Merge branch 'master' of gitlab.c3sl.ufpr.br:portalmec/portalmec

.erdconfig

+attributes:
+  - content
+  - foreign_key
+  - inheritance
+disconnected: true
+filename: erd
+filetype: pdf
+indirect: true
+inheritance: true
+markup: true
+notation: bachman
+orientation: horizontal
+polymorphism: false
+sort: true
+warn: true
+title: PortalMEC
+exclude: null
+only: null
+prepend_primary: false

Gemfile

@@ -47,7 +47,6 @@ gem 'stackprof'
 
 group :development do
   gem 'annotate'
-
   gem 'immigrant'
 
   # Generate ER Diagram from database (use: rake erd)
@@ -87,11 +86,17 @@ group :development do
 
   # JavaScript runtime
   gem 'execjs'
+
+  # local mailbox
+  gem 'mailcatcher'
 end
 
 group :test do
   gem 'shoulda'
   gem 'minitest-reporters'
+  gem 'rspec-rails'
+  gem 'faker'
+  gem 'factory_girl_rails'
 end
 
 gem 'streamio-ffmpeg', '~> 1.0.0'
@@ -147,3 +152,11 @@ gem 'rubyzip'
 
 # user activity
 gem 'public_activity'
+
+gem 'rails-observers'
+
+# soft-deleted for active record models
+gem 'paranoia', '~> 2.0'
+
+# models versioning
+gem 'paper_trail'
\ No newline at end of file

