trabajo-afectivo/app/controllers/settings_controller.rb

124 lines
3.1 KiB
Ruby
Raw Normal View History

2016-10-19 03:11:36 +00:00
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
2012-04-10 14:06:46 +00:00
class SettingsController < ApplicationController
prepend_before_action { authentication_check(permission: 'admin.*') }
2012-04-10 14:06:46 +00:00
# GET /settings
def index
list = []
Setting.all.each do |setting|
next if setting.preferences[:permission] && !current_user.permissions?(setting.preferences[:permission])
list.push setting
end
render json: list, status: :ok
2012-04-10 14:06:46 +00:00
end
# GET /settings/1
def show
check_access('read')
model_show_render(Setting, params)
2012-04-10 14:06:46 +00:00
end
# POST /settings
def create
raise Exceptions::NotAuthorized, 'Not authorized (feature not possible)'
2012-04-10 14:06:46 +00:00
end
# PUT /settings/1
def update
check_access('write')
clean_params = keep_certain_attributes
model_update_render(Setting, clean_params)
2012-04-10 14:06:46 +00:00
end
2015-07-12 01:32:40 +00:00
# PUT /settings/image/:id
def update_image
check_access('write')
clean_params = keep_certain_attributes
2015-07-12 01:32:40 +00:00
if !clean_params[:logo]
2015-07-12 01:32:40 +00:00
render json: {
result: 'invalid',
message: 'Need logo param',
}
return
end
# validate image
if !clean_params[:logo].match?(/^data:image/i)
2015-07-12 01:32:40 +00:00
render json: {
result: 'invalid',
message: 'Invalid payload, need data:image in logo param',
}
return
end
# process image
file = StaticAssets.data_url_attributes(clean_params[:logo])
2015-07-12 01:32:40 +00:00
if !file[:content] || !file[:mime_type]
render json: {
result: 'invalid',
message: 'Unable to process image upload.',
}
return
end
# store image 1:1
StaticAssets.store_raw(file[:content], file[:mime_type])
# store resized image 1:1
setting = Setting.lookup(name: 'product_logo')
2015-07-12 01:32:40 +00:00
if params[:logo_resize] && params[:logo_resize] =~ /^data:image/i
# data:image/png;base64
file = StaticAssets.data_url_attributes(params[:logo_resize])
2015-07-12 01:32:40 +00:00
# store image 1:1
setting.state = StaticAssets.store(file[:content], file[:mime_type])
setting.save!
2015-07-12 01:32:40 +00:00
end
render json: {
result: 'ok',
settings: [setting],
}
end
2012-04-10 14:06:46 +00:00
# DELETE /settings/1
def destroy
raise Exceptions::NotAuthorized, 'Not authorized (feature not possible)'
2012-04-10 14:06:46 +00:00
end
private
def keep_certain_attributes
setting = Setting.find(params[:id])
2017-11-23 08:09:44 +00:00
%i[name area state_initial frontend options].each do |key|
params.delete(key)
end
2017-11-23 08:09:44 +00:00
if params[:preferences].present?
%i[online_service_disable permission render].each do |key|
params[:preferences].delete(key)
end
params[:preferences].merge!(setting.preferences)
end
params
end
def check_access(type)
setting = Setting.lookup(id: params[:id])
if setting.preferences[:permission] && !current_user.permissions?(setting.preferences[:permission])
raise Exceptions::NotAuthorized, "Not authorized (required #{setting.preferences[:permission].inspect})"
end
if type == 'write'
return true if !Setting.get('system_online_service')
if setting.preferences && setting.preferences[:online_service_disable]
raise Exceptions::NotAuthorized, 'Not authorized (service disabled)'
end
end
true
end
2012-04-10 14:06:46 +00:00
end