Class: PlanMyStuff::Issues::ApprovalsController

Inherits:

ApplicationController

• Object
• ApplicationController
• ApplicationController
• PlanMyStuff::Issues::ApprovalsController

Defined in:

app/controllers/plan_my_stuff/issues/approvals_controller.rb

Overview

CRUD for manager approvals on an issue. Backs the approvals panel on the issue show view.

POST /issues/:issue_id/approvals -> create (adds approver(s)) PATCH /issues/:issue_id/approvals/:id -> update (approves or revokes) DELETE /issues/:issue_id/approvals/:id -> destroy (removes an approver)

Instance Method Summary

• #create ⇒ Object

  POST /issues/:issue_id/approvals.

• #destroy ⇒ Object

  DELETE /issues/:issue_id/approvals/:id.

• #update ⇒ Object

  PATCH /issues/:issue_id/approvals/:id.

Instance Method Details

#create ⇒ Object

POST /issues/:issue_id/approvals

# File 'app/controllers/plan_my_stuff/issues/approvals_controller.rb', line 14

def create
  unless support_user?
    redirect_to_unauthorized(show_path)
    return
  end

  user_ids = parse_viewer_ids(approval_params[:user_ids])
  if user_ids.blank?
    flash[:error] = 'No valid user IDs provided.'
    redirect_to(show_path)
    return
  end

  issue = PMS::Issue.find(params[:issue_id].to_i, repo: params[:repo])
  issue.request_approvals!(user_ids: user_ids, user: pms_current_user)

  flash[:success] = 'Approvers were successfully added.'
  redirect_to(show_path)
rescue PMS::AuthorizationError, PMS::ValidationError => e
  flash[:error] = e.message
  redirect_to(show_path)
end

#destroy ⇒ Object

DELETE /issues/:issue_id/approvals/:id

# File 'app/controllers/plan_my_stuff/issues/approvals_controller.rb', line 73

def destroy
  unless support_user?
    redirect_to_unauthorized(show_path)
    return
  end

  issue = PMS::Issue.find(params[:issue_id].to_i, repo: params[:repo])
  issue.remove_approvers!(user_ids: [params[:id].to_i], user: pms_current_user)

  flash[:success] = 'Approver was successfully removed.'
  redirect_to(show_path)
rescue PMS::AuthorizationError, PMS::ValidationError => e
  flash[:error] = e.message
  redirect_to(show_path)
end

#update ⇒ Object

PATCH /issues/:issue_id/approvals/:id

# File 'app/controllers/plan_my_stuff/issues/approvals_controller.rb', line 38

def update
  status = approval_params[:status].to_s
  target_id = params[:id].to_i

  if %w[approved pending].exclude?(status)
    head(:bad_request)
    return
  end

  issue = PMS::Issue.find(params[:issue_id].to_i, repo: params[:repo])
  caller_id = pms_current_user.present? ? PMS::UserResolver.user_id(pms_current_user) : nil

  if status == 'approved'
    unless caller_id == target_id
      redirect_to_unauthorized(show_path)
      return
    end
    issue.approve!(user: pms_current_user)
    flash[:success] = 'Approval recorded.'
  else
    if caller_id != target_id && !support_user?
      redirect_to_unauthorized(show_path)
      return
    end
    issue.revoke_approval!(user: pms_current_user, target_user_id: target_id)
    flash[:success] = 'Approval revoked.'
  end

  redirect_to(show_path)
rescue PMS::AuthorizationError, PMS::ValidationError => e
  flash[:error] = e.message
  redirect_to(show_path)
end