Gemfile.lock

@@ -32,8 +32,10 @@ GEM
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    active_model_serializers (0.9.5)
-      activemodel (>= 3.2)
+    active_model_serializers (0.10.0)
+      actionpack (>= 4.0)
+      activemodel (>= 4.0)
+      railties (>= 4.0)
     activejob (4.2.6)
       activesupport (= 4.2.6)
       globalid (>= 0.3.0)
@@ -58,7 +60,7 @@ GEM
       rake (>= 10.4, < 12.0)
     ansi (1.5.0)
     arel (6.0.3)
-    ast (2.2.0)
+    ast (2.3.0)
     axiom-types (0.1.1)
       descendants_tracker (~> 0.0.4)
       ice_nine (~> 0.11.0)
@@ -72,12 +74,12 @@ GEM
       rack (>= 0.9.0)
     binding_of_caller (0.7.2)
       debug_inspector (>= 0.0.1)
-    brakeman (3.3.0)
+    brakeman (3.3.1)
     builder (3.2.2)
-    bullet (5.0.0)
+    bullet (5.1.0)
       activesupport (>= 3.0.0)
-      uniform_notifier (~> 1.9.0)
-    byebug (8.2.5)
+      uniform_notifier (~> 1.10.0)
+    byebug (9.0.5)
     choice (0.2.0)
     chronic (0.10.2)
     climate_control (0.0.3)
@@ -94,6 +96,7 @@ GEM
     connection_pool (2.2.0)
     curb (0.8.8)
     cvss (0.99.0)
+    daemons (1.2.3)
     dalli (2.7.6)
     data_mapper (1.2.0)
       dm-aggregates (~> 1.2.0)
@@ -122,7 +125,7 @@ GEM
     debug_inspector (0.0.2)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
-    devise (4.0.2)
+    devise (4.0.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0, < 5.1)
@@ -131,6 +134,7 @@ GEM
     devise_token_auth (0.1.37)
       devise (> 3.5.2, < 4.1)
       rails (< 6)
+    diff-lcs (1.2.5)
     dm-aggregates (1.2.0)
       dm-core (~> 1.2.0)
     dm-constraints (1.2.0)
@@ -183,15 +187,21 @@ GEM
       multi_json
     equalizer (0.0.11)
     erubis (2.7.0)
-    execjs (2.6.0)
+    eventmachine (1.0.9.1)
+    execjs (2.7.0)
+    factory_girl (4.7.0)
+      activesupport (>= 3.0.0)
+    factory_girl_rails (4.7.0)
+      factory_girl (~> 4.7.0)
+      railties (>= 3.0.0)
+    faker (1.6.3)
+      i18n (~> 0.5)
     faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
-    fast_stack (0.2.0)
     fastercsv (1.5.5)
     feature (1.3.0)
     ffi (1.9.10)
-    flamegraph (0.1.0)
-      fast_stack
+    flamegraph (0.9.5)
     flay (2.7.0)
       erubis (~> 2.7.0)
       ruby_parser (~> 3.0)
@@ -227,26 +237,36 @@ GEM
       nokogiri (>= 1.5.9)
     mail (2.6.4)
       mime-types (>= 1.16, < 4)
-    mime-types (3.0)
+    mailcatcher (0.6.4)
+      activesupport (~> 4.0)
+      eventmachine (= 1.0.9.1)
+      mail (~> 2.3)
+      rack (~> 1.5)
+      sinatra (~> 1.2)
+      skinny (~> 0.2.3)
+      sqlite3 (~> 1.3)
+      thin (~> 1.5.0)
+    mime-types (3.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0221)
+    mime-types-data (3.2016.0521)
     mimemagic (0.3.0)
     mina (0.3.8)
       open4 (~> 1.3.4)
       rake
-    mini_portile2 (2.0.0)
-    minitest (5.8.4)
+    mini_portile2 (2.1.0)
+    minitest (5.9.0)
     minitest-reporters (1.1.9)
       ansi
       builder
       minitest (>= 5.0)
       ruby-progressbar
-    multi_json (1.12.0)
+    multi_json (1.12.1)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
     net-http-persistent (2.9.4)
-    nokogiri (1.6.7.2)
-      mini_portile2 (~> 2.0.0.rc2)
+    nokogiri (1.6.8)
+      mini_portile2 (~> 2.1.0)
+      pkg-config (~> 1.1.7)
     oauth (0.5.1)
     oauth2 (1.1.0)
       faraday (>= 0.8, < 0.10)
@@ -275,16 +295,23 @@ GEM
       omniauth-oauth (~> 1.1)
     open4 (1.3.4)
     orm_adapter (0.5.0)
+    paper_trail (5.1.1)
+      activerecord (>= 3.0, < 6.0)
+      activesupport (>= 3.0, < 6.0)
+      request_store (~> 1.1)
     paperclip (4.3.6)
       activemodel (>= 3.2.0)
       activesupport (>= 3.2.0)
       cocaine (~> 0.5.5)
       mime-types
       mimemagic (= 0.3.0)
-    parser (2.3.0.7)
+    paranoia (2.1.5)
+      activerecord (~> 4.0)
+    parser (2.3.1.0)
       ast (~> 2.2)
     pg (0.18.4)
     phantomjs (2.1.1.0)
+    pkg-config (1.1.7)
     powerpack (0.1.1)
     ptools (1.3.3)
     public_activity (1.5.0)
@@ -297,7 +324,7 @@ GEM
       activesupport (>= 3.0.0)
     rack (1.6.4)
     rack-cors (0.4.0)
-    rack-mini-profiler (0.9.9.2)
+    rack-mini-profiler (0.10.1)
       rack (>= 1.2.0)
     rack-protection (1.5.3)
       rack
@@ -332,6 +359,8 @@ GEM
       ruby-graphviz (~> 1.2)
     rails-html-sanitizer (1.0.3)
       loofah (~> 2.0)
+    rails-observers (0.1.2)
+      activemodel (~> 4.0)
     railties (4.2.6)
       actionpack (= 4.2.6)
       activesupport (= 4.2.6)
@@ -344,32 +373,50 @@ GEM
     redis (3.3.0)
     redis-namespace (1.5.2)
       redis (~> 3.0, >= 3.0.4)
-    reek (4.0.1)
+    reek (4.0.2)
       codeclimate-engine-rb (~> 0.3.1)
       parser (~> 2.3, >= 2.3.0.6)
       rainbow (~> 2.0)
+    request_store (1.3.1)
     resource_kit (0.1.5)
       addressable (~> 2.3.6)
     responders (2.2.0)
       railties (>= 4.2.0, < 5.1)
     rmagick (2.15.4)
-    rubocop (0.39.0)
-      parser (>= 2.3.0.7, < 3.0)
+    rspec-core (3.4.4)
+      rspec-support (~> 3.4.0)
+    rspec-expectations (3.4.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.4.0)
+    rspec-mocks (3.4.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.4.0)
+    rspec-rails (3.4.2)
+      actionpack (>= 3.0, < 4.3)
+      activesupport (>= 3.0, < 4.3)
+      railties (>= 3.0, < 4.3)
+      rspec-core (~> 3.4.0)
+      rspec-expectations (~> 3.4.0)
+      rspec-mocks (~> 3.4.0)
+      rspec-support (~> 3.4.0)
+    rspec-support (3.4.1)
+    rubocop (0.40.0)
+      parser (>= 2.3.1.0, < 3.0)
       powerpack (~> 0.1)
       rainbow (>= 1.99.1, < 3.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (~> 1.0, >= 1.0.1)
     ruby-graphviz (1.2.2)
-    ruby-progressbar (1.8.0)
+    ruby-progressbar (1.8.1)
     ruby_parser (3.8.2)
       sexp_processor (~> 4.1)
-    rubycritic (2.9.0)
+    rubycritic (2.9.1)
       colorize
       flay (= 2.7.0)
       flog (= 4.3.2)
       launchy (= 2.4.3)
-      parser (= 2.3.0.7)
-      reek (= 4.0.1)
+      parser (= 2.3.1.0)
+      reek (= 4.0.2)
       ruby_parser (~> 3.8)
       virtus (~> 1.0)
     rubyzip (1.2.0)
@@ -397,8 +444,11 @@ GEM
       rack (~> 1.5)
       rack-protection (~> 1.4)
       tilt (>= 1.3, < 3)
-    slim (3.0.6)
-      temple (~> 0.7.3)
+    skinny (0.2.4)
+      eventmachine (~> 1.0.0)
+      thin (>= 1.5, < 1.7)
+    slim (3.0.7)
+      temple (~> 0.7.6)
       tilt (>= 1.3.3, < 2.1)
     spring (1.7.1)
     sprockets (3.6.0)
@@ -414,15 +464,19 @@ GEM
     stringex (1.5.1)
     sys-uname (1.0.2)
       ffi (>= 1.0.0)
-    temple (0.7.6)
-    terminal-table (1.5.2)
+    temple (0.7.7)
+    terminal-table (1.6.0)
+    thin (1.5.1)
+      daemons (>= 1.0.9)
+      eventmachine (>= 0.12.6)
+      rack (>= 1.0.0)
     thor (0.19.1)
     thread_safe (0.3.5)
-    tilt (2.0.2)
+    tilt (2.0.5)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
     unicode-display_width (1.0.5)
-    uniform_notifier (1.9.0)
+    uniform_notifier (1.10.0)
     uuidtools (2.1.5)
     virtus (1.0.5)
       axiom-types (~> 0.1)
@@ -458,18 +512,23 @@ DEPENDENCIES
   devise_token_auth
   dspace_rest_client
   execjs
+  factory_girl_rails
+  faker
   feature
   flamegraph
   gitlab
   immigrant
   libarchive-static
+  mailcatcher
   mimemagic
   mina
   minitest-reporters
   omniauth-facebook
   omniauth-google-oauth2
   omniauth-twitter
+  paper_trail
   paperclip
+  paranoia (~> 2.0)
   pg
   public_activity
   puma
@@ -479,10 +538,12 @@ DEPENDENCIES
   rails (= 4.2.6)
   rails-api
   rails-erd
+  rails-observers
   rainbow
   rdoc
   redis-throttle!
   rmagick
+  rspec-rails
   rubocop
   rubycritic
   rubyzip
@@ -500,4 +561,4 @@ DEPENDENCIES
   whenever
 
 BUNDLED WITH
-   1.12.1
+   1.12.3

app/builders/learning_object/draft_builder.rb

@@ -2,35 +2,32 @@ class LearningObject::DraftBuilder
 
   def self.build(publisher, params={})
     @draft = LearningObject.new(sanitize_params(params))
-    @draft.draft
-
-
+    @draft.draft!
 
     #build language
     @draft.language = Language.find(params[:language]) if params[:language].to_i > 0
 
     # set publisher
     @draft.publisher = publisher
-
     @draft.save
+
     # build tags
     params[:tags].try(:each) do |t|
       tag = Tag.where(name: t['name']).first_or_create
       Tagging.where(tag: tag, taggable: @draft, tagger: publisher).first_or_create
     end
     @draft.save
+
     @draft
   end
 
-  private
-
   def self.sanitize_params(args={})
-    _args = args.clone
+    params = args.clone
     %w(tags language link).each do |arg|
-      _args.delete(arg)
+      params.delete(arg)
     end
-    metadata = [{'key' => 'dc.object.url', 'value' => args[:link]}]
-    _args.merge(metadata: metadata)
+    metadata = { 'dc.object.url' => args[:link] }
+    params.merge(metadata: metadata)
   end
 
 end

app/builders/learning_object_builder.rb

 class LearningObjectBuilder
-
   def self.build_from_dspace(item)
     lo = LearningObject.new(
-        name: item.name,
-        id_dspace: item.id,
-        thumbnail: nil,
-        metadata: item.metadata.map(&:to_h)
+      name: item.name,
+      id_dspace: item.id,
+      thumbnail: nil,
+      metadata: dspace_metadata_to_hash(item.metadata)
     )
 
