houdini/app/controllers/profiles_controller.rb

71 lines
2.3 KiB
Ruby
Executable file

# License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
class ProfilesController < ApplicationController
helper_method :authenticate_profile_owner!
before_action :authenticate_profile_owner!, only: [:update, :fundraisers, :donations_history]
# get /profiles/:id
# public profile
def show
@profile = Profile.find(params[:id])
@profile_nonprofits = Psql.execute(Qexpr.new.select("DISTINCT nonprofits.*").from(:nonprofits).join(:supporters, "supporters.nonprofit_id=nonprofits.id AND supporters.profile_id=#{@profile.id}"))
@campaigns = @profile.campaigns.published.includes(:nonprofit)
if @profile.anonymous? && current_user_id != @profile.user_id && !:super_admin
flash[:notice] = 'That user does not have a public profile.'
redirect_to(request.env["HTTP_REFERER"] || root_url)
return
end
end
# get /profiles/:id/donations_history
def donations_history
validate
@profile = Profile.find(params[:id])
@recurring_donations = @profile.recurring_donations.where(:active => true).includes(:nonprofit)
@donations = @profile.donations.includes(:nonprofit)
end
# get /profiles/:id/fundraisers
def fundraisers
validate
current_user = Profile.find(params[:id]).user
@profile = current_user.profile
@edited_campaigns = Campaign.where("profile_id=#{@profile.id}").order("end_datetime DESC")
end
# get /profiles/:id/events
def events
render json: QueryEventMetrics.for_listings('profile', params[:id], params)
end
# put /profiles/:id
def update
if current_role?(:super_admin) # can update other profiles
@profile = Profile.find(params[:id])
else
@profile = current_user.profile
end
@profile.update_attributes(params[:profile])
json_saved @profile, 'Profile updated'
end
private
def authenticate_profile_owner!()
if (!current_role?(:super_associate) &&
!current_role?(:super_admin) &&
(!current_user ||
!current_user.profile ||
current_user.profile.id != params[:id].to_i))
block_with_sign_in
end
end
def validate
if !current_role?(:super_admin) && current_user.profile.id != params[:id].to_i
flash[:notice] = "Sorry, you don't have access to that page"
redirect_to root_url
end
end
end