'}, {:id => 'group_add_form'}) do %>
<p>
<%= label_tag :name, 'Name:' %><br/>
<%= text_field_tag :name, nil, :placeholder => 'Name' %><br/>
<%= label_tag 'group[title]', 'Title:' %><br/>
<%= text_field_tag 'group[title]', nil, :placeholder => 'Title' %><br/>
</p>
<p>
<%= label_tag :members, 'Members:' %><br/>
<input type="text" id="members" name="members" style="display: none;" />
<input type="text" id="members" name="group[members]" style="display: none;" />
<%= submit_tag 'Save' %>
</p>
<% end %>
Expand Down
2 changes: 1 addition & 1 deletion src/api/app/views/webui/home/index.html.erb
View file
Expand Up @@ -29,7 +29,7 @@
<p>Member of the group</p>
<ul>
<% gs.each do |group| %>
<li><%= link_to(group, :controller => 'groups', :action => 'show', id: group) %></li>
<li><%= link_to(group, :controller => 'groups', :action => 'show', title: group) %></li>
<% end %>
</ul>
<% end %>
Expand Down
2 changes: 1 addition & 1 deletion src/api/app/views/webui/request/_reviewer.html.erb
View file
Expand Up @@ -4,7 +4,7 @@
<% if review[:by_user] %>
<%= user_with_realname_and_icon review[:by_user], short: true, no_link: no_link, no_icon: no_icon %>
<% elsif review[:by_group] %>
<%= link_to_if(!no_link, review[:by_group], :controller => 'groups', :action => 'show', id: review[:by_group]) %>
<%= link_to_if(!no_link, review[:by_group], :controller => 'groups', :action => 'show', title: review[:by_group]) %>
<% elsif review[:by_project] %>
<% if review[:by_package] %>
<%= link_to_if(!no_link, "#{review[:by_project]} / #{review[:by_package]}", :controller => 'package', :action => 'users', :project => review[:by_project], :package => review[:by_package]) %>
Expand Down
2 changes: 1 addition & 1 deletion src/api/app/views/webui/user/show.html.erb
View file
Expand Up @@ -29,7 +29,7 @@
<p>Member of the group</p>
<ul>
<% gs.each do |group| %>
<li><%= link_to(group, :controller => 'groups', :action => 'show', id: group) %></li>
<li><%= link_to(group, :controller => 'groups', :action => 'show', title: group) %></li>
<% end %>
</ul>
<% end %>
Expand Down
7 changes: 4 additions & 3 deletions src/api/config/routes.rb
View file
Expand Up @@ -318,12 +318,13 @@ def self.matches?(request)

controller 'webui/groups' do
get 'groups' => :index
get 'group/show/:id' => :show, constraints: {:id => /[^\/]*/}, as: 'group_show'
get 'group/show/:title' => :show, constraints: {:title => /[^\/]*/}, as: 'group_show'
get 'group/new' => :new
post 'group/save' => :save
post 'group/create' => :create
get 'group/edit/title' => :edit, constraints: {:title => /[^\/]*/}
post 'group/update' => :update
get 'group/autocomplete' => :autocomplete
get 'group/tokens' => :tokens
get 'group/edit' => :edit
end

namespace :webui do
Expand Down

0 comments on commit 78f612e

Please sign in to comment.