-
10
module Admin
-
10
class AdminController < ApplicationController
-
10
before_action :require_admin!, :set_admin_border
-
-
10
private
-
-
10
def require_admin!
-
18
else: 16
then: 2
unless Current.user.admin? || Current.impersonating?
-
2
render plain: "Admins only",
-
status: :forbidden
-
end
-
end
-
-
10
def set_admin_border
-
16
@admin_border = true
-
end
-
end
-
end
-
module Admin
-
class BandsController < AdminController
-
before_action :set_band, except: %i[
-
index
-
]
-
-
def index
-
@bands = Band.all
-
end
-
-
def show
-
end
-
-
def edit
-
end
-
-
def update
-
updated = @band.update(edit_band_params)
-
if updated
-
redirect_to edit_admin_band_path(@band), notice: "Band updated"
-
else
-
flash[:alert] = @band.errors.full_messages
-
render :edit, status: :unprocessable_entity
-
end
-
end
-
-
def destroy
-
@band.destroy!
-
redirect_to admin_bands_path, notice: "Band deleted."
-
end
-
-
private
-
-
def set_band
-
@band = Band.find(params[:id])
-
redirect_to admin_bands_path, alert: "Band not found" unless @band
-
end
-
-
def edit_band_params
-
params.require(:band).permit(
-
:name
-
)
-
end
-
end
-
end
-
5
module Admin
-
5
class ImpersonationController < AdminController
-
5
def create
-
3
target_user = User.find(params[:user_id])
-
3
session[:impersonation] = {
-
original_user_id: Current.user.id,
-
target_user_id: target_user.id,
-
started_at: Time.current.utc
-
}
-
-
3
redirect_to(events_path, notice: "Impersonating '#{target_user.username}'")
-
end
-
-
5
def destroy
-
2
else: 1
then: 1
return redirect_to(admin_users_path, alert: "No active impersonation session") unless session[:impersonation]
-
-
1
target_user = User.find(session[:impersonation]["target_user_id"])
-
1
original_user = User.find(session[:impersonation]["original_user_id"])
-
1
username = target_user.username
-
-
1
session[:user_id] = original_user.id
-
1
session.delete(:impersonation)
-
-
1
redirect_to(admin_users_path, notice: "Ended impersonation of #{username}")
-
end
-
end
-
end
-
10
module Admin
-
10
class UsersController < AdminController
-
10
before_action :set_user, except: %i[
-
index
-
]
-
-
10
def index
-
4
then: 2
else: 2
@user_type = params[:user_type]&.to_sym
-
-
4
then: 1
else: 3
if @user_type && !User.user_types[@user_type]
-
1
flash[:alert] = "Invalid user type"
-
1
redirect_to admin_users_path
-
end
-
-
4
@user_types = User.user_types.keys
-
-
@users =
-
4
then: 2
if @user_type
-
2
User.where(user_type: @user_type)
-
else: 2
else
-
2
User.all
-
end
-
end
-
-
10
def show
-
end
-
-
10
def edit
-
end
-
-
10
def update
-
3
updated = @user.update(edit_user_params)
-
2
then: 1
if updated
-
1
redirect_to edit_admin_user_path(@user), notice: "User updated"
-
else: 1
else
-
1
flash[:alert] = @user.errors.full_messages
-
1
render :edit, status: :unprocessable_entity
-
end
-
end
-
-
10
def destroy
-
1
@user.destroy!
-
1
redirect_to admin_users_path, notice: "User deleted."
-
end
-
-
10
private
-
-
10
def set_user
-
7
@user = User.find_by(username: params[:username])
-
7
else: 7
then: 0
redirect_to admin_users_path, alert: "User not found" unless @user
-
end
-
-
10
def edit_user_params
-
3
params.require(:user).permit(
-
:username,
-
:name,
-
:email,
-
:user_type,
-
:confirmed
-
)
-
end
-
end
-
end
-
# frozen_string_literal: true
-
-
16
class ApplicationController < ActionController::Base
-
16
prepend_before_action :set_current_user
-
16
before_action :require_login
-
16
helper_method :show_tabs, :nav_tabs, :my_pending_invites, :body_class, :set_current_user_by_session
-
-
16
def nav_tabs
-
478
else: 470
then: 8
return unless show_tabs
-
470
@nav_tabs ||= build_nav_tabs
-
end
-
-
16
def my_pending_invites
-
243
then: 235
else: 8
else: 97
then: 146
return unless Current.user&.member?
-
97
@my_pending_invites ||= Permission.where(user_id: Current.user.id, status: "pending")
-
end
-
-
16
def body_class
-
243
then: 7
else: 236
@admin_border ? "admin-background" : ""
-
end
-
-
16
def show_tabs
-
713
@show_tabs ||= Current.user.present?
-
end
-
-
16
private
-
-
16
def set_current_user
-
506
set_current_user_by_session(session)
-
end
-
-
16
def set_current_user_by_session(session)
-
507
then: 2
if session[:impersonation]
-
2
else: 505
handle_impersonation(session)
-
505
then: 334
elsif session[:user_id]
-
334
set_regular_user(session[:user_id])
-
else: 171
else
-
171
clear_current_user
-
end
-
end
-
-
16
def handle_impersonation(session)
-
2
impersonation = session[:impersonation]
-
original_user_id =
-
2
impersonation["original_user_id"] ||
-
impersonation[:original_user_id]
-
-
target_user_id =
-
2
impersonation["target_user_id"] ||
-
impersonation[:target_user_id]
-
-
started_at =
-
2
impersonation["started_at"] ||
-
impersonation[:started_at]
-
-
2
original_user = User.find_by(id: original_user_id)
-
2
target_user = User.find_by(id: target_user_id)
-
-
2
then: 2
if valid_impersonation?(original_user, target_user, started_at)
-
2
set_impersonated_user(original_user, target_user)
-
else: 0
else
-
end_impersonation(session)
-
end
-
end
-
-
16
def valid_impersonation?(original_user, target_user, started_at)
-
failure_reasons = {
-
2
then: 2
else: 0
original_not_admin: !original_user&.admin?,
-
no_target_user: !target_user,
-
missing_time: !started_at,
-
too_old: started_at && started_at.to_time < 12.hours.ago
-
8
}.select! { |k, v| !!v }.keys
-
-
2
then: 0
if failure_reasons.any?
-
then: 0
else: 0
if request
-
flash[:alert] = "Impersonation failed: #{failure_reasons.join(", ")}"
-
end
-
false
-
else: 2
else
-
2
true
-
end
-
end
-
-
16
def set_impersonated_user(original_user, target_user)
-
2
Current.user = target_user
-
2
Current.impersonator = original_user
-
end
-
-
16
def set_regular_user(user_id)
-
334
user = User.find_by(id: user_id)
-
334
then: 334
if user
-
334
Current.user = user
-
334
Current.impersonator = nil
-
else: 0
else
-
clear_current_user
-
end
-
end
-
-
16
def clear_current_user
-
171
Current.user = nil
-
171
Current.impersonator = nil
-
end
-
-
16
def end_impersonation(session)
-
session.delete(:impersonation)
-
set_regular_user(session[:user_id])
-
end
-
-
16
def require_login
-
506
then: 335
else: 171
then: 502
else: 4
return if Current.user&.confirmed? || allowed_path?
-
-
4
then: 0
if Current.user && !Current.user.confirmed?
-
handle_unconfirmed_user
-
else: 4
else
-
4
redirect_to_login
-
end
-
end
-
-
16
def allowed_path?
-
[
-
171
login_path,
-
logout_path,
-
register_path,
-
not_confirmed_path,
-
resend_confirmation_path,
-
confirm_registration_path,
-
confirm_registration_submit_path
-
].include?(request.path)
-
end
-
-
16
def handle_unconfirmed_user
-
else: 0
then: 0
unless [not_confirmed_path, resend_confirmation_path].include?(request.path)
-
flash[:alert] = "Your account is not confirmed"
-
redirect_to not_confirmed_path
-
end
-
end
-
-
16
def redirect_to_login
-
4
flash[:alert] = "You must be logged in"
-
4
redirect_to login_url
-
end
-
-
16
def build_nav_tabs
-
shares_name =
-
235
then: 138
else: 97
(Current.user.admin? || Current.user.organiser?) ? "Sharing" : "Shares"
-
[
-
235
{display_name: "Events", url: events_path},
-
{display_name: "Bands", url: bands_path},
-
{display_name: "Members", url: members_path},
-
{display_name: shares_name, url: permissions_path}
-
]
-
end
-
end
-
15
class BandsController < ApplicationController
-
15
include AccessPermissions
-
15
include EventsHelper
-
-
15
before_action :set_events, except: %i[index new create]
-
15
before_action :set_view, only: %i[show edit update confirm_destroy]
-
15
before_action :verify_organiser, only: %i[new create]
-
15
before_action :verify_organiser_or_admin, only: %i[confirm_destroy destroy]
-
-
15
def index
-
8
@bands = sort_bands(@bands, params[:sort])
-
-
8
bands_count = @bands.to_a.size
-
-
8
then: 1
if bands_count == 0
-
1
else: 7
redirect_to action: :new
-
7
then: 1
else: 6
elsif Current.user.member? && bands_count == 1
-
1
redirect_to @bands.first
-
end
-
end
-
-
15
def edit
-
end
-
-
15
def show
-
end
-
-
15
def confirm_destroy
-
@view = "overview"
-
end
-
-
15
def new
-
1
@band = Band.new
-
end
-
-
15
def create
-
2
@band = Band.new(band_params)
-
-
begin
-
2
Band.transaction do
-
2
@band.save!
-
2
Permission.create!(
-
item_type: "Band",
-
item_id: @band.id,
-
user_id: Current.user.id,
-
status: :owned,
-
permission_type: :edit
-
)
-
end
-
1
redirect_to @band, notice: "Band was successfully created"
-
rescue ActiveRecord::RecordInvalid
-
1
render :new, status: :unprocessable_entity
-
end
-
end
-
-
15
def update
-
2
then: 1
if @band.update(band_params)
-
1
redirect_to @band, notice: "Band was successfully updated."
-
else: 1
else
-
1
render :edit
-
end
-
end
-
-
15
def destroy
-
2
then: 1
if @band.destroy
-
1
redirect_to bands_url, notice: "Band deleted!"
-
else: 1
else
-
1
redirect_to @band, alert: @band.errors.full_messages.to_sentence
-
end
-
end
-
-
15
private
-
-
15
def set_events
-
7
@events = @band.events
-
7
.then { |rel| filter_by_period(rel, params[:period]) }
-
7
.then { |rel| sort_results(rel, params[:sort]) }
-
end
-
-
15
def set_view
-
5
@views = %w[overview events shares]
-
5
@views_subtitles = [nil, "(#{@band.events.count})", nil]
-
@view =
-
5
then: 0
@views.include?(params["view"]) ?
-
else: 5
params["view"] :
-
"overview"
-
end
-
-
15
def verify_organiser
-
4
else: 3
then: 1
redirect_to bands_url unless Current.user.organiser?
-
end
-
-
15
def verify_organiser_or_admin
-
2
else: 2
then: 0
redirect_to bands_url unless Current.user.organiser? || Current.user.admin?
