cartodb-4.42/app/controllers/carto/api/groups_controller.rb

require_relative 'paged_searcher'
require_dependency 'cartodb/errors'

module Carto
  module Api

    class GroupsController < ::Api::ApplicationController
      include PagedSearcher

      ssl_required :index, :show, :create, :update, :destroy, :add_users, :remove_users

      before_filter :load_fetching_options, only: [:show, :index]
      before_filter :load_organization
      before_filter :load_user
      before_filter :validate_organization_or_user_loaded
      before_filter :load_group, only: [:show, :update, :destroy, :add_users, :remove_users]
      before_filter :org_admin_only, only: [:create, :update, :destroy, :add_users, :remove_users]
      before_filter :org_users_only, only: [:show, :index]
      before_filter :load_organization_users, only: [:add_users, :remove_users]
      before_filter :valid_password_confirmation, only: [:destroy, :add_users, :remove_users]

      rescue_from Carto::ParamInvalidError, with: :rescue_from_carto_error
      rescue_from Carto::PasswordConfirmationError, with: :rescue_from_password_confirmation_error

      VALID_ORDER_PARAMS = [:id, :name, :display_name, :organization_id, :updated_at].freeze

      def index
        page, per_page, order, _order_direction = page_per_page_order_params(VALID_ORDER_PARAMS)

        groups = @user ? @user.groups : @organization.groups
        groups = groups.where('name ilike ?', "%#{params[:q]}%") if params[:q]
        total_entries = groups.count

        groups = Carto::PagedModel.paged_association(groups, page, per_page, order)

        render_jsonp({
          groups: groups.map { |g| Carto::Api::GroupPresenter.new(g, @fetching_options).to_poro },
          total_entries: total_entries
        }, 200)
      end

      def show
        render_jsonp(Carto::Api::GroupPresenter.new(@group, @fetching_options).to_poro, 200)
      end

      def create
        @group = @organization.create_group(params['display_name'])
        render_jsonp(Carto::Api::GroupPresenter.full(@group).to_poro, 200)
      rescue CartoDB::ModelAlreadyExistsError => e
        render json: { errors: ["A group with that name already exists"] }, status: 409
      rescue ActiveRecord::StatementInvalid => e
        handle_statement_invalid_error(e, @group)
      rescue StandardError => e
        log_error(exception: e)
        render json: { errors: [e.message] }, status: 500
      end

      def update
        @group.rename_group_with_extension(params['display_name'])
        render_jsonp(Carto::Api::GroupPresenter.full(@group).to_poro, 200)
      rescue CartoDB::ModelAlreadyExistsError => e
        render json: { errors: ["A group with that name already exists"] }, status: 409
      rescue ActiveRecord::StatementInvalid => e
        handle_statement_invalid_error(e, @group)
      rescue StandardError => e
        log_error(exception: e)
        render json: { errors: [e.message] }, status: 500
      end

      def destroy
        @group.destroy_group_with_extension
        render json: {}, status: 204
      rescue ActiveRecord::StatementInvalid => e
        handle_statement_invalid_error(e, @group)
      rescue StandardError => e
        log_error(exception: e)
        render json: { errors: [e.message] }, status: 500
      end

      def add_users
        @group.add_users_with_extension(@organization_users)
        render json: {}, status: 200
      rescue ActiveRecord::StatementInvalid => e
        handle_statement_invalid_error(e, @group)
      rescue StandardError => e
        log_error(exception: e)
        render json: { errors: [e.message] }, status: 500
      end

      def remove_users
        @group.remove_users_with_extension(@organization_users)
        render json: {}, status: 200
      rescue ActiveRecord::StatementInvalid => e
        handle_statement_invalid_error(e, @group)
      rescue StandardError => e
        log_error(exception: e)
        render json: { errors: [e.message] }, status: 500
      end

      private

      def load_fetching_options
        @fetching_options = {
          fetch_shared_tables_count: params[:fetch_shared_tables_count] == 'true',
          fetch_shared_maps_count: params[:fetch_shared_maps_count] == 'true',
          fetch_users: params[:fetch_users] == 'true'
        }
      end

      def load_organization
        return unless params['organization_id'].present?
        @organization = Carto::Organization.where(id: params['organization_id']).first
        render json: { errors: ["Org. #{params['organization_id']} not found"] }, status: 404 unless @organization
      end

      def load_user
        return unless params['user_id'].present?

