25579460050

# frozen_string_literal: true

# UsersController
class UsersController < ApplicationController
  include ApplicationHelper
  include SoftwareRecordsHelper
  before_action :retrieve_user, only: %i[show edit update destroy user_status]
  before_action :authenticate_user!
  before_action :navigation, except: %i[edit update]
  before_action :ensure_self_or_admin, only: %i[edit update]
  access root_admin: :all,
         manager: %i[edit update], owner: %i[edit update], viewer: %i[edit update], user: %i[edit update],
         message: 'Permission Denied ! <br/> Please contact the administrator for more info.'
  helper_method :sort_column, :sort_direction

  def index
    @users = User.order("#{sort_column} #{sort_direction}")
    @active = 'users'
    $page_title = 'Manage Users | UCL Application Portfolio'
  end

  def edit
    $page_title = 'Edit Users | UCL Application Portfolio'
    @safe_return_to = safe_return_to_path
    render :edit
  end

  def update
    $page_title = 'Edit Users | UCL Application Portfolio'
    if current_user.role.to_s == 'root_admin'
      @user.first_name = params[:first_name]
      @user.last_name = params[:last_name]
      @user.email = params[:email]
      @user.roles = params[:roles]
      @user.active = params[:active]
    end

    @user.title = params[:title]
    @user.department = params[:department]

    if !@user.changed?
      redirect_to redirect_target_after_update, notice: 'No changes were made.'
    elsif @user.save
      redirect_to redirect_target_after_update, notice: 'User was successfully updated.'
    else
      render :edit
    end
  end

  def show
    $page_title = "#{@user.first_name} #{@user.last_name} | UCL Application Portfolio"
    render :show
  end

  def retrieve_user
    @user = User.find(params[:id])
    @controller = params[:controller]
  end

  def user_status
    if @user.active.to_s == 'true'
      @user.active = false
      @user.save
      redirect_to users_show_path(params[:id]), notice: 'User was successfully de-activated.'
    else
      @user.active = true
      @user.save
      redirect_to users_show_path(params[:id]), notice: 'User was successfully activated.'
    end
  end

  def destroy
    if @user.destroy
      redirect_to session[:previous], notice: 'User was successfully deleted.'
    else
      render :index
    end
  end

  private

  def sort_column
    User.column_names.include?(params[:sort]) ? params[:sort] : 'first_name'
  end

  def sort_direction
    %w[asc desc].include?(params[:direction]) ? params[:direction] : 'asc'
  end

  def ensure_self_or_admin
    return if current_user.role.to_s == 'root_admin' || current_user.id == @user.id

    redirect_to dashboard_path, alert: 'Permission Denied ! <br/> Please contact the administrator for more info.'
  end

  def redirect_target_after_update
    return_to = safe_return_to_path
    return return_to if return_to.present?
    return myprofile_path if current_user.id == @user.id

    users_show_path(params[:id])
  end

  def safe_return_to_path
    url_from(params[:return_to])
  end
end

1	# frozen_string_literal: true
2
3	# UsersController
4	class UsersController < ApplicationController	2✔
5	include ApplicationHelper	2✔
6	include SoftwareRecordsHelper	2✔
7	before_action :retrieve_user, only: %i[show edit update destroy user_status]	2✔
8	before_action :authenticate_user!	2✔
9	before_action :navigation, except: %i[edit update]	2✔
10	before_action :ensure_self_or_admin, only: %i[edit update]	2✔
11	access root_admin: :all,	2✔
12	manager: %i[edit update], owner: %i[edit update], viewer: %i[edit update], user: %i[edit update],
13	message: 'Permission Denied ! <br/> Please contact the administrator for more info.'
14	helper_method :sort_column, :sort_direction	2✔
15
16	def index	2✔
17	@users = User.order("#{sort_column} #{sort_direction}")	4✔
18	@active = 'users'	4✔
19	$page_title = 'Manage Users \| UCL Application Portfolio'	4✔
20	end
21
22	def edit	2✔
23	$page_title = 'Edit Users \| UCL Application Portfolio'	2✔
24	@safe_return_to = safe_return_to_path	2✔
25	render :edit	2✔
26	end
27
28	def update	2✔
29	$page_title = 'Edit Users \| UCL Application Portfolio'	8✔
30	if current_user.role.to_s == 'root_admin'	8✔
31	@user.first_name = params[:first_name]	4✔
32	@user.last_name = params[:last_name]	4✔
33	@user.email = params[:email]	4✔
34	@user.roles = params[:roles]	4✔
35	@user.active = params[:active]	4✔
36	end
37
38	@user.title = params[:title]	8✔
39	@user.department = params[:department]	8✔
40
41	if !@user.changed?	8✔
42	redirect_to redirect_target_after_update, notice: 'No changes were made.'	2✔
43	elsif @user.save	6✔
44	redirect_to redirect_target_after_update, notice: 'User was successfully updated.'	6✔
45	else
46	render :edit	×
47	end
48	end
49
50	def show	2✔
51	$page_title = "#{@user.first_name} #{@user.last_name} \| UCL Application Portfolio"	2✔
52	render :show	2✔
53	end
54
55	def retrieve_user	2✔
56	@user = User.find(params[:id])	18✔
57	@controller = params[:controller]	18✔
58	end
59
60	def user_status	2✔
61	if @user.active.to_s == 'true'	4✔
62	@user.active = false	4✔
63	@user.save	4✔
64	redirect_to users_show_path(params[:id]), notice: 'User was successfully de-activated.'	4✔
65	else
66	@user.active = true	×
67	@user.save	×
68	redirect_to users_show_path(params[:id]), notice: 'User was successfully activated.'	×
69	end
70	end
71
72	def destroy	2✔
73	if @user.destroy	2✔
74	redirect_to session[:previous], notice: 'User was successfully deleted.'	2✔
75	else
76	render :index	×
77	end
78	end
79
80	private	2✔
81
82	def sort_column	2✔
83	User.column_names.include?(params[:sort]) ? params[:sort] : 'first_name'	8✔
84	end
85
86	def sort_direction	2✔
87	%w[asc desc].include?(params[:direction]) ? params[:direction] : 'asc'	8✔
88	end
89
90	def ensure_self_or_admin	2✔
91	return if current_user.role.to_s == 'root_admin' \|\| current_user.id == @user.id	10✔
92
NEW 93	redirect_to dashboard_path, alert: 'Permission Denied ! <br/> Please contact the administrator for more info.'	×
94	end
95
96	def redirect_target_after_update	2✔
97	return_to = safe_return_to_path	8✔
98	return return_to if return_to.present?	8✔
99	return myprofile_path if current_user.id == @user.id	6✔
100
101	users_show_path(params[:id])	2✔
102	end
103
104	def safe_return_to_path	2✔
105	url_from(params[:return_to])	10✔
106	end
107	end

uclibs / application_portfolio / 25579460050

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous