houdini/app/controllers/profiles_controller.rb

# frozen_string_literal: true

# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
class ProfilesController < ApplicationController
  helper_method :authenticate_profile_owner!

  before_action :authenticate_profile_owner!, only: %i[update fundraisers donations_history]

  # get /profiles/:id
  # public profile
  def show
    @profile = Profile.find(params[:id])
    @profile_nonprofits = Psql.execute(Qexpr.new.select('DISTINCT nonprofits.*').from(:nonprofits).join(:supporters, "supporters.nonprofit_id=nonprofits.id AND supporters.profile_id=#{@profile.id}"))
    @campaigns = @profile.campaigns.published.includes(:nonprofit)
    if @profile.anonymous? && current_user_id != @profile.user_id && !:super_admin
      flash[:notice] = 'That user does not have a public profile.'
      redirect_to(request.env['HTTP_REFERER'] || root_url)
      return
    end
  end

  # get /profiles/:id/donations_history
  def donations_history
    validate
    @profile = Profile.find(params[:id])
    @recurring_donations = @profile.recurring_donations.where(active: true).includes(:nonprofit)
    @donations = @profile.donations.includes(:nonprofit)
  end

  # get /profiles/:id/fundraisers
  def fundraisers
    validate
    current_user = Profile.find(params[:id]).user
    @profile = current_user.profile
    @edited_campaigns = Campaign.where("profile_id=#{@profile.id}").order('end_datetime DESC')
  end

  # get /profiles/:id/events
  def events
    render json: QueryEventMetrics.for_listings('profile', params[:id], params)
  end

  # put /profiles/:id
  def update
    @profile = if current_role?(:super_admin) # can update other profiles
                 Profile.find(params[:id])
               else
                 current_user.profile
               end
    @profile.update(profile_params)
    json_saved @profile, 'Profile updated'
  end

  private

  def authenticate_profile_owner!
    if !current_role?(:super_associate) &&
       !current_role?(:super_admin) &&
       (!current_user ||
           !current_user.profile ||
           current_user.profile.id != params[:id].to_i)
      block_with_sign_in
    end
  end

  def validate
    if !current_role?(:super_admin) && current_user.profile.id != params[:id].to_i
      flash[:notice] = "Sorry, you don't have access to that page"
      redirect_to root_url
    end
  end

  private

  def profile_params
    params.require(:profile).permit(:registered, :mini_bio, :first_name, :last_name, :name, :phone, :address, :email, :city, :state_code, :zip_code, :privacy_settings, :picture, :anonymous, :city_state, :user_id)
  end
end
style(format): run rubocop format autocorrect 2019-07-30 21:29:24 +00:00			`# frozen_string_literal: true`

Shorten license definition 2020-06-12 20:03:43 +00:00			`# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later`
			`# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE`
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00			`class ProfilesController < ApplicationController`
			`helper_method :authenticate_profile_owner!`

style(format): run rubocop format autocorrect 2019-07-30 21:29:24 +00:00			`before_action :authenticate_profile_owner!, only: %i[update fundraisers donations_history]`
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00
style(format): run rubocop format autocorrect 2019-07-30 21:29:24 +00:00			`# get /profiles/:id`
			`# public profile`
			`def show`
			`@profile = Profile.find(params[:id])`
			`@profile_nonprofits = Psql.execute(Qexpr.new.select('DISTINCT nonprofits.*').from(:nonprofits).join(:supporters, "supporters.nonprofit_id=nonprofits.id AND supporters.profile_id=#{@profile.id}"))`
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00			`@campaigns = @profile.campaigns.published.includes(:nonprofit)`
style(format): run rubocop format autocorrect 2019-07-30 21:29:24 +00:00			`if @profile.anonymous? && current_user_id != @profile.user_id && !:super_admin`
			`flash[:notice] = 'That user does not have a public profile.'`
			`redirect_to(request.env['HTTP_REFERER'] \|\| root_url)`
			`return`
			`end`
			`end`
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00
style(format): run rubocop format autocorrect 2019-07-30 21:29:24 +00:00			`# get /profiles/:id/donations_history`
			`def donations_history`
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00			`validate`
style(format): run rubocop format autocorrect 2019-07-30 21:29:24 +00:00			`@profile = Profile.find(params[:id])`
			`@recurring_donations = @profile.recurring_donations.where(active: true).includes(:nonprofit)`
			`@donations = @profile.donations.includes(:nonprofit)`
			`end`
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00
			`# get /profiles/:id/fundraisers`
			`def fundraisers`
			`validate`
			`current_user = Profile.find(params[:id]).user`
			`@profile = current_user.profile`
style(format): run rubocop format autocorrect 2019-07-30 21:29:24 +00:00			`@edited_campaigns = Campaign.where("profile_id=#{@profile.id}").order('end_datetime DESC')`
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00			`end`

			`# get /profiles/:id/events`
			`def events`
style(format): run rubocop format autocorrect 2019-07-30 21:29:24 +00:00			`render json: QueryEventMetrics.for_listings('profile', params[:id], params)`
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00			`end`

style(format): run rubocop format autocorrect 2019-07-30 21:29:24 +00:00			`# put /profiles/:id`
			`def update`
			`@profile = if current_role?(:super_admin) # can update other profiles`
			`Profile.find(params[:id])`
			`else`
			`current_user.profile`
			`end`
Handle rails 6 deprecation of update_attributes to update 2020-05-20 21:03:16 +00:00			`@profile.update(profile_params)`
style(format): run rubocop format autocorrect 2019-07-30 21:29:24 +00:00			`json_saved @profile, 'Profile updated'`
			`end`
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00
			`private`

style(format): run rubocop format autocorrect 2019-07-30 21:29:24 +00:00			`def authenticate_profile_owner!`
			`if !current_role?(:super_associate) &&`
			`!current_role?(:super_admin) &&`
			`(!current_user \|\|`
			`!current_user.profile \|\|`
			`current_user.profile.id != params[:id].to_i)`
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00			`block_with_sign_in`
			`end`
			`end`

			`def validate`
			`if !current_role?(:super_admin) && current_user.profile.id != params[:id].to_i`
			`flash[:notice] = "Sorry, you don't have access to that page"`
			`redirect_to root_url`
			`end`
			`end`
feat(profiles): add strong params 2019-08-06 14:07:46 +00:00
			`private`

			`def profile_params`
			`params.require(:profile).permit(:registered, :mini_bio, :first_name, :last_name, :name, :phone, :address, :email, :city, :state_code, :zip_code, :privacy_settings, :picture, :anonymous, :city_state, :user_id)`
			`end`
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00			`end`