        @user = Carto::User.where(id: params['user_id']).first
        render json: { errors: ["User #{params['user_id']} not found"] }, status: 404 unless @user

        if @organization.nil?
          @organization = @user.organization
        elsif @user.organization_id != @organization.id
          render json: { errors: ["You can't get other organization users"] }, status: 501
        end

        unless @user.id == current_user.id || current_user.organization_admin?
          render json: { errors: ["You can't get other users groups"] }, status: 501
        end
      end

      def validate_organization_or_user_loaded
        render json: { errors: ["You must set user_id or organization_id"] }, status: 404 unless @organization || @user
      end

      def org_users_only
        unless @organization.id == current_user.organization_id
          render json: { errors: ["Not organization user"] }, status: 400
        end
      end

      def org_admin_only
        unless @organization.admin?(current_user)
          render json: { errors: ["Not org. admin"] }, status: 400
        end
      end

      def load_group
        @group = @organization.groups.where(id: params['group_id']).first
        render json: { errors: ["Group #{params['group_id']} not found"] }, status: 404 unless @group
      end

      def load_organization_users
        ids = params['users'].present? ? params['users'] : [ params['user_id'] ]
        @organization_users = ids.map { |id| @organization.users.where(id: id).first }
        render json: { errors: ["Users #{ids} not found"] }, status: 404 if @organization_users.empty?
      end

      def handle_statement_invalid_error(e, group)
        err_regexp = /ERROR:  (.*)\n/
        if e.message =~ err_regexp
          render json: { errors: [err_regexp.match(e.message)[1]] }, status: 422
        else
          log_error(exception: e)
          render json: { errors: [e.message] }, status: 500
        end
      end

      def rescue_from_password_confirmation_error(error)
        log_rescue_from(__method__, error)

        render_jsonp({ message: "Error modifying groups", errors: [error.message] }, 403)
      end

      def log_context
        super.merge(params: params, group: @group, organization: @organization)
      end
    end
  end
end
first commit 2024-04-06 13:25:13 +08:00			`require_relative 'paged_searcher'`
			`require_dependency 'cartodb/errors'`

			`module Carto`
			`module Api`

			`class GroupsController < ::Api::ApplicationController`
			`include PagedSearcher`

			`ssl_required :index, :show, :create, :update, :destroy, :add_users, :remove_users`

			`before_filter :load_fetching_options, only: [:show, :index]`
			`before_filter :load_organization`
			`before_filter :load_user`
			`before_filter :validate_organization_or_user_loaded`
			`before_filter :load_group, only: [:show, :update, :destroy, :add_users, :remove_users]`
			`before_filter :org_admin_only, only: [:create, :update, :destroy, :add_users, :remove_users]`
			`before_filter :org_users_only, only: [:show, :index]`
			`before_filter :load_organization_users, only: [:add_users, :remove_users]`
			`before_filter :valid_password_confirmation, only: [:destroy, :add_users, :remove_users]`

			`rescue_from Carto::ParamInvalidError, with: :rescue_from_carto_error`
			`rescue_from Carto::PasswordConfirmationError, with: :rescue_from_password_confirmation_error`

			`VALID_ORDER_PARAMS = [:id, :name, :display_name, :organization_id, :updated_at].freeze`

			`def index`
			`page, per_page, order, _order_direction = page_per_page_order_params(VALID_ORDER_PARAMS)`

			`groups = @user ? @user.groups : @organization.groups`
			`groups = groups.where('name ilike ?', "%#{params[:q]}%") if params[:q]`
			`total_entries = groups.count`

			`groups = Carto::PagedModel.paged_association(groups, page, per_page, order)`

			`render_jsonp({`
			`groups: groups.map { \|g\| Carto::Api::GroupPresenter.new(g, @fetching_options).to_poro },`
			`total_entries: total_entries`
			`}, 200)`
			`end`

			`def show`
			`render_jsonp(Carto::Api::GroupPresenter.new(@group, @fetching_options).to_poro, 200)`
			`end`

			`def create`
			`@group = @organization.create_group(params['display_name'])`
			`render_jsonp(Carto::Api::GroupPresenter.full(@group).to_poro, 200)`
			`rescue CartoDB::ModelAlreadyExistsError => e`
			`render json: { errors: ["A group with that name already exists"] }, status: 409`
			`rescue ActiveRecord::StatementInvalid => e`
			`handle_statement_invalid_error(e, @group)`
			`rescue StandardError => e`
			`log_error(exception: e)`
			`render json: { errors: [e.message] }, status: 500`
			`end`