-    institution = lo.get_metadata_values_of('dc.creator').first
+    institution = lo.get_metadata_value_of('dc.creator')
     institution = 'Desconhecido' if institution.blank?
     lo.publisher = Institution.where(name: institution).first_or_create
 
@@ -49,9 +48,13 @@ class LearningObjectBuilder
     _params
   end
 
- # private
+  def self.dspace_metadata_to_hash(metadata)
+    hash = Hash.new { |h, k| h[k] = Array.new(&h.default_proc) }
+    metadata.each { |m| hash[m.key] << m.value }
+    hash
+  end
 
-  #def self.sanitize_form_metadata(params={})
+  # def self.sanitize_form_metadata(params={})
   #  if !params[:link].blank?
   #    metadata = [{'key' => 'dc.object.url', 'value' => params[:link]}]
   #    _args.merge(metadata: metadata)

app/controllers/application_controller.rb

@@ -4,6 +4,12 @@ class ApplicationController < ActionController::API
   include Pundit
   include PublicActivity::StoreController
 
+  # tracking user in papertrail
+  before_action :set_paper_trail_whodunnit
+
+  # check if client application is allowed to consumes the API.
+  before_action :allow_client_application, if: -> { Feature.active?(:allow_client_application) }
+
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   # protect_from_forgery with: :null_session
@@ -17,23 +23,19 @@ class ApplicationController < ActionController::API
   protected
 
   def configure_permitted_parameters
-    registration_params = [:name, :email, :avatar, :password, :password_confirmation]
-
-    if params[:action] == 'update'
-      devise_parameter_sanitizer.for(:account_update) {
-          |u| u.permit(registration_params << :current_password)
-      }
-    elsif params[:action] == 'create'
-      devise_parameter_sanitizer.for(:sign_up) {
-          |u| u.permit(registration_params << :terms_of_service)
-      }
-    end
+    registration_params = [:name, :email, :avatar, :password, :password_confirmation, :current_password, :terms_of_service]
+    devise_parameter_sanitizer.permit :sign_up, keys: registration_params
+    devise_parameter_sanitizer.permit :account_update, keys: registration_params
   end
 
   private
 
+  def allow_client_application
+    app = Application.find_or_initialize_by(application_id: request.headers["PortalMEC-AppID"].to_s)
+    user_not_authorized if app.domain != request.domain
+  end
+
   def user_not_authorized
     render nothing: true, status: :unauthorized
   end
-
 end

app/controllers/concerns/deleted_objects_controller.rb

+module DeletedObjectsController
+  extend ActiveSupport::Concern
+
+  def deleted
+    render json: deleted_resource.only_deleted
+  end
+
+  protected
+
+  def deleted_resource
+    raise NotImplementedError
+  end
+
+end

app/controllers/concerns/followable_controller.rb

@@ -28,5 +28,4 @@ module FollowableController
       render nothing: true, status: :forbidden
     end
   end
-
-end
\ No newline at end of file
+end

app/controllers/concerns/highlights_controller.rb

+module HighlightsController
+  extend ActiveSupport::Concern
+
+  # GET /v1/learning_objects/this_week
+  # GET /v1/learning_objects/this_week.json
+  def this_week
+    render json: highlights_resource.this_week
+  end
+
+  # GET /v1/learning_objects/this_month
+  # GET /v1/learning_objects/this_month.json
+  def this_month
+    render json: highlights_resource.this_month
+  end
+
+end

app/controllers/concerns/resource_model.rb

+module ResourceModel
+  extend ActiveSupport::Concern
+
+  protected
+
+  def resource_model
+    resource, id = request.path.split('/')[2, 3]
+    resource_model = resource.singularize.classify.constantize
+    resource_model.find(id)
+  end
+
+end

app/controllers/concerns/sociable_controller.rb

@@ -7,8 +7,8 @@ module SociableController
 
   included do
     before_action :authenticate_user!, only: [:like, :unlike]
+    before_action :authorize_sociable!, only: [:like, :unlike]
     before_action :view_object!, only: VIEWABLE_METHODS
-    before_action :sociable, only: [:like, :unlike]
   end
 