-
end
-
-
15
def sort_bands(bands, sort_param)
-
8
then: 4
else: 4
sort_by, sort_order = sort_param&.split
-
8
then: 3
if sort_by.present? && Band.column_names.include?(sort_by)
-
3
then: 2
else: 1
bands.order(sort_by => ((sort_order == "DESC") ? :desc : :asc))
-
else: 5
else
-
5
bands.order(name: :asc)
-
end
-
end
-
-
15
def band_params
-
4
params.require(:band).permit(:name, :description, member_ids: [])
-
end
-
end
-
16
module AccessPermissions
-
16
extend ActiveSupport::Concern
-
-
16
included do
-
42
before_action :get_resources
-
42
before_action :set_resource, except: %i[index new create]
-
42
before_action :deny_read_only, only: %i[edit update destroy]
-
end
-
-
16
private
-
-
16
def get_resources
-
230
resource_class = controller_name.classify.constantize
-
@resources =
-
230
then: 19
Current.user.admin? ?
-
else: 211
resource_class.all :
-
Current.user.send(controller_name)
-
230
instance_variable_set(:"@#{controller_name}", @resources)
-
end
-
-
16
def set_resource
-
33
@resource = @resources.find(params[:id])
-
30
@read_only = @resource.permission_type != "edit"
-
30
instance_variable_set(:"@#{controller_name.singularize}", @resource)
-
end
-
-
16
def deny_read_only
-
26
then: 5
else: 21
raise ActiveRecord::RecordNotFound if @read_only
-
end
-
end
-
16
class EventsController < ApplicationController
-
16
include AccessPermissions
-
16
include EventsHelper
-
-
16
before_action :set_bands, only: %i[new edit create update]
-
16
before_action :set_view, only: %i[show edit update]
-
-
16
def index
-
173
@events = @events
-
173
.then { |rel| filter_by_period(rel, params[:period]) }
-
173
.then { |rel| filter_by_band(rel, params[:band_id]) }
-
173
.then { |rel| sort_results(rel, params[:sort]) }
-
end
-
-
16
def new
-
3
@event = Event.new
-
-
3
param_band_id = Integer(params[:band_id], exception: false)
-
3
else: 1
then: 2
param_band_id = nil unless @bands.collect(&:id).include?(param_band_id)
-
3
then: 1
else: 2
@event.band_ids = [param_band_id] if param_band_id
-
end
-
-
16
def show
-
end
-
-
16
def edit
-
end
-
-
16
def create
-
5
@event = Event.new(event_params)
-
-
4
then: 3
if @event.save
-
3
create_owner_permission(@event)
-
3
redirect_to @event, notice: "Event was successfully created"
-
else: 1
else
-
1
render :new, status: :unprocessable_entity
-
end
-
end
-
-
16
def update
-
10
then: 8
if @event.update(event_params)
-
8
redirect_to @event, notice: "Event was successfully updated."
-
else: 1
else
-
1
render :edit, status: :unprocessable_entity
-
end
-
end
-
-
16
def destroy
-
2
@event.destroy!
-
1
redirect_to events_url, notice: "Event was successfully destroyed."
-
rescue ActiveRecord::RecordNotDestroyed
-
1
redirect_to @event, alert: @event.errors.full_messages.to_sentence
-
end
-
-
16
private
-
-
16
def set_bands
-
18
@bands = Current.user.bands
-
end
-
-
16
def set_view
-
11
@views = %w[overview bands shares]
-
11
@views_subtitles = [nil, "(#{@event.bands.count})", nil]
-
@view =
-
11
then: 0
@views.include?(params["view"]) ?
-
else: 11
params["view"] :
-
"overview"
-
end
-
-
16
def event_params
-
15
permitted = params.require(:event).permit(
-
:name,
-
:description,
-
:start_date,
-
:end_date,
-
band_ids: []
-
)
-
-
15
permitted_band_ids = @bands.pluck(:id)
-
-
15
permitted.tap do |params|
-
15
params[:band_ids] = params[:band_ids].to_a.compact_blank.map(&:to_i)
-
15
invalid_bands = params[:band_ids] - permitted_band_ids
-
15
then: 1
else: 14
if invalid_bands.any?
-
1
raise ArgumentError, "Invalid band_ids: #{invalid_bands}"
-
end
-
end
-
end
-
-
16
def create_owner_permission(event)
-
3
event.permissions.create!(
-
user: Current.user,
-
status: :owned,
-
permission_type: :edit
-
)
-
end
-
end
-
12
class LinkedDevicesController < ApplicationController
-
12
before_action :set_linked_device, only: [:show, :edit, :update, :destroy, :revoke]
-
12
before_action :set_linkables, only: [:new, :edit, :create, :update]
-
12
before_action :set_view, only: [:show]
-
-
12
def index
-
7
@linked_devices = Current.user.linked_devices
-
.includes(:linked_device_linkables)
-
7
.then { |rel| filter_by_status(rel, params[:status]) }
-
7
.then { |rel| filter_by_type(rel, params[:device_type]) }
-
7
.then { |rel| sort_results(rel, params[:sort]) }
-
end
-
-
12
def show
-
end
-
-
12
def new
-
1
@linked_device = LinkedDevice.new
-
-
# Set default linkable if provided in params
-
1
then: 0
else: 1
if params[:linkable_type].present? && params[:linkable_id].present?
-
type = params[:linkable_type]
-
id = params[:linkable_id]
-
-
then: 0
else: 0
if %w[Event Band Member].include?(type)
-
@linked_device.linkable_type = type
-
@linked_device.linkable_id = id
-
end
-
end
-
end
-
-
12
def edit
-
end
-
-
12
def create
-
2
@linked_device = Current.user.linked_devices.new(linked_device_params)
-
-
2
then: 2
if @linked_device.save
-
2
redirect_to @linked_device, notice: "Device successfully linked."
-
else: 0
else
-
render :new, status: :unprocessable_entity
-
end
-
end
-
-
12
def update
-
2
then: 2
if @linked_device.update(linked_device_params)
-
2
redirect_to @linked_device, notice: "Device successfully updated."
-
else: 0
else
-
render :edit, status: :unprocessable_entity
-
end
-
end
-
-
12
def destroy
-
2
then: 1
else: 1
if @linked_device.accessed?
-
1
redirect_to(
-
@linked_device,
-
alert: "Cannot delete a device that has been accessed. Please revoke instead."
-
)
-
1
return
-
end
-
-
1
@linked_device.destroy!
-
1
redirect_to linked_devices_url, notice: "Device successfully removed."
-
rescue ActiveRecord::RecordNotDestroyed
-
redirect_to(
-
@linked_device,
-
alert: @linked_device.errors.full_messages.to_sentence
-
)
-
end
-
-
12
def revoke
-
# For revocation, we don't need to validate access permissions
-
1
then: 1
else: 0
@linked_device.skip_access_validation! if Rails.env.test?
-
1
@linked_device.revoke!
-
1
redirect_to @linked_device, notice: "Device successfully revoked."
-
end
-
-
12
private
-
-
12
def set_linked_device
-
7
@linked_device = Current.user.linked_devices.find(params[:id])
-
end
-
-
12
def set_linkables
-
6
@events = Current.user.events
-
6
@bands = Current.user.bands
-
6
@members = Current.user.members
-
end
-
-
12
def set_view
-
1
@views = %w[overview]
-
1
@view = "overview"
-
end
-
-
12
def linked_device_params
-
4
params.require(:linked_device).permit(
-
:name,
-
:device_type,
-
event_ids: [],
-
band_ids: [],
-
member_ids: []
-
)
-
end
-
-
12
def filter_by_status(relation, status)
-
7
then: 1
else: 6
return relation.active if status == "active"
-
6
then: 1
else: 5
return relation.revoked if status == "revoked"
-
5
relation
-
end
-
-
12
def filter_by_type(relation, type)
-
7
then: 2
else: 5
LinkedDevice.device_types.key?(type) ? relation.where(device_type: type) : relation
-
end
-
-
12
def sort_results(relation, sort)
-
sort_mapping = {
-
7
"name" => {name: :asc},
-
"name desc" => {name: :desc},
-
"created" => {created_at: :asc},
-
"created desc" => {created_at: :desc},
-
"modified" => {updated_at: :asc},
-
"modified desc" => {updated_at: :desc},
-
"last_accessed" => {last_accessed_at: :asc},
-
"last_accessed desc" => {last_accessed_at: :desc}
-
}
-
-
7
relation.order(sort_mapping[sort] || {created_at: :desc})
-
end
-
end
-
11
class MembersController < ApplicationController
-
11
include AccessPermissions
-
11
include EventsHelper
-
-
11
before_action :set_member_events, only: :show
-
11
before_action :set_view, only: :show
-
-
11
def index
-
# Get skills for the current set of members
-
@skills =
-
1
Skill.joins(:members)
-
.where(members: {id: @members.pluck(:id)})
-
.distinct
-
.order(:name)
-
-
# Filter members by skill if skill_id parameter is present
-
1
then: 0
else: 1
if params[:skill_id].present?
-
@skill = Skill.find(params[:skill_id])
-
@members =
-
@members
-
.joins(:skills)
-
.where(skills: {id: params[:skill_id]})
-
end
-
end
-
-
11
def edit
-
end
-
-
11
def show
-
end
-
-
11
def new
-
1
@member = Member.new
-
end
-
-
11
def create
-
2
@member = Member.new(member_params)
-
2
else: 1
then: 1
return render :new, status: :unprocessable_entity unless @member.save
-
-
1
@permission = Permission.create(
-
item_type: "Member",
-
item_id: @member.id,
-
user: Current.user,
-
status: :owned,
-
permission_type: "edit"
-
)
-
1
else: 1
then: 0
return render :new, status: :unprocessable_entity unless @permission.save
-
-
1
redirect_to @member, notice: "Member was successfully created."
-
end
-
-
11
def update
-
2
Member.transaction do
-
2
@member.assign_attributes(member_params)
-
2
then: 1
if @member.save
-
1
redirect_to @member, notice: "Member was successfully updated."
-
else: 1
else
-
1
logger.warn "members/update error: #{@member.errors.full_messages}"
-
1
render :edit, status: :unprocessable_entity
-
end
-
end
-
rescue ActiveRecord::RecordInvalid => e
-
logger.warn "members/update transaction error: #{e.message}"
-
render :edit, status: :unprocessable_entity
-
end
-
-
11
def destroy
-
1
@member.destroy!
-
1
redirect_to members_url, notice: "Member was successfully destroyed."
-
end
-
-
11
private
-
-
11
def member_params
-
4
params.require(:member).permit(
-
:name, :description, :skills_list, band_ids: []
-
)
-
end
-
-
11
def set_view
-
1
@views = %w[overview events]
-
1
@views_subtitles = [nil, "(#{@events.count})"]
-
@view =
-
1
then: 0
@views.include?(params["view"]) ?
-
else: 1
params["view"] :
-
"overview"
-
end
-
-
11
def set_member_events
-
1
@events = @member.events
-
1
.then { |rel| filter_by_period(rel, params[:period]) }
-
1
.then { |rel| sort_results(rel, params[:sort]) }
-
end
-
end
-
15
class PermissionsController < ApplicationController
-
15
include PermissionsHelper
-
-
15
before_action :set_permission, only: [:update, :destroy]
-
15
before_action :organiser_only, only: [:new, :create]
-
15
before_action :invitee_and_pending_only, only: [:update]
-
15
before_action :bestower_and_admin_only, only: [:destroy]
-
15
before_action :set_form_options, only: [:new, :create]
-
-
15
def index
-
8
then: 1
else: 7
@permissions = Current.user.admin? ? Permission.all : Permission.for_user(Current.user)
-
8
@permissions = sort_permissions(@permissions, params[:direct_sort])
-
-
8
@other_items = fetch_effective_permissions
-
# Default to name sorting if not specified
-
8
effective_sort = params[:effective_sort].presence || "name asc"
-
8
@other_items = sort_effective_items(@other_items, effective_sort)
-
-
8
respond_to do |format|
-
8
format.html
-
8
format.json { render json: {permissions: @permissions, effective: @other_items} }
-
end
-
end
-
-
15
def new
-
1
@permission = Permission.new
-
-
1
then: 0
else: 1
if params[:item_type].present? && params[:item_id].present?