			`def update`
			`@group.rename_group_with_extension(params['display_name'])`
			`render_jsonp(Carto::Api::GroupPresenter.full(@group).to_poro, 200)`
			`rescue CartoDB::ModelAlreadyExistsError => e`
			`render json: { errors: ["A group with that name already exists"] }, status: 409`
			`rescue ActiveRecord::StatementInvalid => e`
			`handle_statement_invalid_error(e, @group)`
			`rescue StandardError => e`
			`log_error(exception: e)`
			`render json: { errors: [e.message] }, status: 500`
			`end`

			`def destroy`
			`@group.destroy_group_with_extension`
			`render json: {}, status: 204`
			`rescue ActiveRecord::StatementInvalid => e`
			`handle_statement_invalid_error(e, @group)`
			`rescue StandardError => e`
			`log_error(exception: e)`
			`render json: { errors: [e.message] }, status: 500`
			`end`

			`def add_users`
			`@group.add_users_with_extension(@organization_users)`
			`render json: {}, status: 200`
			`rescue ActiveRecord::StatementInvalid => e`
			`handle_statement_invalid_error(e, @group)`
			`rescue StandardError => e`
			`log_error(exception: e)`
			`render json: { errors: [e.message] }, status: 500`
			`end`

			`def remove_users`
			`@group.remove_users_with_extension(@organization_users)`
			`render json: {}, status: 200`
			`rescue ActiveRecord::StatementInvalid => e`
			`handle_statement_invalid_error(e, @group)`
			`rescue StandardError => e`
			`log_error(exception: e)`
			`render json: { errors: [e.message] }, status: 500`
			`end`

			`private`

			`def load_fetching_options`
			`@fetching_options = {`
			`fetch_shared_tables_count: params[:fetch_shared_tables_count] == 'true',`
			`fetch_shared_maps_count: params[:fetch_shared_maps_count] == 'true',`
			`fetch_users: params[:fetch_users] == 'true'`
			`}`
			`end`

			`def load_organization`
			`return unless params['organization_id'].present?`
			`@organization = Carto::Organization.where(id: params['organization_id']).first`
			`render json: { errors: ["Org. #{params['organization_id']} not found"] }, status: 404 unless @organization`
			`end`

			`def load_user`
			`return unless params['user_id'].present?`

			`@user = Carto::User.where(id: params['user_id']).first`
			`render json: { errors: ["User #{params['user_id']} not found"] }, status: 404 unless @user`

			`if @organization.nil?`
			`@organization = @user.organization`
			`elsif @user.organization_id != @organization.id`
			`render json: { errors: ["You can't get other organization users"] }, status: 501`
			`end`

			`unless @user.id == current_user.id \|\| current_user.organization_admin?`
			`render json: { errors: ["You can't get other users groups"] }, status: 501`
			`end`
			`end`

			`def validate_organization_or_user_loaded`
			`render json: { errors: ["You must set user_id or organization_id"] }, status: 404 unless @organization \|\| @user`
			`end`

			`def org_users_only`
			`unless @organization.id == current_user.organization_id`
			`render json: { errors: ["Not organization user"] }, status: 400`
			`end`
			`end`

			`def org_admin_only`
			`unless @organization.admin?(current_user)`
			`render json: { errors: ["Not org. admin"] }, status: 400`
			`end`
			`end`

			`def load_group`
			`@group = @organization.groups.where(id: params['group_id']).first`
			`render json: { errors: ["Group #{params['group_id']} not found"] }, status: 404 unless @group`
			`end`

			`def load_organization_users`
			`ids = params['users'].present? ? params['users'] : [ params['user_id'] ]`
			`@organization_users = ids.map { \|id\| @organization.users.where(id: id).first }`
			`render json: { errors: ["Users #{ids} not found"] }, status: 404 if @organization_users.empty?`
			`end`

			`def handle_statement_invalid_error(e, group)`
			`err_regexp = /ERROR: (.*)\n/`
			`if e.message =~ err_regexp`
			`render json: { errors: [err_regexp.match(e.message)[1]] }, status: 422`
			`else`
			`log_error(exception: e)`
			`render json: { errors: [e.message] }, status: 500`
			`end`
			`end`

			`def rescue_from_password_confirmation_error(error)`
			`log_rescue_from(__method__, error)`

			`render_jsonp({ message: "Error modifying groups", errors: [error.message] }, 403)`
			`end`

			`def log_context`
			`super.merge(params: params, group: @group, organization: @organization)`
			`end`
			`end`
			`end`
			`end`