   # POST /v1/learning_objects/1/like
@@ -35,6 +35,14 @@ module SociableController
 
   protected
 
+  def authorize_sociable!
+    authorize sociable
+  end
+
+  def sociable
+    raise NotImplementedError
+  end
+
   def view_object!
     sociable.view current_user if user_signed_in?
   end

app/controllers/concerns/taggable_controller.rb

@@ -10,14 +10,14 @@ module TaggableController
   # POST /v1/learning_objects/1/tagging.json
   def tagging
     @owner.tag(taggable, with: [tag_params[:name]])
-    render json: ActiveModel::ArraySerializer.new(taggable.tags.to_a), status: :created
+    render json: taggable.tags, status: :created
   end
 
   # DELETE /v1/learning_objects/1/untagging
   # DELETE /v1/learning_objects/1/untagging.json
   def untagging
     @owner.untag(taggable, tag_params[:name])
-    render json: ActiveModel::ArraySerializer.new(taggable.tags.to_a), status: :ok
+    render json: taggable.tags, status: :ok
   end
 
   protected

app/controllers/old/about_controller.rb

-class AboutController < ApplicationController
-  def index
-  end
-end

app/controllers/old/bookmarks_controller.rb

-class BookmarksController < ApplicationController
-  include Pundit
-
-  before_action :authenticate_user!
-  before_action :set_user
-  before_action :find_object, only: [:add_object, :remove_object]
-
-
-  # GET /bookmarks/1
-  # GET /bookmarks/1.json
-  def show
-    render partial: 'list' if params[:list] == 'true'
-  end
-
-  # POST /bookmarks/1/learning_object
-  def add_object
-    authorize @object
-    Bookmark.create(user: @user, bookmarkable: @object)
-
-    render json: { status: true } if request.xhr?
-  end
-
-  def list
-    render layout: false
-  end
-
-  # DELETE /bookmarks/1/learning_object
-  def remove_object
-    authorize @object
-    Bookmark.destroy Bookmark.where(user: @user, bookmarkable: @object)
-
-    render json: { status: true } if request.xhr?
-  end
-
-  private
-
-  def set_user
-    @user = current_user
-  end
-
-  def find_object
-    klass = params[:type].constantize
-    @object = klass.find params[:id]
-  end
-
-end

app/controllers/old/callbacks_controller.rb

-class CallbacksController < Devise::OmniauthCallbacksController
-
-  def facebook
-    request_data("Facebook","devise.facebook_data")
-  end
-
-  def twitter
-    request_data("Twitter","devise.twitter_data")
-  end
-
-  def google_oauth2
-    request_data("Google","devise.google_oauth2_data")
-  end
-
-  private
-
-  def request_data(provider,provider_session)
-    @user = User.from_omniauth(request.env["omniauth.auth"])
-
-      if @user.persisted?
-        sign_in_and_redirect @user, :event => :authentication
-        flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => provider
-      else
-        session[provider_session] = request.env["omniauth.auth"]
-        redirect_to new_user_registration_url
-      end
-
-      def failure
-        redirect_to root_path
-      end
-  end
-
-end