-
@preselected_item = "#{params[:item_type].capitalize}_#{params[:item_id]}"
-
end
-
-
1
@no_users_available = potential_users.empty?
-
end
-
-
15
def create
-
7
params = permission_create_params
-
7
item_param = params.delete(:item)
-
-
7
@permission = Permission.new(params)
-
7
@permission.bestowing_user = Current.user
-
7
@permission.status = "pending"
-
7
@permission.item_type, @permission.item_id = item_param.split("_")
-
7
then: 6
else: 1
@permission.item_type&.capitalize!
-
-
7
else: 3
then: 2
return render :new, status: :unprocessable_entity unless @permission.save
-
-
3
redirect_to permissions_path, notice: "Invitation created"
-
end
-
-
15
def update
-
6
status = permission_update_params[:status]
-
-
6
then: 5
if @permission.update(status: status)
-
5
then: 4
if status == "accepted"
-
4
redirect_to @permission.item_path, notice: "Invitation accepted"
-
else: 1
else
-
1
redirect_to permissions_path, alert: "Invitation rejected"
-
end
-
else: 0
else
-
render plain: "Not updated", status: :bad_request
-
end
-
end
-
-
15
def destroy
-
2
@permission.destroy!
-
2
redirect_to root_path, notice: "Invitation deleted"
-
end
-
-
15
private
-
-
15
def sort_permissions(permissions, sort_param)
-
8
then: 8
else: 0
return permissions.order(created_at: :desc) if sort_param.blank?
-
-
column, direction = sort_param.split
-
then: 0
else: 0
then: 0
else: 0
direction_sym = (direction&.downcase == "desc") ? :desc : :asc
-
-
case column
-
when: 0
when "name"
-
joins_sql = <<~SQL
-
LEFT JOIN bands
-
ON bands.id = permissions.item_id
-
AND permissions.item_type = 'Band'
-
LEFT JOIN events
-
ON events.id = permissions.item_id
-
AND permissions.item_type = 'Event'
-
LEFT JOIN members
-
ON members.id = permissions.item_id
-
AND permissions.item_type = 'Member'
-
SQL
-
permissions.joins(joins_sql)
-
.order(Arel.sql(
-
"COALESCE(bands.name, events.name, members.name) #{direction_sym}"
-
))
-
when: 0
when "type"
-
permissions.order(item_type: direction_sym)
-
when: 0
when "access"
-
permissions.order(permission_type: direction_sym)
-
when: 0
when "status"
-
permissions.order(status: direction_sym)
-
when: 0
when "bestower"
-
permissions.joins(:bestowing_user).order(Arel.sql(
-
"users.username #{direction_sym}"
-
))
-
when: 0
when "created"
-
permissions.order(created_at: direction_sym)
-
when: 0
when "last_modified"
-
permissions.order(updated_at: direction_sym)
-
else: 0
else
-
permissions.order(created_at: :desc)
-
end
-
end
-
-
15
def sort_effective_items(items, sort_param)
-
8
then: 0
else: 8
return items.sort_by { |item| item.name.downcase } if sort_param.blank?
-
-
8
column, direction = sort_param.split
-
8
then: 8
else: 0
desc = (direction&.downcase == "desc")
-
-
8
sorted_items = case column
-
when: 8
when "name"
-
17
items.sort_by { |item| item.name.downcase }
-
when: 0
when "type"
-
items.sort_by { |item| item.class.name }
-
when: 0
when "status"
-
items.sort_by { |item| item.permission_type.to_s }
-
when: 0
when "source"
-
items.sort_by do |item|
-
permission = find_effective_permission_source(Current.user, item)
-
then: 0
if permission.nil?
-
"AAA_Direct" # Sort direct permissions first
-
else: 0
else
-
"#{permission.item_type}_#{permission.item.name}"
-
end
-
end
-
else: 0
else
-
items.sort_by { |item| item.name.downcase }
-
end
-
-
8
then: 0
else: 8
desc ? sorted_items.reverse : sorted_items
-
end
-
-
15
def fetch_effective_permissions
-
8
events = Event.permitted_for(Current.user.id)
-
8
bands = Band.permitted_for(Current.user.id)
-
8
members = Member.permitted_for(Current.user.id)
-
8
events + bands + members
-
end
-
-
15
def organiser_only
-
10
else: 8
then: 2
unless Current.user.organiser?
-
2
render plain: "Organisers only", status: :forbidden
-
end
-
end
-
-
15
def bestower_and_admin_only
-
3
else: 2
then: 1
unless Current.user.admin? || @permission.bestowing_user == Current.user
-
1
render plain: "Bestower only", status: :forbidden
-
end
-
end
-
-
15
def invitee_and_pending_only
-
10
then: 3
if @permission.user != Current.user
-
3
else: 7
render plain: "Invitee only", status: :forbidden
-
7
then: 1
else: 6
elsif !@permission.pending?
-
1
render plain: "Invite not pending", status: :bad_request
-
end
-
end
-
-
15
def set_form_options
-
8
@users = potential_users
-
8
@items = potential_items(Current.user)
-
8
@permission_types = %w[view edit]
-
end
-
-
15
def set_permission
-
13
@permission = Permission.find(params[:id])
-
end
-
-
15
def permission_create_params
-
7
params.require(:permission).permit(:user_id, :item, :permission_type)
-
end
-
-
15
def permission_update_params
-
6
params.require(:permission).permit(:status)
-
end
-
end
-
16
class SessionsController < ApplicationController
-
16
def new
-
5
then: 3
else: 2
redirect_to events_path if Current.user
-
5
@user = User.new
-
end
-
-
16
def create
-
162
username, password = login_params.values_at(:username, :password)
-
161
logger.debug("Login attempt from #{username}")
-
161
user = User.find_or_create_by(username: username)
-
-
161
then: 1
if Rails.env.development? && params.dig(:user, :debug_skip)
-
1
session[:user_id] = user.id
-
1
logger.debug("Skipped login: #{username}")
-
1
else: 160
redirect_to events_path, notice: "Skipped login."
-
160
then: 158
elsif user.authenticate(password)
-
158
session[:user_id] = user.id
-
158
logger.debug("Login success: #{username}")
-
158
redirect_to events_path, notice: "Logged in successfully."
-
else: 2
else
-
2
@user = User.new
-
2
@user.username = username
-
2
logger.debug "Login failed: #{user.inspect}"
-
2
flash[:alert] = "Invalid username or password"
-
2
render :new, status: :unprocessable_entity
-
end
-
end
-
-
16
def destroy
-
1
session[:user_id] = nil
-
1
session[:impersonation] = nil
-
1
redirect_to login_path, notice: "Logged out successfully."
-
end
-
-
16
private
-
-
16
def login_params
-
162
params.require(:user).permit(:username, :password)
-
end
-
end
-
10
class UserMailsController < ApplicationController
-
10
before_action :set_mail, only: :show
-
10
before_action :can_view_mail, only: :show
-
-
10
def show
-
end
-
-
10
def index
-
@mails =
-
3
then: 1
if Current.user.admin?
-
1
UserMail.order(updated_at: :desc)
-
else: 2
else
-
2
UserMail.where(user_id: Current.user.id).order(updated_at: :desc)
-
end
-
end
-
-
10
def create
-
2
@mail = UserMailer.send_confirmation_registration(Current.user)
-
-
2
then: 1
if @mail.persisted?
-
1
redirect_to user_mails_path, notice: "Confirmation sent successfully"
-
else: 1
else
-
1
redirect_to user_mails_path, alert: "Failed to send confirmation"
-
end
-
end
-
-
10
private
-
-
10
def set_mail
-
5
@mail = UserMail.find(params[:id])
-
end
-
-
10
def can_view_mail
-
5
then: 3
else: 2
return if @mail && (@mail.user_id == Current.user.id || Current.user.admin?)
-
-
2
redirect_to user_mails_path, alert: "Cannot view this mail"
-
end
-
end
-
6
class Users::RegistrationController < ApplicationController
-
6
before_action :set_user, only: %i[
-
edit
-
update
-
]
-
-
6
def edit
-
end
-
-
6
def update
-
1
else: 0
then: 1
UserMailer.send_confirmation_registration(@user) unless @user.confirmed?
-
end
-
-
6
def new
-
4
@token = params[:token]
-
4
verifier = Rails.application.config.message_verifier
-
-
begin
-
4
data = verifier.verify(@token)
-
3
@user = User.find(data["user_id"])
-
3
then: 1
else: 2
if @user.confirmed?
-
1
redirect_to user_path(@user),
-
notice: "Your account is already confirmed"
-
end
-
-
3
then: 1
else: 2
then: 1
else: 2
if data["expires_at"]&.< Time.current.to_i
-
1
flash[:alert] = "Your confirmation link has expired: #{data}."
-
1
redirect_to register_path
-
end
-
rescue ActiveSupport::MessageVerifier::InvalidSignature
-
1
flash[:alert] = "Invalid confirmation link."
-
1
redirect_to register_path
-
end
-
end
-
-
6
def create
-
3
token = params[:token]
-
3
verifier = Rails.application.config.message_verifier
-
-
begin
-
3
data = verifier.verify(token)
-
-
2
then: 2
else: 0
then: 1
if data["expires_at"]&.>= Time.current.to_i
-
1
@user = User.find(data["user_id"])
-
1
@user.update(confirmed: true)
-
1
flash[:notice] = "Your registration has been confirmed."
-
1
redirect_to login_path
-
else: 1
else
-
1
flash[:alert] = "Your confirmation link has expired: #{data}."
-
1
redirect_to register_path
-
end
-
rescue ActiveSupport::MessageVerifier::InvalidSignature
-
1
flash[:alert] = "Invalid confirmation link."
-
1
redirect_to register_path
-
end
-
end
-
-
6
private
-
-
6
def set_user
-
2
@user = User.find(session[:user_id])
-
2
then: 1
else: 1
redirect_to user_path(@user) if @user.confirmed?
-
end
-
end
-
14
class UsersController < ApplicationController
-
14
before_action :check_admin_user, only: %i[
-
create
-
new
-
]
-
-
14
before_action :check_not_logged_in, only: %i[
-
create
-
new
-
]
-
-
14
def new
-
1
@user = User.new
-
end
-
-
14
def create
-
4
@user = User.new(create_user_params)
-
-
4
then: 1
else: 3
if @user.admin? && !@allow_admin_user
-
1
flash.now[:alert] = "No more admin users allowed"
-
1
return render :new, status: :unprocessable_entity
-
end
-
-
3
then: 2
if @user.save
-
2
session[:user_id] = @user.id
-
2
redirect_to account_path, notice: "You registered successfully. Well done!"
