96 lines
3.6 KiB
Ruby
96 lines
3.6 KiB
Ruby
require_dependency 'carto/uuidhelper'
|
|
|
|
module OrganizationUsersHelper
|
|
include Carto::UUIDHelper
|
|
|
|
def load_organization
|
|
id_or_name = params[:id_or_name]
|
|
|
|
@organization = ::Organization.where(uuid?(id_or_name) ? { id: id_or_name } : { name: id_or_name }).first
|
|
|
|
unless @organization
|
|
render_jsonp({}, 401) # Not giving clues to guessers via 404
|
|
return false
|
|
end
|
|
end
|
|
|
|
def owners_only
|
|
unless current_viewer_is_owner?
|
|
render_jsonp({}, 401)
|
|
return false
|
|
end
|
|
end
|
|
|
|
def admins_only
|
|
unless @organization.admin?(current_viewer)
|
|
render_jsonp({}, 401)
|
|
false
|
|
end
|
|
end
|
|
|
|
def load_user
|
|
@user = ::User.where(username: params[:u_username], organization: @organization).first
|
|
|
|
if @user.nil?
|
|
render_jsonp("No user with username '#{params[:u_username]}' in '#{@organization.name}'", 404)
|
|
return false
|
|
end
|
|
end
|
|
|
|
def current_viewer_is_owner?
|
|
current_viewer.id == @organization.owner.id
|
|
end
|
|
|
|
# To help with strong params until Rails 4+
|
|
def permit(*permitted)
|
|
hardened_params = params.dup
|
|
|
|
hardened_params.keep_if { |k, _v| permitted.flatten.include?(k.to_sym) }
|
|
|
|
hardened_params.symbolize_keys
|
|
end
|
|
|
|
# This is not run at model validation flow because we might want to override this rules.
|
|
# owner parameter allows validation before actual value setting
|
|
def soft_limits_validation(user, params_to_update, owner = user.organization.owner)
|
|
errors = user.errors
|
|
|
|
soft_geocoding_limit = soft_param_to_boolean(params_to_update[:soft_geocoding_limit])
|
|
if user.soft_geocoding_limit != soft_geocoding_limit && soft_geocoding_limit && !owner.soft_geocoding_limit
|
|
errors.add(:soft_geocoding_limit, "Organization owner hasn't this soft limit")
|
|
end
|
|
soft_here_isolines_limit = soft_param_to_boolean(params_to_update[:soft_here_isolines_limit])
|
|
if user.soft_here_isolines_limit != soft_here_isolines_limit && soft_here_isolines_limit && !owner.soft_here_isolines_limit
|
|
errors.add(:soft_here_isolines_limit, "Organization owner hasn't this soft limit")
|
|
end
|
|
soft_obs_snapshot_limit = soft_param_to_boolean(params_to_update[:soft_obs_snapshot_limit])
|
|
if user.soft_obs_snapshot_limit != soft_obs_snapshot_limit && soft_obs_snapshot_limit && !owner.soft_obs_snapshot_limit
|
|
errors.add(:soft_obs_snapshot_limit, "Organization owner hasn't this soft limit")
|
|
end
|
|
soft_obs_general_limit = soft_param_to_boolean(params_to_update[:soft_obs_general_limit])
|
|
if user.soft_obs_general_limit != soft_obs_general_limit && soft_obs_general_limit && !owner.soft_obs_general_limit
|
|
errors.add(:soft_obs_general_limit, "Organization owner hasn't this soft limit")
|
|
end
|
|
soft_twitter_datasource_limit = soft_param_to_boolean(params_to_update[:soft_twitter_datasource_limit])
|
|
if user.soft_twitter_datasource_limit != soft_twitter_datasource_limit && soft_twitter_datasource_limit && !owner.soft_twitter_datasource_limit
|
|
errors.add(:soft_twitter_datasource_limit, "Organization owner hasn't this soft limit")
|
|
end
|
|
soft_mapzen_routing_limit = soft_param_to_boolean(params_to_update[:soft_mapzen_routing_limit])
|
|
if user.soft_mapzen_routing_limit != soft_mapzen_routing_limit && soft_mapzen_routing_limit && !owner.soft_mapzen_routing_limit
|
|
errors.add(:soft_mapzen_routing_limit, "Organization owner hasn't this soft limit")
|
|
end
|
|
|
|
errors.empty?
|
|
end
|
|
|
|
def soft_param_to_boolean(value)
|
|
value == 'true' || value == '1' || value == true
|
|
end
|
|
|
|
def ensure_edit_permissions
|
|
unless @user.editable_by?(current_viewer)
|
|
render_jsonp({ errors: ['You do not have permissions to edit that user'] }, 401)
|
|
end
|
|
end
|
|
end
|