app/controllers/old/chunks_controller.rb

-class ChunksController < ApplicationController
-  layout nil
-
-  before_action :set_learning_object
-
-  #GET /chunk
-  def show
-    chunk = resumable_chunk chunk_number
-
-    unless valid_mime_type?
-      render :nothing => true, :status => 415
-    else
-      if File.exists?(chunk)
-        post_file_and_create_thumbnail @learning_object, resumable_filename if last_chunk?
-        #Let resumable.js know this chunk already exists
-        render :nothing => true, :status => 200
-      else
-        #Let resumable.js know this chunk doesnt exists and needs to be uploaded
-        render :nothing => true, :status => 404
-      end
-    end
-  end
-  #POST /chunk
-  def create
-
-    unless valid_mime_type?
-      return render :nothing => true, :status => 415
-    end
-
-    #chunk path based on the parameters
-    chunk = resumable_chunk chunk_number
-
-    #Create chunks directory when not present on system
-    if !File.directory?(dir)
-      FileUtils.mkdir(dir, :mode => 0700)
-    end
-
-    #Move the uploaded chunk to the directory
-    FileUtils.mv chunk_tmpfile, chunk
-
-    #Concatenate all the partial files into the original file
-    #When all chunks are uploaded
-    if last_chunk?
-      #Create a target file
-      File.open(resumable_filename, "a") do |target|
-        #Loop trough the chunks
-        for i in 1..chunk_number
-          #Select the chunk
-          chunk = File.open(resumable_chunk(i), 'r').read
-
-          #Write chunk into target file
-          chunk.each_line do |line|
-            target << line
-          end
-
-          #Deleting chunk
-          FileUtils.rm resumable_chunk(i), :force => true
-        end
-        puts "File saved to #{resumable_filename}"
-      end
-
-      post_file_and_create_thumbnail @learning_object, resumable_filename
-    end
-
-    render nothing: true, status: 200
-  end
-
-  private
-
-  def post_file_and_create_thumbnail(learning_object, filename)
-    publisher = LearningObjectPublisher.new(DspaceService.create_client)
-    publisher.post learning_object, filename
-  end
-
-  def chunk_tmpfile
-    chunks_params[:file].tempfile
-  end
-
-  def last_chunk?
-    chunk_number == total_chunks
-  end
-
-  def chunk_size
-    chunks_params[:resumableChunkSize].to_i
-  end
-
-  def total_chunks
-    chunks_params[:resumableTotalChunks].to_i
-  end
-
-  def chunk_number
-    chunks_params[:resumableChunkNumber].to_i
-  end
-
-  def resumable_chunk(part)
-    "#{resumable_filename}.part#{part}"
-  end
-
-  def resumable_filename
-    "#{dir}/#{chunks_params[:resumableFilename]}"
-  end
-
-  def dir
-    "/tmp/#{chunks_params[:resumableIdentifier]}"
-  end
-
-  def set_learning_object
-    @learning_object = LearningObject.find chunks_params[:learning_object_id]
-  end
-
-  def resumable_file_extension
-    File.extname(chunks_params[:resumableFilename])[1..-1]
-  end
-
-  def valid_mime_type?
-    mime_types = @learning_object.object_type.mime_types.map(&:extension)
-    return true if mime_types.empty?
-    mime_types.include? resumable_file_extension
-  end
-  # Never trust parameters from the scary internet, only allow the white list through.
-  def chunks_params
-    params.permit(:file, :learning_object_id, :resumableIdentifier, :resumableFilename, :resumableChunkNumber, :resumableTotalChunks, :resumableChunkSize)
-  end
-end