-
else: 1
else
-
1
render :new, status: :unprocessable_entity
-
end
-
end
-
-
14
def index
-
1
redirect_to user_path(Current.user)
-
end
-
-
14
def show
-
4
@user = User.find_by(username: params[:id])
-
4
else: 4
then: 0
redirect_to user_path(Current.user) unless @user
-
end
-
-
14
def edit
-
1
@user = Current.user
-
1
else: 0
then: 1
unless params[:id] == @user.username
-
1
redirect_to user_path(@user), alert: "Can't edit other users"
-
end
-
end
-
-
14
def update
-
7
then: 6
else: 1
if params[:user][:password].blank?
-
6
params[:user].delete(:password)
-
6
params[:user].delete(:password_confirmation)
-
end
-
-
7
@user = Current.user
-
7
then: 5
if @user.update(update_user_params)
-
5
redirect_to user_url(@user), notice: "Updated successfully"
-
else: 2
else
-
2
errors = @user.errors.full_messages.join(", ").downcase
-
2
render plain: "Could not update user: #{errors}",
-
status: :forbidden
-
end
-
end
-
-
14
private
-
-
14
def create_user_params
-
4
params.require(:user).permit(
-
:username,
-
:name,
-
:email,
-
:password,
-
:password_confirmation,
-
:time_zone,
-
:user_type
-
)
-
end
-
-
14
def update_user_params
-
7
params.require(:user).permit(
-
:name,
-
:email,
-
:password,
-
:password_confirmation,
-
:time_zone
-
)
-
end
-
-
14
def check_admin_user
-
6
@allow_admin_user = User.admin.count.zero?
-
end
-
-
14
def check_not_logged_in
-
6
else: 5
then: 1
redirect_to account_path unless Current.user.nil?
-
end
-
end
-
1
module ApplicationHelper
-
1
def page_heading(str)
-
199
content_tag(:h1, str, class: "text-gray-900 text-xl")
-
end
-
-
1
def filter_link(name, path, active)
-
572
link_to_if(!active, name, path, class: "hover:underline") do
-
189
content_tag(:span, name, class: "font-bold")
-
end
-
end
-
-
1
def render_filter_group(
-
filters,
-
param_name,
-
preserve_params = [],
-
&path_generator
-
)
-
200
path_generator ||= ->(options) { url_for(options) }
-
192
param_name_str = param_name.to_s
-
-
# Build preserved params hash in one step
-
192
preserved_options = preserve_params.each_with_object({}) do |param, hash|
-
188
then: 6
else: 182
hash[param] = params[param] if params[param].present?
-
end
-
-
192
content_tag(:p, class: "filter-group") do
-
192
filters.map do |filter|
-
# Build options hash
-
570
options = preserved_options.merge(
-
# Only add param if it has a value
-
570
then: 382
else: 188
filter[:value].present? ? {param_name => filter[:value]} : {},
-
# Add any extra parameters
-
filter[:extra] || {}
-
)
-
-
# Determine if this filter is selected
-
570
selected = params[param_name_str] == filter[:value] ||
-
382
(filter[:value].nil? && params[param_name_str].nil?)
-
-
# Generate the link
-
570
filter_link(filter[:label], path_generator.call(options), selected)
-
end.join.html_safe
-
end
-
end
-
-
1
def table_headers(sort_param_name, columns, resource = nil)
-
13
query_params = request.query_parameters.merge({}).except(sort_param_name)
-
-
# Extract current sort information from params
-
13
current_sort_param = params[sort_param_name]
-
13
current_sort_column = nil
-
13
then: 0
else: 13
if current_sort_param.present?
-
current_sort_column, _ = current_sort_param.split
-
end
-
-
13
capture do
-
13
columns.each do |column|
-
# Only set default if this column is actually the sorted one
-
66
then: 0
else: 66
default_sort = (column[:name] == current_sort_column) ? column[:default] : nil
-
-
66
concat(
-
content_tag(:th,
-
table_header_sort(
-
resource || controller_name,
-
column[:name],
-
column[:display],
-
default_sort,
-
query_params,
-
sort_param_name
-
),
-
class: column[:class],
-
66
then: 19
else: 47
style: column[:wide] ? nil : "width: 1%")
-
)
-
end
-
end
-
end
-
-
1
def table_header_sort(
-
resource,
-
column,
-
display_text,
-
default_sort_column = nil,
-
request_params = nil,
-
sort_param_name = :sort,
-
default_sort_direction = "asc"
-
)
-
326
sort_param = sort_param_name.to_sym
-
326
then: 40
else: 286
current_sort_column, current_sort_direction = params[sort_param]&.split
-
326
current_sort_column ||= default_sort_column
-
326
current_sort_direction ||= default_sort_direction
-
-
326
then: 91
if current_sort_column == column
-
91
then: 84
else: 7
new_sort_direction = (current_sort_direction == "asc") ? "desc" : "asc"
-
91
sort_icon = sort_direction_icon(current_sort_direction)
-
else: 235
else
-
235
new_sort_direction = default_sort_direction
-
235
sort_icon = ""
-
end
-
-
326
query_params = request_params || request.query_parameters
-
-
326
new_params = query_params
-
.except(:page, sort_param)
-
.merge(sort_param => "#{column} #{new_sort_direction}")
-
-
# Preserve period parameter if it exists
-
326
then: 55
else: 271
new_params[:period] = request.params[:period] if request.params[:period]
-
-
326
sort_url = url_for(new_params)
-
-
326
link_to "#{display_text}#{sort_icon}".html_safe, sort_url
-
end
-
-
1
def flash_banner(key, msg = nil, &block)
-
183
content_tag :div, class: "#{key} banner" do
-
183
then: 9
else: 174
if block && msg.blank?
-
9
msg = capture(&block)
-
end
-
-
183
concat(content_tag(:div, msg))
-
183
concat(hidden_checkbox_tag(key))
-
183
concat(close_button(key))
-
end
-
end
-
-
1
private
-
-
1
def sort_direction_icon(direction)
-
91
when: 84
case direction
-
84
when: 2
when "asc" then " <span>â–¼</span>"
-
2
else: 5
when "desc" then " <span>â–²</span>"
-
5
else ""
-
end
-
end
-
-
1
def hidden_checkbox_tag(key)
-
183
tag.input type: "checkbox", class: "hidden", id: "banneralert-#{key}"
-
end
-
-
1
def close_button(key)
-
183
tag.label class: "close", style: "width:30px", for: "banneralert-#{key}" do
-
183
tag.svg class: "fill-current h-6 w-6", role: "button", xmlns: "http://www.w3.org/2000/svg", viewBox: "0 0 20 20" do
-
183
concat(tag.title("Close"))
-
183
concat(tag.path(d: "M14.348 14.849a1.2 1.2 0 0 1-1.697 0L10 11.819l-2.651 3.029a1.2 1.2 0 1 1-1.697-1.697l2.758-3.15-2.759-3.152a1.2 1.2 0 1 1 1.697-1.697L10 8.183l2.651-3.031a1.2 1.2 0 1 1 1.697 1.697l-2.758 3.152 2.758 3.15a1.2 1.2 0 0 1 0 1.698z"))
-
end
-
end
-
end
-
end
-
1
module EventsHelper
-
1
def filter_by_period(events, period)
-
181
when: 1
case period
-
1
when: 171
when "past" then events.past
-
171
else: 9
when "future", nil then events.future
-
9
else events
-
end
-
end
-
-
1
def filter_by_band(events, band_id)
-
173
else: 1
then: 172
return events unless band_id.present? && band_id.to_i.positive?
-
1
events.joins(:bands).where(bands: {id: band_id})
-
end
-
-
1
def sort_results(events, sort_param)
-
181
column, direction = extract_sort_params(sort_param)
-
181
else: 180
then: 1
unless Event.attribute_names.include?(column.to_s)
-
1
return events.order(:start_date)
-
end
-
180
events.order(column => direction)
-
end
-
-
1
def extract_sort_params(sort_param)
-
181
col, dir = sort_param.to_s.split
-
181
then: 3
else: 178
dir = %w[desc DESC].include?(dir) ? :desc : :asc
-
181
[col.presence || :start_date, dir]
-
end
-
-
1
def convert_seconds_to_duration(seconds)
-
9
then: 2
else: 7
return nil if seconds < 60
-
-
7
days = (seconds / 86400).floor
-
7
remaining = seconds % 86400
-
-
7
hours = (remaining / 3600).floor
-
7
remaining %= 3600
-
-
7
minutes = (remaining / 60).floor
-
-
7
parts = []
-
7
then: 5
else: 2
else: 4
then: 1
parts << "#{days} day#{"s" unless days == 1}" if days > 0
-
7
then: 2
else: 5
else: 1
then: 1
parts << "#{hours} hour#{"s" unless hours == 1}" if hours > 0
-
7
then: 4
else: 3
else: 1
then: 3
parts << "#{minutes} minute#{"s" unless minutes == 1}" if minutes > 0
-
-
7
when: 4
case parts.size
-
4
when 1 then parts.first
-
else: 3
else
-
3
parts[0...-1].join(", ") + " and #{parts.last}"
-
end
-
end
-
end
-
1
module LinkedDevicesHelper
-
1
def device_type_badge(device_type)
-
12
case device_type
-
when: 11
when "api"
-
11
content_tag(:span, "API", class: "bg-purple-600 text-white px-2 py-1 rounded-full text-xs")
-
when: 1
when "web"
-
1
content_tag(:span, "Web", class: "bg-blue-600 text-white px-2 py-1 rounded-full text-xs")
-
else: 0
else
-
content_tag(:span, device_type.to_s.upcase, class: "bg-gray-600 text-white px-2 py-1 rounded-full text-xs")
-
end
-
end
-
-
1
def resource_link(type, id)
-
obj = type.constantize.find_by(id: id)
-
else: 0
then: 0
return "Unknown #{type}" unless obj
-
-
name = obj.name.presence || "NOT SET"
-
-
case type
-
when: 0
when "Event"
-
link_to(name, event_path(obj), class: "text-purple-600")
-
when: 0
when "Band"
-
link_to(name, band_path(obj), class: "text-blue-600")
-
when: 0
when "Member"
-
link_to(name, member_path(obj), class: "text-green-600")
-
else: 0
else
-
"#{type}: #{name}"
-
end
-
end
-
-
1
def status_badge(device)
-
12
then: 1
if device.revoked?
-
1
content_tag(:span, "Revoked", class: "bg-red-600 text-white px-2 py-1 rounded-full text-xs")
-
else: 11
else
-
11
content_tag(:span, "Active", class: "bg-green-600 text-white px-2 py-1 rounded-full text-xs")
-
end
-
end
-
-
1
def last_accessed_display(device)
-
11
else: 0
then: 11
return "Never" unless device.last_accessed_at
-
-
time_ago_in_words(device.last_accessed_at) + " ago"
-
end
-
end
-
1
module MembersHelper
-
end
-
1
module PermissionsHelper
-
1
include ActionView::Helpers::UrlHelper
-
-
1
def potential_users
-
# Get all non-admin users (both members and organisers) sorted by username,
-
# excluding current user
-
users =
-
9
User
-
.where
-
.not(user_type: :admin)
-
.where
-
.not(id: Current.user.id)
-
.order(:username)
-
.pluck(:username, :id)
-
-
9
if users.any?
-
then: 9
# Add a "Please select" option with empty value as the first option
-
9
[["Please select", ""]] + users
-
else: 0
else
-
[]
-
end
-
end
-
-
1
def potential_items(owner)
-
83
invitable_klasses = [Event, Band, Member]
-
83
invitable_klasses.flat_map do |klass|
-
249
pluck_and_prefix(klass, owner)
-
end
-
end
-
-
1
def permission_status_color(status)
-
case status.to_s
-
when: 0
when "owned"
-
"primary"
-
when: 0
when "accepted"
-
"success"
-
when: 0
when "pending"
-
"warning"
-
when: 0
when "rejected"
-
"danger"
-
else: 0
else
-
"secondary"
-
end
-
end
-
-
1
def get_access_level(user, item)
-
19
when: 8
case item
-
8
when: 6
when Member then get_ownership(user, item, :members, Member)
-
6
when: 5
when Band then get_ownership(user, item, :bands, Band)
-
5
else: 0
when Event then get_ownership(user, item, :events, Event)
-
else raise "Invalid item type: #{item.class}"
-
end
-
end
-
-
1
def get_ownership(user, item, method, klass)
-
19
then: 18
if (direct_permission = user.send(method).find_by(id: item.id))
-
18
else: 1
direct_permission[:permission_type]
-
1
then: 0
else: 1
elsif klass.permitted_for(user.id).find_by(id: item.id)
-
"view"
-
end
-
end
-
-
1
def find_effective_permission_source(user, item)
-
# Direct permission check
-
9
direct_permission = Permission.where(
-
user_id: user.id,
-
item_type: item.class.to_s,
-
item_id: item.id,
-
status: ["owned", "accepted"]
-
).first
-
-
9
then: 9
else: 0
return nil if direct_permission
-
-
else: 0
case item
-
when: 0
when Band
-
find_band_permission_source(user, item)
-
when: 0
when Event
-
find_event_permission_source(user, item)
-
when: 0
when Member
-
find_member_permission_source(user, item)
-
end
-
end
-
-
1
def find_band_permission_source(user, band)
-
# Check permissions through members
-
band.members.each do |member|
-
permission = Permission.where(
-
user_id: user.id,
-
item_type: "Member",
-
item_id: member.id,
-
status: ["owned", "accepted"]
-
).first
-
-
then: 0
else: 0
return permission if permission
-
end
-
-
# Check permissions through events
-
band.events.each do |event|
-
permission = Permission.where(
-
user_id: user.id,
-
item_type: "Event",
-
item_id: event.id,
-
status: ["owned", "accepted"]
-
).first
-
-
then: 0
else: 0
return permission if permission
-
end
-
-
nil
-
end
-
-
1
def find_event_permission_source(user, event)
-
# Check permissions through bands
-
event.bands.each do |band|
-
permission = Permission.where(
-
user_id: user.id,
-
item_type: "Band",
-
item_id: band.id,
-
status: ["owned", "accepted"]
-
).first
-
-
then: 0
else: 0
return permission if permission
-
end
-
-
# Check permissions through members in bands
-
event.bands.each do |band|
-
band.members.each do |member|
-
permission = Permission.where(
-
user_id: user.id,
-
item_type: "Member",
-
item_id: member.id,
-
status: ["owned", "accepted"]
-
).first
-
-
then: 0
else: 0
return permission if permission
-
end
-
end
-
-
nil
-
end
-
-
1
def find_member_permission_source(user, member)
-
# Check permissions through bands
-
member.bands.each do |band|
-
permission = Permission.where(
-
user_id: user.id,
-
item_type: "Band",
-
item_id: band.id,
-
status: ["owned", "accepted"]
-
).first
-
-
then: 0
else: 0
return permission if permission
-
end
-
-
# Check permissions through events via bands
-
member.bands.each do |band|
-
band.events.each do |event|
-
permission = Permission.where(
-
user_id: user.id,
-
item_type: "Event",
-
item_id: event.id,
-
status: ["owned", "accepted"]
-
).first
-
-
then: 0
else: 0
return permission if permission
-
end
-
end
-
-
nil
-
end
-
-
1
private
-
-
1
def pluck_and_prefix(klass, owner)
-
249
owned_permissions = owner.send(:"#{klass.to_s.downcase.pluralize}")
-
249
owned_item_ids = owned_permissions.pluck(:id)
-
249
items = klass.where(id: owned_item_ids).pluck(:id, :name)
-
249
items.map do |id, name|
-
102
["#{name} (#{klass})", "#{klass}_#{id}"]
-
end
-
end
-
end
-
1
module SessionsHelper
-
end
-
1
module Users::RegistrationHelper
-
end
-
1
class ApplicationJob < ActiveJob::Base
-
# Automatically retry jobs that encountered a deadlock
-
# retry_on ActiveRecord::Deadlocked
-
-
# Most jobs are safe to ignore if the underlying records are no longer available
-
# discard_on ActiveJob::DeserializationError
-
end
-
1
class SendMailJob < ApplicationJob
-
1
queue_as :default
-
1
retry_on StandardError, wait: 1.minute, attempts: 5
-
-
1
def perform(user_mail_id)
-
user_mail = UserMail.find(user_mail_id)
-
user_mail.attempt_send
-
end
-
end
-
15
module FormBuilders
-
15
class NiceFormBuilder < ActionView::Helpers::FormBuilder
-
15
class_attribute :text_field_helpers,
-
default: field_helpers - %i[
-
label
-
check_box
-
radio_button
-
fields_for
-
fields
-
hidden_field
-
file_field
-
]
-
-
15
TEXT_FIELD_STYLE = "text_field".freeze
-
15
TEXT_AREA_STYLE = "textarea_field".freeze
-
15
SELECT_FIELD_STYLE = "select_field".freeze
-
15
SUBMIT_BUTTON_STYLE = "primary_button".freeze
-
15
CHECKBOX_FIELD_STYLE = "checkbox_group".freeze
-
15
DATE_SELECT_STYLE = "date_select".freeze
-
15
TIME_SELECT_STYLE = "time_select".freeze
-
-
15
text_field_helpers.each do |field_method|
-
270
define_method(field_method) do |method, options = {}|
-
108
then: 54
if options.delete(:already_nice)
-
54
super(method, options)
-
else: 54
else
-
54
text_like_field(field_method, method, options)
-
end
-
end
-
end
-
-
15
def submit(value = nil, options = {})
-
29
custom_opts, opts = partition_custom_opts(options)
-
29
classes = apply_style_classes(SUBMIT_BUTTON_STYLE, custom_opts)
-
-
29
super(value, {class: classes}.merge(opts))
-
end
-
-
15
def select(method, choices = nil, options = {}, html_options = {}, &block)
-
17
custom_opts, opts = partition_custom_opts(options)
-
17
classes = apply_style_classes(SELECT_FIELD_STYLE, custom_opts, method)
-
-
17
labels = labels(method, custom_opts[:label], options)
-
17
field = super(
-
method,
-
choices,
-
opts,
-
html_options.merge({class: classes}),
-
&block
-
)
-
-
17
@template.content_tag("div", labels + field, {class: "field"})
-
end
-
-
15
def check_box(method, options = {}, checked_value = "1", unchecked_value = "0")
-
3
custom_opts, opts = partition_custom_opts(options)
-
3
classes = apply_style_classes(CHECKBOX_FIELD_STYLE, custom_opts, method)
-
-
3
labels = labels(method, custom_opts[:label], options)
-
3
field = super(method, opts.merge({class: classes}), checked_value, unchecked_value)
-
-
3
@template.content_tag("div", labels + field, {class: "field"})
-
end
-
-
15
def collection_checkboxes(
-
method,
-
collection,
-
value_method,
-
text_method,
-
options = {},
-
html_options = {},
-
&block
-
)
-
5
custom_opts, opts = partition_custom_opts(options)
-
-
5
classes = apply_style_classes(
-
CHECKBOX_FIELD_STYLE,
-
custom_opts,
-
method
-
)
-
-
5
labels = labels(method, custom_opts[:label], options)
-
-
5
html_options = html_options.merge(class: classes)
-
-
5
check_boxes = super(
-
method,
-
collection,
-
value_method,
-
text_method,
-
opts,
-
html_options,
-
&block
-
)
-
-
5
@template.content_tag(
-
"div",
-
labels + check_boxes,
-
{class: "field"}
-
)
-
end
-
-
15
def date_select(method, options = {}, html_options = {})
-
10
custom_opts, opts = partition_custom_opts(options)
-
10
classes = apply_style_classes(nil, custom_opts, method)
-
-
10
labels = labels(method, custom_opts[:label], options)
-
10
field = @template.content_tag(
-
"div",
-
super(
-
method,
-
opts,
-
html_options.merge(class: classes)
-
),
-
{class: "flex flex-row gap-4"}
-
)
-
-
10
field_classes = ["field"]
-
10
then: 10
else: 0
field_classes << custom_opts[:field_class] if custom_opts[:field_class]
-
-
10
@template.content_tag(
-
"div",
-
labels + field,
-
{class: field_classes.join(" ")}
-
)
-
end
-
-
15
def time_select(method, options = {}, html_options = {})
-
10
custom_opts, opts = partition_custom_opts(options)
-
10
classes = apply_style_classes(nil, custom_opts, method)
-
-
10
labels = labels(method, custom_opts[:label], options)
-
10
field = @template.content_tag(
-
"div",
-
super(
-
method,
-
opts,
-
html_options.merge(class: classes)
-
),
-
{class: "flex flex-row gap-4"}
-
)
-
-
10
field_classes = ["field"]
-
10
then: 10
else: 0
field_classes << custom_opts[:field_class] if custom_opts[:field_class]
-
-
10
@template.content_tag(
-
"div",
-
labels + field,
-
{class: field_classes.join(" ")}
-
)
-
end
-
-
15
private
-
-
15
def text_like_field(field_method, object_method, options = {})
-
54
custom_opts, opts = partition_custom_opts(options)
-
54
then: 0
else: 54
style = (field_method == :text_area) ? TEXT_AREA_STYLE : TEXT_FIELD_STYLE
-
54
classes = apply_style_classes(style, custom_opts, object_method)
-
-
field_options = {
-
54
class: classes,
-
then: 54
else: 0
title: errors_for(object_method)&.join(" ")
-
}.compact.merge(opts).merge(already_nice: true)
-
-
54
field = send(field_method, object_method, field_options)
-
54
labels = labels(object_method, custom_opts[:label], options)
-
-
54
@template.content_tag("div", labels + field, {class: "field"})
-
end
-
-
15
def labels(object_method, label_options, field_options)
-
99
label = nice_label(object_method, label_options, field_options)
-
99
error_label = error_label(object_method, field_options)
-
-
99
label + error_label
-
end
-
-
15
def nice_label(object_method, label_options, field_options)
-
text, label_opts =
-
103
then: 34
label_options.present? ?
-
else: 69
label_options.values_at(:text, :except) :
-
[nil, {}]
-
-
103
label_opts ||= {}
-
-
103
label_classes = label_opts[:class].to_s
-
103
then: 0
else: 103
label_classes += " disabled" if field_options[:disabled]
-
-
103
label(object_method, text, {
-
class: label_classes.strip
-
}.merge(label_opts.except(:class)))
-
end
-
-
15
def error_label(object_method, options)
-
99
errors = errors_for(object_method)
-
-
99
then: 95
else: 4
return if errors.blank?
-
-
4
error_message = errors.collect(&:titleize).join(", ")
-
-
4
nice_label(
-
object_method,
-
{text: error_message, class: "error_message"},
-
options
-
)
-
end
-
-
15
def border_color_classes(object_method)
-
128
else: 99
then: 29
return "" unless object_method
-
99
then: 4
else: 95
"has_error" if errors_for(object_method).present?
