Commit 4dd2f78e authored by Bruno Freitas Tissei's avatar Bruno Freitas Tissei

Add option to provide image when creating citizen/dependant/professional

Signed-off-by: Bruno Freitas Tissei's avatarBruno Freitas Tissei <bft15@inf.ufpr.br>
parent 3893f936
Pipeline #14127 passed with stage
in 3 minutes and 19 seconds
......@@ -32,6 +32,16 @@ module Api::V1
# honor devise configuration for case_insensitive_keys
@citizen.email = citizen_params[:email].try :downcase
if params[:image]
begin
params[:image] = Agendador::Image::Parser.parse(params[:image])
#@citizen.update_attribute(:avatar, params[:image])
@citizen.avatar = params[:image]
ensure
Agendador::Image::Parser.clean_tempfile
end
end
# set uid to corresponding citizen's cpf
if !@citizen.cpf.nil?
......
......@@ -25,6 +25,7 @@ module Api::V1
end
end
# GET /citizens/1/picture
def picture
if @citizen.nil?
......@@ -32,6 +33,16 @@ module Api::V1
errors: ["User #{params[:id]} does not exist."]
}, status: 404
else
# Allow request only if the citizen is reachable from current user
begin
authorize @citizen, :show_picture?
rescue
render json: {
errors: ["You're not allowed to view this citizen."]
}, status: 403
return
end
path = @citizen.avatar.path
if path.nil?
......@@ -50,6 +61,7 @@ module Api::V1
end
end
# GET /citizen/1/schedule_options
def schedule_options
@citizen = Citizen.find_by(cpf: params[:cpf])
......@@ -60,7 +72,14 @@ module Api::V1
}, status: 404
else
# Allow request only if the citizen is reachable from current user
authorize @citizen, :schedule?
begin
authorize @citizen, :schedule?
rescue
render json: {
errors: ["You're not allowed to schedule for this citizen."]
}, status: 403
return
end
schedule_response = @citizen.schedule_response
......@@ -68,6 +87,7 @@ module Api::V1
end
end
# GET /citizens/1
def show
if @citizen.nil?
......@@ -76,12 +96,20 @@ module Api::V1
}, status: 404
else
# Allow request only if the citizen is reachable from current user
authorize @citizen, :show?
begin
authorize @citizen, :show?
rescue
render json: {
errors: ["You're not allowed to view this citizen."]
}, status: 403
return
end
render json: @citizen
end
end
# POST /citizens
def create
success = false
......@@ -131,6 +159,7 @@ module Api::V1
end
end
# PATCH/PUT /citizens/1
def update
if @citizen.nil?
......@@ -146,6 +175,7 @@ module Api::V1
end
end
# DELETE /citizens/1
def destroy
if @citizen.nil?
......@@ -154,7 +184,14 @@ module Api::V1
}, status: 404
else
# Allow request only if the citizen is reachable from current user
authorize @citizen, :deactivate?
begin
authorize @citizen, :deactivate?
rescue
render json: {
errors: ["You're not allowed to deativate this citizen."]
}, status: 403
return
end
# Deactivate citizen, this will keep the citizen in the database, but
# it will not be displayed in future requests
......@@ -179,27 +216,7 @@ module Api::V1
end
end
# Rescue Pundit exception for providing more details in reponse
def policy_error_description(exception)
# Set @policy_name as the policy method that raised the error
super
case @policy_name
when "schedule?"
render json: {
errors: ["You're not allowed to schedule for this citizen."]
}, status: 403
when "deactivate?"
render json: {
errors: ["You're not allowed to deativate this citizen."]
}, status: 403
when "show?"
render json: {
errors: ["You're not allowed to view this citizen."]
}, status: 403
end
end
# Only allow a trusted parameter "white list" through.
def citizen_params
params.require(:citizen).permit(
......
......@@ -16,7 +16,14 @@ module Api::V1
}, status: :not_found
else
# Allow request only if the citizen is reachable from current user
authorize @citizen, :show_dependants?
begin
authorize @citizen, :show_dependants?
rescue
render json: {
errors: ["You're not allowed to view this dependant."]
}, status: 403
return
end
@dependants = Dependant.where(citizens: {
responsible_id: @citizen.id
......@@ -38,6 +45,7 @@ module Api::V1
end
end
# GET citizens/1/dependants/2
def show
if @citizen.nil?
......@@ -55,13 +63,21 @@ module Api::V1
}, status: :forbidden
else
# Allow request only if the citizen is reachable from current user
authorize @citizen, :show_dependants?
begin
authorize @citizen, :show_dependants?
rescue
render json: {
errors: ["You're not allowed to view this dependant."]
}, status: 403
return
end
render json: @dependant.complete_info_response, status: :ok
end
end
end
# POST citizens/1/dependants
def create
if @citizen.nil?
