Class: Caboose::RolesController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• Caboose::RolesController

Defined in:

app/controllers/caboose/roles_controller.rb

Instance Method Summary

• #add_permission ⇒ Object

  POST /admin/roles/:id/permissions/:permission_id.

• #add_role_options(role, level) ⇒ Object
• #before_action ⇒ Object
• #create ⇒ Object

  POST /admin/roles.

• #destroy ⇒ Object

  DELETE /admin/roles/1.

• #edit ⇒ Object

  GET /admin/roles/1/edit.

• #index ⇒ Object

  GET /admin/roles.

• #new ⇒ Object

  GET /admin/roles/new.

• #options ⇒ Object

  GET /admin/roles/options.

• #remove_permission ⇒ Object

  DELETE /admin/roles/:id/permissions/:permission_id.

• #update ⇒ Object

  PUT /admin/roles/1.

Methods inherited from ApplicationController

#admin_add, #admin_bulk_add, #admin_bulk_delete, #admin_bulk_update, #admin_delete, #admin_edit, #admin_index, #admin_json, #admin_json_single, #admin_update, #before_before_action, #hashify_query_string, #init_cart, #logged_in?, #logged_in_user, #login_user, #logout_user, #parse_url_params, #reject_param, #user_is_allowed, #user_is_allowed_to, #validate_cookie, #validate_token, #var, #verify_logged_in

Instance Method Details

#add_permission ⇒ Object

POST /admin/roles/:id/permissions/:permission_id

# File 'app/controllers/caboose/roles_controller.rb', line 99

def add_permission
  return if !user_is_allowed('roles', 'edit')
  if !RolePermission.where(:role_id => params[:id], :permission_id => params[:permission_id], ).exists?
    RolePermission.create(:role_id => params[:id], :permission_id => params[:permission_id])
  end
  render :json => true
end

#add_role_options(role, level) ⇒ Object

# File 'app/controllers/caboose/roles_controller.rb', line 126

def add_role_options(role, level)
  arr = [{ 
    "value" => role.id, 
    "text" => (" - " * level) + role.name 
  }]
  role.children.each do |kid|
    arr += add_role_options(kid, level + 1)
  end
  return arr
end

#before_action ⇒ Object

# File 'app/controllers/caboose/roles_controller.rb', line 5

def before_action
  @page = Page.page_with_uri(request.host_with_port, '/admin')
end

#create ⇒ Object

POST /admin/roles

# File 'app/controllers/caboose/roles_controller.rb', line 31

def create
  return unless user_is_allowed('roles', 'add')
  
  resp = StdClass.new({
      'error' => nil,
      'redirect' => nil
  })
  
  role = Role.new()
  role.parent_id = params[:parent_id]
  role.name = params[:name]    
  role.save
  
  resp.redirect = "/admin/roles/#{role.id}/edit"
  render json: resp
end

#destroy ⇒ Object

DELETE /admin/roles/1

# File 'app/controllers/caboose/roles_controller.rb', line 91

def destroy
  return unless user_is_allowed('roles', 'delete')
  @role = Role.find(params[:id])
  @role.destroy
  render json: { 'redirect' => '/admin/roles' }
end

#edit ⇒ Object

GET /admin/roles/1/edit

# File 'app/controllers/caboose/roles_controller.rb', line 25

def edit
  return unless user_is_allowed('roles', 'edit')
  @role = Role.find(params[:id])
end

#index ⇒ Object

GET /admin/roles

# File 'app/controllers/caboose/roles_controller.rb', line 10

def index
  return unless user_is_allowed('roles', 'view')
  top_roles = Role.tree
  arr = []
  top_roles.each { |r| arr += add_role_options(r, 0) }
  @roles = arr        
end

#new ⇒ Object

GET /admin/roles/new

# File 'app/controllers/caboose/roles_controller.rb', line 19

def new
  return unless user_is_allowed('roles', 'add')
  @role = Role.new
end

#options ⇒ Object

GET /admin/roles/options

# File 'app/controllers/caboose/roles_controller.rb', line 115

def options
  return unless user_is_allowed('roles', 'view')
  @top_roles = Role.tree
  arr = [{ 
    "value" => -1, 
    "text" => 'Top Level'
  }]
  @top_roles.each { |r| arr += add_role_options(r, 1) }
  render json: arr.to_json    
end

#remove_permission ⇒ Object

DELETE /admin/roles/:id/permissions/:permission_id

# File 'app/controllers/caboose/roles_controller.rb', line 108

def remove_permission
  return if !user_is_allowed('roles', 'edit')
  RolePermission.where(:role_id => params[:id], :permission_id => params[:permission_id]).destroy_all        
  render :json => true
end

#update ⇒ Object

PUT /admin/roles/1

# File 'app/controllers/caboose/roles_controller.rb', line 49

def update
  return unless user_is_allowed('roles', 'edit')
  
  resp = StdClass.new     
  role = Role.find(params[:id])
  
  save = true
  params.each do |name,value|
    case name
	  	when "name"
	  	  role.name = value
	  	when "description"
	  	  role.description = value
	  	when "parent_id"
	  	  value = value.to_i
	  	  if role.id == value
	  	    resp.error = "You can't set the parent to be this role."
	  	    save = false
	  		elsif role.is_ancestor_of?(value)
	  		  resp.error = "You can't set the parent to be one of the child roles."
	  		  save = false
	  		else
	  		  role.parent_id = value
	  		  if value == -1
	  		    resp.attributes = { 'parent_id' => { 'text' => '[No parent]' }}
	  		  else
	  		    p = Role.find(value)
	  		    resp.attributes = { 'parent_id' => { 'text' => p.name }}
	  		  end
	  		end    	  		
	  	when "members"
	  	  value = [] if value.nil? || value.length == 0
	  	  role.users = value.collect { |uid| User.find(uid) }
	  	  resp.attributes = { 'members' => { 'text' => role.users.collect{ |u| "#{u.first_name} #{u.last_name}" }.join('<br />') }}
	  end
	end
	
	resp.success = save && role.save
	render json: resp
end