-
end
-
-
15
def apply_style_classes(base_class, custom_opts, object_method = nil)
-
[
-
128
base_class,
-
border_color_classes(object_method),
-
custom_opts[:class]
-
].compact.join(" ")
-
end
-
-
15
CUSTOM_OPTS = [:label, :class, :field_class].freeze
-
-
15
def partition_custom_opts(opts)
-
216
opts.partition { |k, _| CUSTOM_OPTS.include?(k) }.map(&:to_h)
-
end
-
-
15
def errors_for(object_method)
-
252
else: 252
then: 0
return unless @object.present? && object_method.present?
-
-
252
@object.errors[object_method]
-
end
-
end
-
end
-
8
class ApplicationMailer < ActionMailer::Base
-
8
layout "mailer"
-
end
-
class TestMailer < ApplicationMailer
-
def test_email(to)
-
Rails.logger.info "Preparing to send test email to #{to}."
-
-
mail(
-
to: to,
-
subject: "Test Email",
-
body: "This is a test email."
-
)
-
end
-
end
-
# app/mailers/user_mailer.rb
-
8
class UserMailer < ApplicationMailer
-
8
CONFIRM_REGISTRATION_SUBJECT = "Thank you for joining Libregig"
-
-
8
def confirm_registration(user_mail)
-
1
@username = user_mail.params["username"]
-
1
@url = user_mail.params["url"]
-
-
1
mail(to: user_mail.recipient, subject: CONFIRM_REGISTRATION_SUBJECT)
-
end
-
-
8
def self.send_confirmation_registration(user)
-
1
confirmation_token = user.confirmation_tokens.create!(token: SecureRandom.urlsafe_base64)
-
-
1
user_mail = UserMail.new(
-
user: user,
-
recipient: user.email,
-
subject: CONFIRM_REGISTRATION_SUBJECT,
-
template: "confirm_registration",
-
params: {
-
username: user.username,
-
url: generate_confirmation_url(confirmation_token)
-
}
-
)
-
-
1
then: 1
if user_mail.save
-
1
SendMailJob.perform_later(user_mail.id)
-
else: 0
else
-
errors = user_mail.errors.full_messages.join(", ")
-
Rails.logger.error("Failed to create UserMail: #{errors}")
-
end
-
-
1
user_mail
-
end
-
-
8
def self.generate_confirmation_url(confirmation_token)
-
2
Rails.application.routes.url_helpers.confirm_registration_url(
-
token: confirmation_token.token,
-
host: Rails.configuration.server_url
-
)
-
end
-
end
-
1
class ApplicationRecord < ActiveRecord::Base
-
1
primary_abstract_class
-
end
-
1
class Band < ApplicationRecord
-
1
include RandomId
-
-
1
has_many :event_bands, dependent: :destroy
-
1
has_many :events, through: :event_bands
-
-
1
has_many :band_members, dependent: :restrict_with_error
-
1
has_many :members, through: :band_members
-
1
has_many :permission, as: :item, dependent: :destroy
-
1
has_many :linked_devices, as: :linkable, dependent: :nullify
-
-
1
validates :description, presence: true
-
1
validates :name, presence: true
-
-
1
include Auditable
-
1
audit_log_columns :name, :description
-
-
1
attribute :permission_type, :string
-
-
1
scope :permitted_for, ->(user_id) {
-
149
select(
-
"bands.*, #{BandPermissionQuery.with_permission_type_sql(user_id)}"
-
)
-
.where(BandPermissionQuery.permission_sql(user_id))
-
}
-
-
1
def owner
-
73
then: 73
else: 0
permission.where(status: :owned).first&.user
-
end
-
-
1
def url
-
1
Rails.application.routes.url_helpers.edit_band_path(self)
-
end
-
-
1
def editable?
-
2
permission_type == "edit"
-
end
-
end
-
16
class BandMember < ApplicationRecord
-
16
include RandomId
-
16
belongs_to :member
-
16
belongs_to :band
-
end
-
3
class BandsAudit < ApplicationRecord
-
3
self.table_name = "bands_audit"
-
-
3
belongs_to :band
-
end
-
1
module Auditable
-
1
extend ActiveSupport::Concern
-
-
1
included do
-
3
after_update_commit :log_changes
-
end
-
-
1
def log_changes
-
17
changes_to_log.each do |column, values|
-
26
audit_class.create!(
-
item_id => id,
-
:column_changed => column,
-
:old_value => values.first,
-
:user_id => Current.user.id
-
)
-
end
-
end
-
-
1
private
-
-
1
def changes_to_log
-
17
saved_changes.slice(*self.class.logged_columns)
-
end
-
-
1
def audit_class
-
26
"#{self.class.name.pluralize}Audit".constantize
-
end
-
-
1
def item_id
-
26
"#{self.class.name.downcase}_id"
-
end
-
-
1
class_methods do
-
1
def audit_log_columns(*columns)
-
3
@logged_columns = columns.map(&:to_s)
-
end
-
-
1
def logged_columns
-
17
@logged_columns || []
-
end
-
end
-
end
-
1
module RandomId
-
1
extend ActiveSupport::Concern
-
-
1
included do
-
53
before_create :randomise_id
-
end
-
-
1
private
-
-
1
def randomise_id
-
2270
loop do
-
2270
self.id = SecureRandom.random_number(4294967295)
-
2270
else: 0
then: 2270
break unless self.class.where(id: id).exists?
-
end
-
end
-
end
-
10
class ConfirmationToken < ApplicationRecord
-
10
belongs_to :user
-
-
10
before_create :set_expires_at, unless: :expires_at?
-
-
10
validates :token, presence: true, uniqueness: true
-
-
14
scope :valid, -> { where("expires_at > ?", Time.current) }
-
-
10
private
-
-
10
def set_expires_at
-
5
self.expires_at = 24.hours.from_now
-
end
-
end
-
1
class Current < ActiveSupport::CurrentAttributes
-
1
attribute :_user
-
1
attribute :_impersonator
-
-
1657
resets { Time.zone = nil }
-
-
1
def user=(user)
-
513
self._user = user
-
513
update_time_zone
-
end
-
-
1
def user
-
3866
_user
-
end
-
-
1
def impersonator=(impersonator)
-
507
self._impersonator = impersonator
-
507
update_time_zone
-
end
-
-
1
def impersonator
-
1
_impersonator
-
end
-
-
1
def impersonating?
-
238
_impersonator.present?
-
end
-
-
1
private
-
-
1
def update_time_zone
-
1020
then: 678
else: 342
then: 0
else: 342
Time.zone = _user&.time_zone || _impersonator&.time_zone
-
end
-
end
-
1
class Event < ApplicationRecord
-
1
include EventsHelper
-
1
include RandomId
-
-
1
has_many :event_bands, dependent: :destroy
-
1
has_many :bands, through: :event_bands
-
1
has_many :permissions, as: :item, dependent: :destroy
-
1
has_many :linked_devices, as: :linkable, dependent: :nullify
-
1
validate :end_date_nil_or_after_start
-
1
before_validation :set_defaults
-
-
1
attribute :permission_type, :string
-
-
3
scope :past, -> { where(<<~SQL) }
-
start_date IS NULL OR
-
COALESCE(end_date, start_date) <= CURRENT_TIMESTAMP
-
SQL
-
-
173
scope :future, -> { where(<<~SQL) }
-
start_date IS NULL OR
-
COALESCE(end_date, start_date) >= CURRENT_TIMESTAMP
-
SQL
-
-
1
scope :permitted_for, ->(user_id) {
-
307
select(
-
"events.*, #{EventPermissionQuery.with_permission_type_sql(user_id)}"
-
)
-
.where(EventPermissionQuery.permission_sql(user_id))
-
}
-
-
1
include Auditable
-
1
audit_log_columns :name, :description, :start_date, :end_date
-
-
1
def owner
-
73
then: 73
else: 0
permissions.where(status: :owned).first&.user
-
end
-
-
1
def url
-
1
Rails.application.routes.url_helpers.edit_event_path(self)
-
end
-
-
1
def external_url
-
1
Rails.application.routes.url_helpers.edit_event_url(self, host: Rails.application.config.server_url)
-
end
-
-
1
def editable?
-
1
permission_type == "edit"
-
end
-
-
1
def duration
-
1
then: 1
else: 0
if start_date.present? && end_date.present?
-
1
convert_seconds_to_duration(end_date - start_date)
-
end
-
end
-
-
1
private
-
-
1
def set_defaults
-
195
then: 193
else: 2
if start_date.present?
-
193
self.end_date ||= start_date
-
193
then: 0
else: 193
if end_date && end_date < start_date
-
self.end_date = start_date
-
end
-
end
-
end
-
-
1
def end_date_nil_or_after_start
-
195
then: 0
else: 195
if end_date.present? && start_date.present? && end_date < start_date
-
errors.add(:end_date, "Must be before start")
-
end
-
end
-
end
-
1
class EventBand < ApplicationRecord
-
1
include RandomId
-
1
belongs_to :event
-
1
belongs_to :band
-
end
-
8
class EventsAudit < ApplicationRecord
-
8
self.table_name = "events_audit"
-
8
belongs_to :event
-
end
-
16
class LinkedDevice < ApplicationRecord
-
16
include RandomId
-
-
16
belongs_to :user
-
16
has_many :linked_device_linkables, dependent: :destroy
-
105
has_many :event_linkables, -> { where(linkable_type: "Event") },
-
class_name: "LinkedDeviceLinkable"
-
102
has_many :band_linkables, -> { where(linkable_type: "Band") },
-
class_name: "LinkedDeviceLinkable"
-
100
has_many :member_linkables, -> { where(linkable_type: "Member") },
-
class_name: "LinkedDeviceLinkable"
-
-
16
enum :device_type, {api: 0, web: 1}
-
-
16
validates :name, presence: true
-
16
validates :device_type, presence: true
-
16
validates :secret, presence: true, uniqueness: true
-
# We're removing this validation as part of the UI simplification
-
# validate :validate_access_selection, unless: :skip_access_validation?
-
-
16
before_validation :generate_secret, on: :create
-
16
before_destroy :ensure_never_accessed
-
-
18
scope :active, -> { where(revoked_at: nil) }
-
18
scope :revoked, -> { where.not(revoked_at: nil) }
-
-
# Virtual attributes for checkboxes
-
16
attr_accessor :event_ids, :band_ids, :member_ids, :user_account
-
-
# Skip validation flag - used in tests
-
16
attr_accessor :skip_access_validation
-
16
alias_method :skip_access_validation?, :skip_access_validation
-
-
16
def skip_access_validation!
-
3
@skip_access_validation = true
-
end
-
-
# Dynamic getters for linkable IDs
-
16
%w[event band member].each do |resource|
-
48
define_method(:"#{resource}_ids") do
-
154
instance_variable_get(:"@#{resource}_ids") ||
-
1
send(:"#{resource}_linkables").map { |l| l.linkable_id.to_s }
-
end
-
-
48
define_method(:"#{resource}_ids=") do |ids|
-
11
instance_variable_set(:"@#{resource}_ids", Array(ids).compact_blank.map(&:to_s))
-
end
-
end
-
-
# Process the IDs after save
-
16
after_save :process_linkables
-
-
16
def revoked?
-
16
revoked_at.present?
-
end
-
-
16
def revoke!
-
2
update!(revoked_at: Time.current)
-
end
-
-
16
def touch_access!