app/controllers/old/collections_controller.rb

-class CollectionsController < ApplicationController
-  include Pundit
-
-  before_action :set_collection, only: [:show, :update, :destroy, :like, :change_privacy]
-  before_action :set_collections, only: [:list, :add_learning_object, :remove_learning_object]
-  before_action :authenticate_user!, only: [:update, :destroy, :like, :list, :me, :add_learning_object, :remove_learning_object, :change_privacy]
-  before_action :authorize_action, only: [:show, :create, :update, :destroy, :add_learning_object, :remove_learning_object, :change]
-
-  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
-
-
-  # GET /collections
-  # GET /collections.json
-  def index
-    respond_to do |format|
-      # for HTML page, returns institutional collections
-      format.html do
-        @collections = Collection.all.where(owner: Institution.all)
-      end
-
-      # returns all collection of logged user as JSON for UI actions
-      if user_signed_in?
-        format.json do
-          @collections = current_user.collections
-        end
-      end
-    end
-  end
-
-  # GET /collections/1
-  # GET /collections/1.json
-  def show
-    if @collection.class == User
-      # bookmark
-      @user = @collection
-      @collection = collection_repository.bookmarks(@user)
-      @own = true
-    else
-      check_collection_privacy! @collection
-
-      @user = @collection.owner
-      @own = user_signed_in? ? @collection.user_own?(current_user) : false
-    end
-
-    @reviews = Review.includes(:user).where(reviewable: @collection)
-
-    render partial: 'list' if params[:list] == 'true'
-  end
-
-  # POST /collections/1/like
-  def like
-    Collection.like @collection
-  end
-
-  # POST /collections
-  # POST /collections.json
-  def create
-    @collection = Collection.new(collection_params)
-    @collection.owner = params[:collection][:owner].blank? ? current_user : Institution.find(params[:collection][:owner])
-
-    respond_to do |format|
-      if @collection.save
-        format.html { redirect_to :back, notice: t('activerecord.attributes.collection.create.notice.successfully_created') }
-      else
-        format.html { render :new }
-      end
-    end
-  end
-
-  # PATCH/PUT /collections/1
-  # PATCH/PUT /collections/1.json
-  def update
-    respond_to do |format|
-      if Collection.update(collection_params)
-        format.html { redirect_to @collection, notice: t('activerecord.attributes.collection.update.notice.successfully_updated') }
-      else
-        format.html { render :edit }
-      end
-    end
-  end
-
-  # DELETE /collections/1
-  # DELETE /collections/1.json
-  def destroy
-    Collection.destroy @collection
-
-    respond_to do |format|
-      format.html { redirect_to user_path(current_user), notice: t('activerecord.attributes.collection.destroy.notice.successfully_destroy') }
-    end
-  end
-
-  def list
-    @collection = @collections.first
-
-    # list all
-    @collection = nil if @collection == 'all'
-
-    @collections = current_user.associated_collections
-    @collections.select! do |c|
-      (!@collection.blank? && c.id != @collection.id) || !include_learning_objects?(c)
-    end
-    @type = params[:type]
-
-    unless @type.blank?
-      @send = case @type
-                when 'add' then
-                  'Adicionar'
-                when 'copy' then
-                  'Copiar'
-                when 'move' then
-                  'Mover'
-                else
-                  'Enviar'
-              end
-
-      @title = (@send == 'Enviar') ? 'Coleções' : @send + '  objeto(s) às coleções'
-    end
-
-    render layout: false
-  end
-
-  def me
-    @new_collection = Collection.new
-
-    @publishers = current_user.institutions
-    @bookmark = (current_user.bookmarks.nil? || current_user.bookmarks.first.nil?) ? [] : [current_user.bookmarks.first]
-
-    @groups = [
-        CollectionsGroup.new(title: 'Coleções Automáticas',
-                             collections: @bookmark),
-        CollectionsGroup.new(title: 'Coleções Adicionadas',
-                             collections: current_user.associated_collections)
-    ]
-
-  end
-
-  # POST /collections/1/learning_object
-  def add_learning_object
-    @collections.each do |collection|
-      next unless collection.user_own?(current_user)
-
-      @learning_objects.each do |learning_object|
-        collection.learning_objects << learning_object unless collection.learning_objects.include? learning_object
-      end
-      collection.save
-    end
-
-    render json: {status: true} if request.xhr?
-  end
-
-  # DELETE /collections/1/learning_object
-  def remove_learning_object
-    @collections.each do |collection|
-      next unless collection.user_own?(current_user)
-
-      @learning_objects.each do |learning_object|
-        collection.learning_objects.destroy(learning_object)
-      end
-      collection.save
-    end
-
-    render json: {status: true} if request.xhr?
-  end
-
-  # change collection privacy
-  def change_privacy
-    @collection.privacy = params[:privacy]
-
-    response = @collection.save
-
-    render json: {status: response} if request.xhr?
-  end
-
-  private
-
-  def include_learning_objects?(collection)
-    @learning_objects.each do |lo|
-      return true if collection.learning_objects.include? lo
-    end
-    false
-  end
-
-  def check_collection_privacy!(collection)
-    if collection.private? && !collection.user_own?(current_user)
-      redirect_to :root, notice: 'Está é uma coleção privada.'
-    end
-  end
-
-  def set_collection
-    @collection = Collection.find params[:id]
-  end
-
-  def set_collections
-    if params[:id] == 'all' || params[:id].blank?
-      @collections = ['all']
-    else
-      @collections = (params[:id].class == String) ? [Collection.find(params[:id])] : params[:id].map { |id| Collection.find id }
-    end
-
-    unless params[:learning_objects_ids].blank?
-      @learning_objects = []
-
-      params[:learning_objects_ids].split(',').each do |id|
-        object = LearningObject.find id
-        @learning_objects << object unless object.blank?
-      end
-    end
-  end
-
-  # Never trust parameters from the scary internet, only allow the white list through.
-  def collection_params
-    params.require(:collection).permit(:name, :description, learning_objects: [])
-  end
-
-  def user_not_authorized
-    flash[:notice] = "Esta coleção é privada!"
-    redirect_to (root_path)
-  end
-
-  def authorize_action
-    if !@collections.nil?
-      @collections.each { |c| authorize c }
-    else
-      @collection ||= Collection.new
-      authorize @collection
-    end
-  end
-
-end

