discourse/app/controllers/user_badges_controller.rb

class UserBadgesController < ApplicationController
  def index
    params.permit [:granted_before, :offset]

    badge = fetch_badge_from_params
    user_badges = filter_user_badges(badge.user_badges)
    user_badges = user_badges.includes(:user, :granted_by, badge: :badge_type, post: :topic)
    user_badges = user_badges.order(granted_at: :desc, id: :desc).limit(96)

    if offset = params[:offset]
      user_badges = user_badges.offset(offset.to_i)
    end

    render_serialized(user_badges, UserBadgeSerializer, root: "user_badges", include_long_description: true)
  end

  def username
    params.permit [:grouped]

    user = fetch_user_from_params
    user_badges = filter_user_badges(user.user_badges)
    user_badges = user_badges.includes(badge: [:badge_grouping, :badge_type])
                             .includes(post: :topic)
                             .includes(:granted_by)

    if params[:grouped]
      user_badges = user_badges.group(:badge_id)
                               .select(UserBadge.attribute_names.map {|x| "MAX(#{x}) as #{x}" }, 'COUNT(*) as count')
    end

    render_serialized(user_badges, DetailedUserBadgeSerializer, root: "user_badges")
  end

  def create
    params.require(:username)
    user = fetch_user_from_params

    unless can_assign_badge_to_user?(user)
      render json: failed_json, status: 403
      return
    end

    badge = fetch_badge_from_params
    post_id = nil

    if params[:reason].present?
      path = URI.parse(params[:reason]).path rescue nil
      route = Rails.application.routes.recognize_path(path) if path
      if route
        topic_id = route[:topic_id].to_i
        post_number = route[:post_number] || 1

        post_id = Post.find_by(topic_id: topic_id, post_number: post_number).try(:id) if topic_id > 0
      end
    end

    user_badge = BadgeGranter.grant(badge, user, granted_by: current_user, post_id: post_id)

    render_serialized(user_badge, DetailedUserBadgeSerializer, root: "user_badge")
  end

  def destroy
    params.require(:id)
    user_badge = UserBadge.find(params[:id])

    unless can_assign_badge_to_user?(user_badge.user)
      render json: failed_json, status: 403
      return
    end

    BadgeGranter.revoke(user_badge, revoked_by: current_user)
    render json: success_json
  end

  private

    # Get the badge from either the badge name or id specified in the params.
    def fetch_badge_from_params
      badge = nil

      params.permit(:badge_name)
      if params[:badge_name].nil?
        params.require(:badge_id)
        badge = Badge.find_by(id: params[:badge_id], enabled: true)
      else
        badge = Badge.find_by(name: params[:badge_name], enabled: true)
      end
      raise Discourse::NotFound if badge.blank?

      badge
    end

    def can_assign_badge_to_user?(user)
      master_api_call = current_user.nil? && is_api?
      master_api_call or guardian.can_grant_badges?(user)
    end

    def filter_user_badges(user_badges)
      if SiteSetting.enable_whispers?
        unless current_user.try(:staff?)
          user_badges = user_badges.joins("LEFT JOIN posts ON posts.id = user_badges.post_id")
                                   .where("posts.post_type <> #{Post.types[:whisper]}")
        end
      end

      user_badges
    end
end
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`class UserBadgesController < ApplicationController`
			`def index`
Sort the badges on the user profile page Also clean up UserBadgesController so it isn't doing two things in one method 2014-08-25 13:38:20 -04:00			`params.permit [:granted_before, :offset]`

			`badge = fetch_badge_from_params`
FIX: properly filter badges when they're on a whisper 2015-09-24 18:30:29 -04:00			`user_badges = filter_user_badges(badge.user_badges)`
Sort the badges on the user profile page Also clean up UserBadgesController so it isn't doing two things in one method 2014-08-25 13:38:20 -04:00			`user_badges = user_badges.includes(:user, :granted_by, badge: :badge_type, post: :topic)`
FIX: properly filter badges when they're on a whisper 2015-09-24 18:30:29 -04:00			`user_badges = user_badges.order(granted_at: :desc, id: :desc).limit(96)`
Load 100 users at a time for the badge page, with a button to load more. 2014-04-22 05:40:47 -04:00
FEATURE: badge grouping UI FIX: not loading more badges on badge show page 2014-07-18 01:46:36 -04:00			`if offset = params[:offset]`
			`user_badges = user_badges.offset(offset.to_i)`
Add badge page. 2014-04-16 10:56:11 -04:00			`end`
Load 100 users at a time for the badge page, with a button to load more. 2014-04-22 05:40:47 -04:00
FEATURE: long descriptions for badges to help teach people 2015-02-27 01:19:18 -05:00			`render_serialized(user_badges, UserBadgeSerializer, root: "user_badges", include_long_description: true)`
Sort the badges on the user profile page Also clean up UserBadgesController so it isn't doing two things in one method 2014-08-25 13:38:20 -04:00			`end`

