2016-10-19 03:11:36 +00:00
|
|
|
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
class SettingsController < ApplicationController
|
2017-02-15 12:29:25 +00:00
|
|
|
prepend_before_action { authentication_check(permission: 'admin.*') }
|
2012-04-10 14:06:46 +00:00
|
|
|
|
|
|
|
# GET /settings
|
|
|
|
def index
|
2016-08-26 10:06:27 +00:00
|
|
|
list = []
|
2017-10-01 12:25:52 +00:00
|
|
|
Setting.all.each do |setting|
|
2016-08-26 10:06:27 +00:00
|
|
|
next if setting.preferences[:permission] && !current_user.permissions?(setting.preferences[:permission])
|
2018-10-09 06:17:41 +00:00
|
|
|
|
2016-08-26 10:06:27 +00:00
|
|
|
list.push setting
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2016-08-26 10:06:27 +00:00
|
|
|
render json: list, status: :ok
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# GET /settings/1
|
|
|
|
def show
|
2016-08-26 10:06:27 +00:00
|
|
|
check_access('read')
|
2012-09-20 12:08:02 +00:00
|
|
|
model_show_render(Setting, params)
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# POST /settings
|
|
|
|
def create
|
2016-08-26 10:06:27 +00:00
|
|
|
raise Exceptions::NotAuthorized, 'Not authorized (feature not possible)'
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# PUT /settings/1
|
|
|
|
def update
|
2016-08-26 10:06:27 +00:00
|
|
|
check_access('write')
|
|
|
|
clean_params = keep_certain_attributes
|
|
|
|
model_update_render(Setting, clean_params)
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
2015-07-12 01:32:40 +00:00
|
|
|
# PUT /settings/image/:id
|
|
|
|
def update_image
|
2016-08-26 10:06:27 +00:00
|
|
|
check_access('write')
|
|
|
|
clean_params = keep_certain_attributes
|
2015-07-12 01:32:40 +00:00
|
|
|
|
2016-08-26 10:06:27 +00:00
|
|
|
if !clean_params[:logo]
|
2015-07-12 01:32:40 +00:00
|
|
|
render json: {
|
|
|
|
result: 'invalid',
|
|
|
|
message: 'Need logo param',
|
|
|
|
}
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
# validate image
|
2018-05-04 14:05:10 +00:00
|
|
|
if !clean_params[:logo].match?(/^data:image/i)
|
2015-07-12 01:32:40 +00:00
|
|
|
render json: {
|
|
|
|
result: 'invalid',
|
|
|
|
message: 'Invalid payload, need data:image in logo param',
|
|
|
|
}
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
# process image
|
2016-08-26 10:06:27 +00:00
|
|
|
file = StaticAssets.data_url_attributes(clean_params[:logo])
|
2015-07-12 01:32:40 +00:00
|
|
|
if !file[:content] || !file[:mime_type]
|
|
|
|
render json: {
|
|
|
|
result: 'invalid',
|
|
|
|
message: 'Unable to process image upload.',
|
|
|
|
}
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
# store image 1:1
|
|
|
|
StaticAssets.store_raw(file[:content], file[:mime_type])
|
|
|
|
|
|
|
|
# store resized image 1:1
|
2016-08-26 10:06:27 +00:00
|
|
|
setting = Setting.lookup(name: 'product_logo')
|
2015-07-12 01:32:40 +00:00
|
|
|
if params[:logo_resize] && params[:logo_resize] =~ /^data:image/i
|
|
|
|
|
|
|
|
# data:image/png;base64
|
2016-05-10 13:06:51 +00:00
|
|
|
file = StaticAssets.data_url_attributes(params[:logo_resize])
|
2015-07-12 01:32:40 +00:00
|
|
|
|
|
|
|
# store image 1:1
|
2016-05-25 07:19:45 +00:00
|
|
|
setting.state = StaticAssets.store(file[:content], file[:mime_type])
|
2016-08-26 10:06:27 +00:00
|
|
|
setting.save!
|
2015-07-12 01:32:40 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
render json: {
|
|
|
|
result: 'ok',
|
|
|
|
settings: [setting],
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
# DELETE /settings/1
|
|
|
|
def destroy
|
2016-08-26 10:06:27 +00:00
|
|
|
raise Exceptions::NotAuthorized, 'Not authorized (feature not possible)'
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2015-07-16 13:36:59 +00:00
|
|
|
|
|
|
|
private
|
|
|
|
|
2016-08-26 10:06:27 +00:00
|
|
|
def keep_certain_attributes
|
2015-07-16 13:36:59 +00:00
|
|
|
setting = Setting.find(params[:id])
|
2017-11-23 08:09:44 +00:00
|
|
|
%i[name area state_initial frontend options].each do |key|
|
2016-08-26 10:06:27 +00:00
|
|
|
params.delete(key)
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2017-11-23 08:09:44 +00:00
|
|
|
if params[:preferences].present?
|
|
|
|
%i[online_service_disable permission render].each do |key|
|
2016-08-26 15:08:49 +00:00
|
|
|
params[:preferences].delete(key)
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2016-08-26 15:08:49 +00:00
|
|
|
params[:preferences].merge!(setting.preferences)
|
|
|
|
end
|
2016-08-26 10:06:27 +00:00
|
|
|
params
|
|
|
|
end
|
|
|
|
|
|
|
|
def check_access(type)
|
|
|
|
setting = Setting.lookup(id: params[:id])
|
|
|
|
|
|
|
|
if setting.preferences[:permission] && !current_user.permissions?(setting.preferences[:permission])
|
|
|
|
raise Exceptions::NotAuthorized, "Not authorized (required #{setting.preferences[:permission].inspect})"
|
|
|
|
end
|
|
|
|
|
|
|
|
if type == 'write'
|
|
|
|
return true if !Setting.get('system_online_service')
|
|
|
|
if setting.preferences && setting.preferences[:online_service_disable]
|
|
|
|
raise Exceptions::NotAuthorized, 'Not authorized (service disabled)'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
true
|
2015-07-16 13:36:59 +00:00
|
|
|
end
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|