app/controllers/old/complaints_controller.rb

-class ComplaintsController < ApplicationController
-  include Pundit
-
-  before_action :authorize_action
-  before_action :authenticate_user!
-
-  def create
-    complaint = Complaint.new(complaint_params)
-    complaint.user = current_user
-
-    respond_to do |format|
-      if complaint.save
-        format.html { redirect_to :back, notice: t('activerecord.attributes.complaint.create.notice.sucess') }
-      else
-        format.html { redirect_to :back, alert: t('activerecord.attributes.complaint.create.alert.failure') }
-      end
-    end
-  end
-
-  private
-
-  # Never trust parameters from the scary internet, only allow the white list through.
-  def complaint_params
-    params.require(:complaint).permit(:complaintable_id, :complaintable_type, :complaint_reason_id, :description)
-  end
-
-  def authorize_action
-    @complaint ||= Complaint.new(complaint_params)
-    authorize @complaint
-  end
-
-end

app/controllers/old/feedbacks_controller.rb

-class FeedbacksController < ApplicationController
-  before_filter :authenticate_user!
-
-  # GET /feedbacks/new
-  def new
-  #  @feedbacks = Feedback.new
-
-#    render layout: false
- end
-
-  # GET /feedbacks/new_bug
-  def new_bug
-    @bug = Bug.new
-
-    render layout: false
-  end
-
-  # POST /feedbacks
-  def create
-   # @feedbacks = Feedback.new(feedback_params)
-
-   # respond_to do |format|
-   #   if feedback_service.send_feedback @feedbacks
-   #     format.html { redirect_to :back, notice: 'Obrigado pela sua avaliação!' }
-  #    end
-  #  end
-  end
-
-  # POST /feedbacks/report_bug
-  def report_bug
-    @bug = Bug.new(bug_params)
-
-    respond_to do |format|
-      if feedback_service.report_bug @bug
-        format.html { redirect_to :back, notice: t('activerecord.attributes.feedback.report_bug.notice.success') }
-      end
-    end
-  end
-
-  private
-
-  def feedback_service
-    FeedbackService.new(GitlabBugreporterService.new(Gitlab))
-  end
-
-  def bug_params
-    params.require(:bug).permit(:title, :description)
-  end
-
-  def feedback_params
-    params.require(:feedbacks).permit(:object, :message, :description)
-  end
-
-end

app/controllers/old/institutions_controller.rb

-class InstitutionsController < ApplicationController
-  include Pundit
-
-  before_action :set_institution, only: [:show, :edit, :update, :destroy, :like, :users]
-  before_action :authorize_action
-
-  # GET /institutions
-  # GET /institutions.json
-  def index
-    @institutions = Institution.all
-  end
-
-  # GET /institutions/1
-  # GET /institutions/1.json
-  def show
-  end
-
-  # GET /institutions/new
-  def new
-    @institution = Institution.new
-  end
-
-  # GET /institutions/1/edit
-  def edit
-  end
-
-  # POST /institutions
-  # POST /institutions.json
-  def create
-    @institution = Institution.new(institution_params)
-
-    respond_to do |format|
-      if Institution.save @institution
-        format.html { redirect_to @institution, notice: t('activerecord.attributes.institution.create.notice.successfully_created') }
-      else
-        format.html { render :new }
-      end
-    end
-  end
-
-  # PATCH/PUT /institutions/1
-  # PATCH/PUT /institutions/1.json
-  def update
-    respond_to do |format|
-      if Institution.update(institution_params)
-        format.html { redirect_to @learning_object, notice: t('activerecord.attributes.institution.update.notice.successfully_updated') }
-      else
-        format.html { render :edit }
-      end
-    end
-  end
-
-  # DELETE /institutions/1
-  # DELETE /institutions/1.json
-  def destroy
-    Institution.destroy @institution
-
-    respond_to do |format|
-      format.html { redirect_to institutions_url, notice: t('activerecord.attributes.institution.destroy.notice.successfully_destroy') }
-    end
-  end
-
-  def users
-    @users = @institution.users
-  end
-
-  private
-
-  def set_institution
-    @institution = Institution.find(params[:id])
-  end
-
-  # Never trust parameters from the scary internet, only allow the white list through.
-  def institution_params
-    params[:institution_object]
-  end
-
-  def authorize_action
-    @institution ||= Institution.new
-    authorize @institution
-  end
-
-end