79 lines
2.6 KiB
Ruby
Executable file
79 lines
2.6 KiB
Ruby
Executable file
# frozen_string_literal: true
|
|
|
|
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
|
|
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
|
|
class ProfilesController < ApplicationController
|
|
helper_method :authenticate_profile_owner!
|
|
|
|
before_action :authenticate_profile_owner!, only: %i[update fundraisers donations_history]
|
|
|
|
# get /profiles/:id
|
|
# public profile
|
|
def show
|
|
@profile = Profile.find(params[:id])
|
|
@profile_nonprofits = Psql.execute(Qexpr.new.select('DISTINCT nonprofits.*').from(:nonprofits).join(:supporters, "supporters.nonprofit_id=nonprofits.id AND supporters.profile_id=#{@profile.id}"))
|
|
@campaigns = @profile.campaigns.published.includes(:nonprofit)
|
|
if @profile.anonymous? && current_user_id != @profile.user_id && !:super_admin
|
|
flash[:notice] = 'That user does not have a public profile.'
|
|
redirect_to(request.env['HTTP_REFERER'] || root_url)
|
|
return
|
|
end
|
|
end
|
|
|
|
# get /profiles/:id/donations_history
|
|
def donations_history
|
|
validate
|
|
@profile = Profile.find(params[:id])
|
|
@recurring_donations = @profile.recurring_donations.where(active: true).includes(:nonprofit)
|
|
@donations = @profile.donations.includes(:nonprofit)
|
|
end
|
|
|
|
# get /profiles/:id/fundraisers
|
|
def fundraisers
|
|
validate
|
|
current_user = Profile.find(params[:id]).user
|
|
@profile = current_user.profile
|
|
@edited_campaigns = Campaign.where("profile_id=#{@profile.id}").order('end_datetime DESC')
|
|
end
|
|
|
|
# get /profiles/:id/events
|
|
def events
|
|
render json: QueryEventMetrics.for_listings('profile', params[:id], params)
|
|
end
|
|
|
|
# put /profiles/:id
|
|
def update
|
|
@profile = if current_role?(:super_admin) # can update other profiles
|
|
Profile.find(params[:id])
|
|
else
|
|
current_user.profile
|
|
end
|
|
@profile.update(profile_params)
|
|
json_saved @profile, 'Profile updated'
|
|
end
|
|
|
|
private
|
|
|
|
def authenticate_profile_owner!
|
|
if !current_role?(:super_associate) &&
|
|
!current_role?(:super_admin) &&
|
|
(!current_user ||
|
|
!current_user.profile ||
|
|
current_user.profile.id != params[:id].to_i)
|
|
block_with_sign_in
|
|
end
|
|
end
|
|
|
|
def validate
|
|
if !current_role?(:super_admin) && current_user.profile.id != params[:id].to_i
|
|
flash[:notice] = "Sorry, you don't have access to that page"
|
|
redirect_to root_url
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def profile_params
|
|
params.require(:profile).permit(:registered, :mini_bio, :first_name, :last_name, :name, :phone, :address, :email, :city, :state_code, :zip_code, :privacy_settings, :picture, :anonymous, :city_state, :user_id)
|
|
end
|
|
end
|