houdini/app/controllers/profiles_controller.rb
2020-06-15 10:26:57 -05:00

79 lines
2.6 KiB
Ruby
Executable file

# frozen_string_literal: true
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
class ProfilesController < ApplicationController
helper_method :authenticate_profile_owner!
before_action :authenticate_profile_owner!, only: %i[update fundraisers donations_history]
# get /profiles/:id
# public profile
def show
@profile = Profile.find(params[:id])
@profile_nonprofits = Psql.execute(Qexpr.new.select('DISTINCT nonprofits.*').from(:nonprofits).join(:supporters, "supporters.nonprofit_id=nonprofits.id AND supporters.profile_id=#{@profile.id}"))
@campaigns = @profile.campaigns.published.includes(:nonprofit)
if @profile.anonymous? && current_user_id != @profile.user_id && !:super_admin
flash[:notice] = 'That user does not have a public profile.'
redirect_to(request.env['HTTP_REFERER'] || root_url)
return
end
end
# get /profiles/:id/donations_history
def donations_history
validate
@profile = Profile.find(params[:id])
@recurring_donations = @profile.recurring_donations.where(active: true).includes(:nonprofit)
@donations = @profile.donations.includes(:nonprofit)
end
# get /profiles/:id/fundraisers
def fundraisers
validate
current_user = Profile.find(params[:id]).user
@profile = current_user.profile
@edited_campaigns = Campaign.where("profile_id=#{@profile.id}").order('end_datetime DESC')
end
# get /profiles/:id/events
def events
render json: QueryEventMetrics.for_listings('profile', params[:id], params)
end
# put /profiles/:id
def update
@profile = if current_role?(:super_admin) # can update other profiles
Profile.find(params[:id])
else
current_user.profile
end
@profile.update(profile_params)
json_saved @profile, 'Profile updated'
end
private
def authenticate_profile_owner!
if !current_role?(:super_associate) &&
!current_role?(:super_admin) &&
(!current_user ||
!current_user.profile ||
current_user.profile.id != params[:id].to_i)
block_with_sign_in
end
end
def validate
if !current_role?(:super_admin) && current_user.profile.id != params[:id].to_i
flash[:notice] = "Sorry, you don't have access to that page"
redirect_to root_url
end
end
private
def profile_params
params.require(:profile).permit(:registered, :mini_bio, :first_name, :last_name, :name, :phone, :address, :email, :city, :state_code, :zip_code, :privacy_settings, :picture, :anonymous, :city_state, :user_id)
end
end