-
2
update!(last_accessed_at: Time.current)
-
end
-
-
16
def accessed?
-
6
last_accessed_at.present?
-
end
-
-
16
def has_specific_access?
-
linked_device_linkables.any?
-
end
-
-
16
def access_type
-
then: 0
else: 0
has_specific_access? ? "specific" : "full"
-
end
-
-
16
private
-
-
16
def generate_secret
-
43
self.secret ||= SecureRandom.hex(32)
-
end
-
-
16
def ensure_never_accessed
-
3
then: 1
else: 2
if last_accessed_at.present?
-
1
errors.add(:base, "Cannot delete a device that has been accessed")
-
1
throw :abort
-
end
-
end
-
-
16
def process_linkables
-
50
else: 50
then: 0
return unless persisted?
-
-
50
%w[Event Band Member].each do |type|
-
150
process_linkable_type(type, send(:"#{type.downcase}_ids"))
-
end
-
end
-
-
16
def process_linkable_type(type, ids)
-
150
current = send(:"#{type.downcase}_linkables")
-
150
current_ids = current.pluck(:linkable_id).map(&:to_s)
-
-
# Add new linkables
-
150
(ids - current_ids).each do |id|
-
10
linked_device_linkables.create!(linkable_type: type, linkable_id: id)
-
end
-
-
# Remove old linkables
-
150
then: 1
else: 149
current.where(linkable_id: current_ids - ids).destroy_all if (current_ids - ids).any?
-
end
-
end
-
14
class LinkedDeviceLinkable < ApplicationRecord
-
14
belongs_to :linked_device
-
14
belongs_to :linkable, polymorphic: true
-
-
14
validates :linked_device_id, uniqueness: {
-
scope: [:linkable_type, :linkable_id],
-
message: "is already linked to this resource"
-
}
-
end
-
1
class Member < ApplicationRecord
-
1
include RandomId
-
-
1
has_many :band_members, dependent: :destroy
-
1
has_many :bands, through: :band_members
-
-
1
has_many :member_skills, dependent: :destroy
-
1
has_many :skills, through: :member_skills
-
-
255
validates :skills, presence: true, if: -> { skills_list.present? }
-
-
1
has_many :permission, as: :item, dependent: :destroy
-
1
has_many :linked_devices, as: :linkable, dependent: :nullify
-
-
1
include Auditable
-
1
audit_log_columns :name, :description
-
-
1
attribute :permission_type, :string
-
-
1
scope :permitted_for, ->(user_id) {
-
125
select(
-
"members.*, #{MemberPermissionQuery.with_permission_type_sql(user_id)}"
-
)
-
.where(MemberPermissionQuery.permission_sql(user_id))
-
}
-
-
1
def owner
-
then: 0
else: 0
Permission.where(
-
status: :owned,
-
item_type: "Member",
-
item_id: id
-
).first&.user
-
end
-
-
1
def skills_list
-
256
skills.pluck(:name).join(", ")
-
end
-
-
1
def skills_list=(skills_string)
-
then: 0
else: 0
return if skills_string.blank?
-
-
skill_names =
-
skills_string
-
.downcase
-
.split(",")
-
.map(&:strip)
-
.compact_blank
-
.uniq
-
-
then: 0
else: 0
return if skill_names.empty?
-
-
transaction do
-
member_skills.destroy_all
-
skill_names.each do |name|
-
skill = Skill.find_or_create_by!(name: name)
-
else: 0
then: 0
member_skills.create!(skill: skill) unless member_skills.exists?(skill: skill)
-
end
-
end
-
end
-
-
1
def editable?
-
2
permission_type == "edit"
-
end
-
-
1
def events
-
1
Event.joins(:bands)
-
.where(bands: {id: bands.pluck(:id)})
-
.distinct
-
end
-
end
-
16
class MemberSkill < ApplicationRecord
-
16
belongs_to :member
-
16
belongs_to :skill
-
-
16
validates :member_id, uniqueness: {scope: :skill_id}
-
end
-
3
class MembersAudit < ApplicationRecord
-
3
self.table_name = "members_audit"
-
3
belongs_to :member
-
end
-
16
class Permission < ApplicationRecord
-
16
include RandomId
-
16
include PermissionsHelper
-
-
16
belongs_to :user, class_name: "User"
-
16
belongs_to :bestowing_user, class_name: "User", optional: true
-
16
belongs_to :item, polymorphic: true
-
-
16
scope :accepted, -> { where(status: :accepted) }
-
16
scope :accepted_or_owned, -> { where(status: %i[accepted owned]) }
-
16
scope :item_type, ->(type) { where(item_type: type) }
-
23
scope :for_user, ->(user) { where("bestowing_user_id = :user_id OR user_id = :user_id", user_id: user.id) }
-
-
16
def self.join_models(model)
-
table_name = model.to_s.pluralize
-
klass_name = model.to_s.classify
-
joins("
-
JOIN #{table_name}
-
ON #{table_name}.id = permissions.item_id
-
AND permissions.item_type = '#{klass_name}'
-
")
-
end
-
-
16
scope :bands, -> { join_models(:band) }
-
16
scope :events, -> { join_models(:event) }
-
16
scope :members, -> { join_models(:member) }
-
-
16
scope :system_permissions, -> { where(bestowing_user: nil) }
-
-
16
validates :item_type, presence: true
-
16
validates :permission_type, presence: true, inclusion: {in: %w[view edit]}
-
16
validates :status, presence: true, inclusion: {in: %w[owned pending accepted rejected]}
-
16
validate :bestowing_user_must_be_organiser_or_nil, :user_must_be_member_or_organiser
-
-
16
validate :valid_item
-
16
validate :valid_user
-
-
16
enum :status, {
-
owned: "owned",
-
pending: "pending",
-
accepted: "accepted",
-
rejected: "rejected"
-
}
-
-
16
def item_path
-
7
helper = Rails.application.routes.url_helpers
-
7
when: 2
case item_type
-
2
when: 3
when "Band" then helper.band_path(item)
-
3
when: 2
when "Event" then helper.event_path(item)
-
2
else: 0
when "Member" then helper.member_path(item)
-
else raise "Invalid item type: #{item_type}"
-
end
-
end
-
-
16
private
-
-
16
def valid_item
-
593
then: 518
else: 75
return true if bestowing_user.nil?
-
-
75
item_ids = potential_items(bestowing_user).pluck(1)
-
75
item_str = "#{item_type}_#{item_id}"
-
-
75
else: 72
then: 3
unless item_ids.include?(item_str)
-
3
errors.add(:item, "is not a valid selection for #{bestowing_user}. Valid options: #{item_ids}")
-
end
-
end
-
-
16
def valid_user
-
# TODO: make this fancier
-
593
else: 591
then: 0
unless User.find(user_id)
-
errors.add(:user, "is not a valid selection")
-
end
-
end
-
-
16
def bestowing_user_must_be_organiser_or_nil
-
593
else: 592
then: 1
unless bestowing_user.nil? || bestowing_user.organiser?
-
1
errors.add(:bestowing_user, "must be an organiser")
-
end
-
end
-
-
16
def user_must_be_member_or_organiser
-
593
then: 591
else: 2
then: 171
else: 2
else: 590
then: 3
unless user&.organiser? || user&.member?
-
3
errors.add(:user, "must be a member or organiser")
-
end
-
end
-
end
-
1
class Skill < ApplicationRecord
-
1
has_many :member_skills, dependent: :destroy
-
1
has_many :members, through: :member_skills
-
-
1
validates :name, presence: true
-
end
-
1
class User < ApplicationRecord
-
1
include RandomId
-
1
include PermissionsHelper
-
-
1
enum :user_type, {admin: 0, member: 1, organiser: 2}
-
-
1
has_secure_password
-
1
has_many :permissions,
-
dependent: :destroy,
-
inverse_of: :user
-
-
1
def members
-
116
Member.permitted_for(id)
-
end
-
-
1
def bands
-
141
Band.permitted_for(id)
-
end
-
-
1
def events
-
299
Event.permitted_for(id)
-
end
-
-
1
has_many :confirmation_tokens, dependent: :destroy
-
1
has_many :linked_devices, dependent: :destroy
-
-
607
then: 603
else: 3
before_save { email&.downcase! }
-
1
before_validation :set_default_time_zone
-
-
1
validates :username,
-
presence: true,
-
uniqueness: true
-
-
1
validates :email,
-
presence: {message: "can't be blank"},
-
uniqueness: true,
-
format: {with: URI::MailTo::EMAIL_REGEXP, message: "is invalid", allow_blank: true}
-
-
1
validates :password,
-
presence: true,
-
length: {minimum: 6},
-
if: :password_required?,
-
allow_blank: true
-
-
1
validates :password_confirmation,
-
presence: true,
-
allow_blank: true
-
-
1
validates :time_zone,
-
inclusion: {
-
151
in: ActiveSupport::TimeZone.all.map { |t| t.tzinfo.name },
-
message: "%{value} is not a valid time zone"
-
}, allow_blank: true
-
-
1
def confirmed?
-
353
confirmed || admin?
-
end
-
-
1
def to_param
-
510
username
-
end
-
-
1
def owned_links
-
2
then: 1
else: 1
return @owned_links if defined?(@owned_links)
-
@owned_links =
-
1
bands.select(:name, :id) +
-
events.select(:name, :id) +
-
members.select(:name, :id)
-
end
-
-
1
private
-
-
1
def password_required?
-
1263
new_record? || password.present?
-
end
-
-
1
def set_default_time_zone
-
630
then: 8
else: 622
self.time_zone = "Etc/UTC" if time_zone.blank?
-
end
-
end
-
1
class UserMail < ApplicationRecord
-
1
belongs_to :user
-
-
1
enum :state, {pending: 0, sending: 1, sent: 2, failed: 3}
-
-
1
validates :subject, presence: true, length: {maximum: 120}
-
1
validates :recipient, presence: true, length: {maximum: 255}
-
1
validates :template, presence: true, length: {maximum: 50}
-
1
validates :params, presence: true
-
-
1
def html_content
-
4
content(:html)
-
end
-
-
1
def text_content
-
4
content(:text)
-
end
-
-
1
def attempt_send
-
3
else: 2
then: 1
return unless pending?
-
-
2
update!(state: :sending)
-
-
begin
-
2
UserMailer.confirm_registration(self).deliver_now
-
1
update!(state: :sent)
-
1
Rails.logger.info("Mail sent successfully to #{recipient}.")
-
rescue => e
-
1
then: 0
else: 1
raise e if Rails.env.development?
