2019-07-30 21:29:24 +00:00
# frozen_string_literal: true
2018-03-25 16:15:39 +00:00
# License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
2018-03-25 17:30:42 +00:00
class ProfilesController < ApplicationController
helper_method :authenticate_profile_owner!
2019-07-30 21:29:24 +00:00
before_action :authenticate_profile_owner! , only : % i [ update fundraisers donations_history ]
2018-03-25 17:30:42 +00:00
2019-07-30 21:29:24 +00:00
# get /profiles/:id
# public profile
def show
@profile = Profile . find ( params [ :id ] )
@profile_nonprofits = Psql . execute ( Qexpr . new . select ( 'DISTINCT nonprofits.*' ) . from ( :nonprofits ) . join ( :supporters , " supporters.nonprofit_id=nonprofits.id AND supporters.profile_id= #{ @profile . id } " ) )
2018-03-25 17:30:42 +00:00
@campaigns = @profile . campaigns . published . includes ( :nonprofit )
2019-07-30 21:29:24 +00:00
if @profile . anonymous? && current_user_id != @profile . user_id && ! :super_admin
flash [ :notice ] = 'That user does not have a public profile.'
redirect_to ( request . env [ 'HTTP_REFERER' ] || root_url )
return
end
end
2018-03-25 17:30:42 +00:00
2019-07-30 21:29:24 +00:00
# get /profiles/:id/donations_history
def donations_history
2018-03-25 17:30:42 +00:00
validate
2019-07-30 21:29:24 +00:00
@profile = Profile . find ( params [ :id ] )
@recurring_donations = @profile . recurring_donations . where ( active : true ) . includes ( :nonprofit )
@donations = @profile . donations . includes ( :nonprofit )
end
2018-03-25 17:30:42 +00:00
# get /profiles/:id/fundraisers
def fundraisers
validate
current_user = Profile . find ( params [ :id ] ) . user
@profile = current_user . profile
2019-07-30 21:29:24 +00:00
@edited_campaigns = Campaign . where ( " profile_id= #{ @profile . id } " ) . order ( 'end_datetime DESC' )
2018-03-25 17:30:42 +00:00
end
# get /profiles/:id/events
def events
2019-07-30 21:29:24 +00:00
render json : QueryEventMetrics . for_listings ( 'profile' , params [ :id ] , params )
2018-03-25 17:30:42 +00:00
end
2019-07-30 21:29:24 +00:00
# put /profiles/:id
def update
@profile = if current_role? ( :super_admin ) # can update other profiles
Profile . find ( params [ :id ] )
else
current_user . profile
end
@profile . update_attributes ( params [ :profile ] )
json_saved @profile , 'Profile updated'
end
2018-03-25 17:30:42 +00:00
private
2019-07-30 21:29:24 +00:00
def authenticate_profile_owner!
if ! current_role? ( :super_associate ) &&
! current_role? ( :super_admin ) &&
( ! current_user ||
! current_user . profile ||
current_user . profile . id != params [ :id ] . to_i )
2018-03-25 17:30:42 +00:00
block_with_sign_in
end
end
def validate
if ! current_role? ( :super_admin ) && current_user . profile . id != params [ :id ] . to_i
flash [ :notice ] = " Sorry, you don't have access to that page "
redirect_to root_url
end
end
end