			`def username`
			`params.permit [:grouped]`

			`user = fetch_user_from_params`
FIX: properly filter badges when they're on a whisper 2015-09-24 18:30:29 -04:00			`user_badges = filter_user_badges(user.user_badges)`
			`user_badges = user_badges.includes(badge: [:badge_grouping, :badge_type])`
			`.includes(post: :topic)`
			`.includes(:granted_by)`
Load 100 users at a time for the badge page, with a button to load more. 2014-04-22 05:40:47 -04:00
Cosmetic changes. 2014-06-09 21:23:18 -04:00			`if params[:grouped]`
FEATURE: Allow admins to disable specific badges 2014-07-14 03:40:01 -04:00			`user_badges = user_badges.group(:badge_id)`
			`.select(UserBadge.attribute_names.map {\|x\| "MAX(#{x}) as #{x}" }, 'COUNT(*) as count')`
Multiple grant badges. 2014-05-21 03:22:42 -04:00			`end`

FEATURE: Allow manual assignment of related post to badge PERF: clean up performance of user badges admin when large number of badges exist 2015-02-24 20:52:43 -05:00			`render_serialized(user_badges, DetailedUserBadgeSerializer, root: "user_badges")`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`

			`def create`
			`params.require(:username)`
			`user = fetch_user_from_params`

			`unless can_assign_badge_to_user?(user)`
			`render json: failed_json, status: 403`
			`return`
			`end`

			`badge = fetch_badge_from_params`
FEATURE: Allow manual assignment of related post to badge PERF: clean up performance of user badges admin when large number of badges exist 2015-02-24 20:52:43 -05:00			`post_id = nil`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00
FEATURE: Allow manual assignment of related post to badge PERF: clean up performance of user badges admin when large number of badges exist 2015-02-24 20:52:43 -05:00			`if params[:reason].present?`
			`path = URI.parse(params[:reason]).path rescue nil`
			`route = Rails.application.routes.recognize_path(path) if path`
			`if route`
			`topic_id = route[:topic_id].to_i`
			`post_number = route[:post_number] \|\| 1`

			`post_id = Post.find_by(topic_id: topic_id, post_number: post_number).try(:id) if topic_id > 0`
			`end`
			`end`

			`user_badge = BadgeGranter.grant(badge, user, granted_by: current_user, post_id: post_id)`

			`render_serialized(user_badge, DetailedUserBadgeSerializer, root: "user_badge")`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`

			`def destroy`
			`params.require(:id)`
			`user_badge = UserBadge.find(params[:id])`

			`unless can_assign_badge_to_user?(user_badge.user)`
			`render json: failed_json, status: 403`
			`return`
			`end`

Log badge grant/revoke to the staff actions log. 2014-03-19 15:30:12 -04:00			`BadgeGranter.revoke(user_badge, revoked_by: current_user)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`render json: success_json`
			`end`

			`private`

			`# Get the badge from either the badge name or id specified in the params.`
			`def fetch_badge_from_params`
			`badge = nil`

			`params.permit(:badge_name)`
			`if params[:badge_name].nil?`
			`params.require(:badge_id)`
FEATURE: Allow admins to disable specific badges 2014-07-14 03:40:01 -04:00			`badge = Badge.find_by(id: params[:badge_id], enabled: true)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`else`
FEATURE: Allow admins to disable specific badges 2014-07-14 03:40:01 -04:00			`badge = Badge.find_by(name: params[:badge_name], enabled: true)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`
usage of raise corrected 2015-05-06 21:00:51 -04:00			`raise Discourse::NotFound if badge.blank?`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00
			`badge`
			`end`

			`def can_assign_badge_to_user?(user)`
			`master_api_call = current_user.nil? && is_api?`
			`master_api_call or guardian.can_grant_badges?(user)`
			`end`
FIX: properly filter badges when they're on a whisper 2015-09-24 18:30:29 -04:00
			`def filter_user_badges(user_badges)`
			`if SiteSetting.enable_whispers?`
			`unless current_user.try(:staff?)`
			`user_badges = user_badges.joins("LEFT JOIN posts ON posts.id = user_badges.post_id")`
			`.where("posts.post_type <> #{Post.types[:whisper]}")`
			`end`
			`end`

			`user_badges`
			`end`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`