-
1
update!(state: :failed)
-
1
Rails.logger.error("Failed to send mail to #{recipient}: #{e}")
-
end
-
end
-
-
1
private
-
-
1
def content(format)
-
8
ApplicationController.render(
-
layout: false,
-
template: "user_mailer/#{template}",
-
assigns: params,
-
formats: [format]
-
)
-
end
-
end
-
16
class BandPermissionQuery
-
16
class << self
-
16
def permission_sql(user_id)
-
149
<<-SQL
-
EXISTS (
-
SELECT 1 FROM permissions
-
WHERE permissions.user_id = #{user_id}
-
AND permissions.status IN ('owned', 'accepted')
-
AND (
-
/* Check three ways you might directly have permission */
-
(#{direct_permission_sql})
-
OR
-
(#{through_member_sql})
-
OR
-
(#{through_event_sql})
-
)
-
)
-
/* Or check indirect permissions through event relationships */
-
OR bands.id IN (
-
/* Can see bands at events you have have permission for other bands
-
at */
-
#{shares_event_with_permitted_band_sql(user_id)}
-
)
-
OR bands.id IN (
-
/* Can see bands at events you have have permission for members in
-
bands at */
-
#{shares_event_with_band_with_permitted_member_sql(user_id)}
-
)
-
SQL
-
end
-
-
16
def with_permission_type_sql(user_id)
-
149
<<~SQL
-
CASE
-
WHEN EXISTS (
-
SELECT 1 FROM permissions
-
WHERE permissions.user_id = #{user_id}
-
AND permissions.status IN ('owned', 'accepted')
-
AND permissions.item_type = 'Band'
-
AND permissions.item_id = bands.id
-
) THEN (
-
SELECT permission_type FROM permissions
-
WHERE permissions.user_id = #{user_id}
-
AND permissions.status IN ('owned', 'accepted')
-
AND permissions.item_type = 'Band'
-
AND permissions.item_id = bands.id
-
LIMIT 1
-
)
-
ELSE 'view'
-
END as permission_type
-
SQL
-
end
-
-
16
private
-
-
16
def direct_permission_sql
-
149
<<-SQL
-
/* Simplest case: you have direct permission to the band */
-
permissions.item_type = 'Band'
-
AND permissions.item_id = bands.id
-
SQL
-
end
-
-
16
def through_member_sql
-
149
<<-SQL
-
/* You have permission to a member who is in this band */
-
permissions.item_type = 'Member'
-
AND permissions.item_id IN (
-
/* Find all members in this band */
-
SELECT member_id
-
FROM band_members
-
WHERE band_id = bands.id
-
)
-
SQL
-
end
-
-
16
def through_event_sql
-
149
<<-SQL
-
/* You have permission to an event this band is playing at */
-
permissions.item_type = 'Event'
-
AND permissions.item_id IN (
-
/* Find all events this band is playing at */
-
SELECT event_id
-
FROM event_bands
-
WHERE band_id = bands.id
-
)
-
SQL
-
end
-
-
16
def shares_event_with_permitted_band_sql(user_id)
-
149
<<~SQL
-
/* Find bands that are playing at the same events as bands you can access */
-
SELECT band.id
-
FROM bands AS band
-
/* First, find events this band is playing at */
-
JOIN event_bands AS event_band
-
ON event_band.band_id = band.id
-
/* Then find other bands playing at those same events */
-
JOIN event_bands AS other_event_band
-
ON other_event_band.event_id = event_band.event_id
-
/* Check if you have permission to any of those other bands */
-
JOIN permissions AS p
-
ON p.item_type = 'Band'
-
AND p.item_id = other_event_band.band_id
-
AND p.user_id = #{user_id}
-
AND p.status IN ('owned', 'accepted')
-
SQL
-
end
-
-
16
def shares_event_with_band_with_permitted_member_sql(user_id)
-
149
<<-SQL
-
/* Find bands that are playing at events where there's another band
-
that has a member you have permission to */
-
SELECT band.id
-
FROM bands AS band
-
/* First, find events this band is playing at */
-
JOIN event_bands AS event_band
-
ON event_band.band_id = band.id
-
/* Then find other bands playing at those same events */
-
JOIN event_bands AS other_event_band
-
ON other_event_band.event_id = event_band.event_id
-
/* Find members in those other bands */
-
JOIN band_members AS bm
-
ON bm.band_id = other_event_band.band_id
-
/* Check if you have permission to any of those members */
-
JOIN permissions AS p
-
ON p.item_type = 'Member'
-
AND p.item_id = bm.member_id
-
AND p.user_id = #{user_id}
-
AND p.status IN ('owned', 'accepted')
-
SQL
-
end
-
end
-
end
-
16
class EventPermissionQuery
-
16
class << self
-
16
def permission_sql(user_id)
-
307
<<-SQL
-
EXISTS (
-
SELECT 1 FROM permissions
-
WHERE permissions.user_id = #{user_id}
-
AND permissions.status IN ('owned', 'accepted')
-
AND (
-
/* Check three ways you might have permission */
-
(#{direct_permission_sql})
-
OR
-
(#{through_band_sql})
-
OR
-
(#{through_member_sql})
-
)
-
)
-
SQL
-
end
-
-
16
def with_permission_type_sql(user_id)
-
307
<<~SQL
-
CASE
-
WHEN EXISTS (
-
SELECT 1 FROM permissions
-
WHERE permissions.user_id = #{user_id}
-
AND permissions.status IN ('owned', 'accepted')
-
AND permissions.item_type = 'Event'
-
AND permissions.item_id = events.id
-
) THEN (
-
SELECT permission_type FROM permissions
-
WHERE permissions.user_id = #{user_id}
-
AND permissions.status IN ('owned', 'accepted')
-
AND permissions.item_type = 'Event'
-
AND permissions.item_id = events.id
-
LIMIT 1
-
)
-
ELSE 'view'
-
END as permission_type
-
SQL
-
end
-
-
16
private
-
-
16
def direct_permission_sql
-
307
<<-SQL
-
/* Simplest case: you have direct permission to the event */
-
permissions.item_type = 'Event'
-
AND permissions.item_id = events.id
-
SQL
-
end
-
-
16
def through_band_sql
-
307
<<-SQL
-
/* You have permission to a band that's playing at this event */
-
permissions.item_type = 'Band'
-
AND permissions.item_id IN (
-
/* Find all bands playing at this event */
-
SELECT band_id
-
FROM event_bands
-
WHERE event_id = events.id
-
)
-
SQL
-
end
-
-
16
def through_member_sql
-
307
<<-SQL
-
/* You have permission to a member who's playing at this event */
-
permissions.item_type = 'Member'
-
AND permissions.item_id IN (
-
/* Find all members playing at this event */
-
SELECT members.id
-
FROM members
-
/* Connect members to their bands */
-
JOIN band_members
-
ON band_members.member_id = members.id
-
/* Connect bands to the events they're playing */
-
JOIN event_bands
-
ON event_bands.band_id = band_members.band_id
-
WHERE event_bands.event_id = events.id
-
)
-
SQL
-
end
-
end
-
end
-
16
class MemberPermissionQuery
-
16
class << self
-
16
def permission_sql(user_id)
-
125
<<~SQL
-
EXISTS (
-
SELECT 1 FROM permissions
-
WHERE (
-
permissions.user_id = #{user_id}
-
AND permissions.status IN ('owned', 'accepted')
-
AND (
-
/* Check three ways you might directly have permission */
-
(#{direct_permission_sql})
-
OR
-
(#{through_band_sql})
-
OR
-
(#{through_event_sql})
-
)
-
)
-
/* Or check indirect permissions through various relationships */
-
OR members.id IN (
-
/* Can see members who are in bands with members you can access */
-
#{shares_band_with_permitted_member_sql(user_id)}
-
)
-
OR members.id IN (
-
/* Can see members who are playing at events with members you can access */
-
#{shares_event_with_permitted_member_sql(user_id)}
-
)
-
OR members.id IN (
-
/* Can see members who are in bands playing at events with bands you can access */
-
#{shares_event_with_permitted_band_sql(user_id)}
-
)
-
)
-
SQL
-
end
-
-
16
def with_permission_type_sql(user_id)
-
125
<<~SQL
-
CASE
-
WHEN EXISTS (
-
SELECT 1 FROM permissions
-
WHERE permissions.user_id = #{user_id}
-
AND permissions.status IN ('owned', 'accepted')
-
AND permissions.item_type = 'Member'
-
AND permissions.item_id = members.id
-
) THEN (
-
SELECT permission_type FROM permissions
-
WHERE permissions.user_id = #{user_id}
-
AND permissions.status IN ('owned', 'accepted')
-
AND permissions.item_type = 'Member'
-
AND permissions.item_id = members.id
-
LIMIT 1
-
)
-
ELSE 'view'
-
END as permission_type
-
SQL
-
end
-
-
16
def direct_permission_sql
-
125
<<~SQL
-
/* Simplest case: you have direct permission to see this member */
-
permissions.item_type = 'Member'
-
AND permissions.item_id = members.id
-
SQL
-
end
-
-
16
def through_band_sql
-
125
<<~SQL
-
/* You have permission to a band this member plays in */
-
permissions.item_type = 'Band'
-
AND permissions.item_id IN (
-
/* Find all bands this member is in */
-
SELECT band_id FROM band_members
-
WHERE member_id = members.id
-
)
-
SQL
-
end
-
-
16
def through_event_sql
-
125
<<~SQL
-
/* You have permission to an event where this member is playing */
-
permissions.item_type = 'Event'
-
AND permissions.item_id IN (
-
/* Find all events where this member is playing */
-
SELECT events.id FROM events
-
/* Connect events to bands playing at them */
-
JOIN event_bands ON event_bands.event_id = events.id
-
/* Connect bands to their members */
-
JOIN band_members ON band_members.band_id = event_bands.band_id
-
WHERE band_members.member_id = members.id
-
)
-
SQL
-
end
-
-
16
def shares_band_with_permitted_member_sql(user_id)
-
130
<<~SQL
-
/* Find members who are in the same bands as members you can access */
-
SELECT DISTINCT other_members.member_id AS id
-
FROM band_members AS other_members
-
/* Find bands where there's at least one member you have permission for */
-
WHERE other_members.band_id IN (
-
SELECT band_members.band_id
-
FROM band_members
-
JOIN permissions AS p
-
ON p.item_type = 'Member'
-
AND p.item_id = band_members.member_id
-
WHERE p.user_id = #{user_id}
-
AND p.status IN ('owned', 'accepted')
-
)
-
SQL
-
end
-
-
16
def shares_event_with_permitted_member_sql(user_id)
-
125
<<~SQL
-
/* Find members who are playing at the same events as members you can access */
-
SELECT band_member.member_id AS id
-
/* Start with a member in a band */
-
FROM band_members AS band_member
-
/* Find events where their band is playing */
-
JOIN event_bands AS event_band
-
ON event_band.band_id = band_member.band_id
-
/* Find other bands at those same events */
-
JOIN event_bands AS other_event_band
-
ON other_event_band.event_id = event_band.event_id
-
/* Find members in those other bands */
-
JOIN band_members AS other_band_member
-
ON other_band_member.band_id = other_event_band.band_id
-
/* Check that you have permission to one of those other members */
-
JOIN permissions AS p
-
ON p.item_type = 'Member'
-
AND p.item_id = other_band_member.member_id
-
AND p.user_id = #{user_id}
-
AND p.status IN ('owned', 'accepted')
-
SQL
-
end
-
-
16
def shares_event_with_permitted_band_sql(user_id)
-
125
<<~SQL
-
/* Find members who are playing at events where you have permission to another band */
-
SELECT band_member.member_id AS id
-
/* Start with a member in a band */
-
FROM band_members AS band_member
-
/* Find events where their band is playing */
-
JOIN event_bands AS event_band
-
ON event_band.band_id = band_member.band_id
-
/* Find other bands at those same events */
-
JOIN event_bands AS other_event_band
-
ON other_event_band.event_id = event_band.event_id
-
/* Check that you have permission to one of those other bands */
-
JOIN permissions AS p
-
ON p.item_type = 'Band'
-
AND p.item_id = other_event_band.band_id
-
AND p.user_id = #{user_id}
-
AND p.status IN ('owned', 'accepted')
-
SQL
-
end
-
end
-
end