......@@ -70,7 +86,14 @@ module Api::V1
}, status: :not_found
else
# Allow request only if the citizen is reachable from current user
authorize @citizen, :create_dependants?
begin
authorize @citizen, :create_dependants?
rescue
render json: {
errors: ["You're not allowed to create dependants."]
}, status: 403
return
end
new_params = dependant_params
new_params[:responsible_id] = @citizen.id
......@@ -108,6 +131,7 @@ module Api::V1
end
end
# PATCH/PUT citizens/1/dependants/2
def update
if @citizen.nil?
......@@ -125,7 +149,14 @@ module Api::V1
}, status: :forbidden
else
# Allow request only if the citizen is reachable from current user
authorize @citizen, :create_dependants?
begin
authorize @citizen, :create_dependants?
rescue
render json: {
errors: ["You're not allowed to create dependants."]
}, status: 403
return
end
new_params = dependant_params
......@@ -160,6 +191,7 @@ module Api::V1
end
end
# DELETE citizens/1/dependants/2
def destroy
if @dependant.nil?
......@@ -177,23 +209,6 @@ module Api::V1
private
# Rescue Pundit exception for providing more details in reponse
def policy_error_description(exception)
# Set @policy_name as the policy method that raised the error
super
case @policy_name
when "show_dependants?"
render json: {
errors: ["You're not allowed to view this dependant."]
}, status: 403
when "create_dependants?"
render json: {
errors: ["You're not allowed to create dependants."]
}, status: 403
end
end
# Use callbacks to share common setup or constraints between actions.
def set_dependant
begin
......@@ -203,6 +218,7 @@ module Api::V1
end
end
# Use callbacks to share common setup or constraints between actions.
def set_citizen
begin
......@@ -212,6 +228,7 @@ module Api::V1
end
end
# Only allow a trusted parameter "white list" through.
def dependant_params
params.require(:dependant).permit(Citizen.keys)
......
......@@ -3,6 +3,8 @@ module Api::V1
include Authenticable
include HasPolicies
require "#{Rails.root}/lib/image_parser.rb"
before_action :set_professional, only: [:show, :update, :destroy]
# GET /professionals
......@@ -24,6 +26,7 @@ module Api::V1
end
end
# GET professionals/check_citizen
def check_create_professional
cpf = params[:cpf]
......@@ -52,6 +55,7 @@ module Api::V1
end
end
# GET /professionals/1
def show
if @professional.nil?
......@@ -72,6 +76,7 @@ module Api::V1
end
end
# POST /professionals
def create
success = false
......@@ -104,6 +109,15 @@ module Api::V1
)])
end
# Add avatar if provided
if params[:image]
begin
params[:image] = Agendador::Image::Parser.parse(params[:image])
@citizen.avatar = params[:image]
ensure
Agendador::Image::Parser.clean_tempfile
end
end
# Assign new account to new citizen
@citizen.account_id = @account.id
......@@ -207,6 +221,7 @@ module Api::V1
end
end
# PATCH/PUT /professionals/1
def update
if @professional.nil?
......@@ -281,6 +296,7 @@ module Api::V1
end
end
# DELETE /professionals/1
def destroy
if @professional.nil?
......@@ -320,6 +336,7 @@ module Api::V1
end
end
# Use callbacks to share common setup or constraints between actions.
def set_professional
begin
......@@ -329,6 +346,7 @@ module Api::V1
end
end
def citizen_params
params.require(:professional).permit(
:address_complement,
......@@ -349,6 +367,7 @@ module Api::V1
)
end
# Only allow a trusted parameter "white list" through.
def professional_params
params.require(:professional).permit(
......
......@@ -76,7 +76,7 @@ class Citizen < ApplicationRecord
:pcd,
:phone1,
:phone2,
:avatar,
#:avatar,
:rg
]
end
......
......@@ -84,6 +84,37 @@ class CitizenPolicy < ApplicationPolicy
(record.responsible_id == user[0].id)))
end
def show_picture?
citizen = user[0]
permission = Professional.get_permission(user[1])
if permission == "citizen"
return ((citizen.id == record.id) or (record.responsible_id == citizen.id))
end
professional = citizen.professional
city_id = professional.professionals_service_places
.find(user[1]).service_place.city_id
return case
when permission == "adm_c3sl"
return true
when permission == "adm_prefeitura"
return ((citizen.id == record.id) or (city_id == record.city_id))
when permission == "adm_local"
return ((citizen.id == record.id) or (city_id == record.city_id))
when permission == "atendente_local"
return ((citizen.id == record.id) or (city_id == record.city_id))
else
return (citizen.id == record.id)
end
end
private
# Generic method for checking permissions when show/accessing/modifying
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment