discourse/app/controllers/user_badges_controller.rb

class UserBadgesController < ApplicationController
  def index
    params.permit(:username).permit(:granted_before)

    if params[:username]
      user = fetch_user_from_params
      user_badges = user.user_badges
    else
      badge = fetch_badge_from_params
      user_badges = badge.user_badges.order('granted_at DESC').limit(96)
    end

    if params[:granted_before]
      user_badges = user_badges.where('granted_at < ?', Time.at(params[:granted_before].to_f))
    end

    user_badges = user_badges.includes(:user, :granted_by, badge: :badge_type, post: :topic)

    if params[:grouped]
      user_badges = user_badges.group(:badge_id).select(UserBadge.attribute_names.map {|x| "MAX(#{x}) as #{x}" }, 'COUNT(*) as count')
    end

    render_serialized(user_badges, UserBadgeSerializer, root: "user_badges")
  end

  def create
    params.require(:username)
    user = fetch_user_from_params

    unless can_assign_badge_to_user?(user)
      render json: failed_json, status: 403
      return
    end

    badge = fetch_badge_from_params
    user_badge = BadgeGranter.grant(badge, user, granted_by: current_user)

    render_serialized(user_badge, UserBadgeSerializer, root: "user_badge")
  end

  def destroy
    params.require(:id)
    user_badge = UserBadge.find(params[:id])

    unless can_assign_badge_to_user?(user_badge.user)
      render json: failed_json, status: 403
      return
    end

    BadgeGranter.revoke(user_badge, revoked_by: current_user)
    render json: success_json
  end

  private

    # Get the badge from either the badge name or id specified in the params.
    def fetch_badge_from_params
      badge = nil

      params.permit(:badge_name)
      if params[:badge_name].nil?
        params.require(:badge_id)
        badge = Badge.find_by(id: params[:badge_id])
      else
        badge = Badge.find_by(name: params[:badge_name])
      end
      raise Discourse::NotFound.new if badge.blank?

      badge
    end

    def can_assign_badge_to_user?(user)
      master_api_call = current_user.nil? && is_api?
      master_api_call or guardian.can_grant_badges?(user)
    end
end
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`class UserBadgesController < ApplicationController`
			`def index`
Load 100 users at a time for the badge page, with a button to load more. 2014-04-22 05:40:47 -04:00			`params.permit(:username).permit(:granted_before)`

Add badge page. 2014-04-16 10:56:11 -04:00			`if params[:username]`
			`user = fetch_user_from_params`
			`user_badges = user.user_badges`
			`else`
			`badge = fetch_badge_from_params`
Change badge user list limit to 96 so that it is divisible by 8. 2014-05-19 01:02:59 -04:00			`user_badges = badge.user_badges.order('granted_at DESC').limit(96)`
Load 100 users at a time for the badge page, with a button to load more. 2014-04-22 05:40:47 -04:00			`end`

			`if params[:granted_before]`
			`user_badges = user_badges.where('granted_at < ?', Time.at(params[:granted_before].to_f))`
Add badge page. 2014-04-16 10:56:11 -04:00			`end`
Load 100 users at a time for the badge page, with a button to load more. 2014-04-22 05:40:47 -04:00
Backend changes to support improved badge pages. 2014-06-27 15:08:03 -04:00			`user_badges = user_badges.includes(:user, :granted_by, badge: :badge_type, post: :topic)`
Load 100 users at a time for the badge page, with a button to load more. 2014-04-22 05:40:47 -04:00
Cosmetic changes. 2014-06-09 21:23:18 -04:00			`if params[:grouped]`
Multiple grant badges. 2014-05-21 03:22:42 -04:00			`user_badges = user_badges.group(:badge_id).select(UserBadge.attribute_names.map {\|x\| "MAX(#{x}) as #{x}" }, 'COUNT(*) as count')`
			`end`

Add badge page. 2014-04-16 10:56:11 -04:00			`render_serialized(user_badges, UserBadgeSerializer, root: "user_badges")`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`

			`def create`
			`params.require(:username)`
			`user = fetch_user_from_params`

			`unless can_assign_badge_to_user?(user)`
			`render json: failed_json, status: 403`
			`return`
			`end`

			`badge = fetch_badge_from_params`
			`user_badge = BadgeGranter.grant(badge, user, granted_by: current_user)`

Use render_serialized for rendering instances in UserBadgeController. 2014-03-19 05:16:16 -04:00			`render_serialized(user_badge, UserBadgeSerializer, root: "user_badge")`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`

			`def destroy`
			`params.require(:id)`
			`user_badge = UserBadge.find(params[:id])`

			`unless can_assign_badge_to_user?(user_badge.user)`
			`render json: failed_json, status: 403`
			`return`
			`end`

Log badge grant/revoke to the staff actions log. 2014-03-19 15:30:12 -04:00			`BadgeGranter.revoke(user_badge, revoked_by: current_user)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`render json: success_json`
			`end`

			`private`

			`# Get the badge from either the badge name or id specified in the params.`
			`def fetch_badge_from_params`
			`badge = nil`

			`params.permit(:badge_name)`
			`if params[:badge_name].nil?`
			`params.require(:badge_id)`
Perform the where(...).first to find_by(...) refactoring. This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb" 2014-05-06 09:41:59 -04:00			`badge = Badge.find_by(id: params[:badge_id])`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`else`
Perform the where(...).first to find_by(...) refactoring. This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb" 2014-05-06 09:41:59 -04:00			`badge = Badge.find_by(name: params[:badge_name])`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`
			`raise Discourse::NotFound.new if badge.blank?`

			`badge`
			`end`

			`def can_assign_badge_to_user?(user)`
			`master_api_call = current_user.nil? && is_api?`
			`master_api_call or guardian.can_grant_badges?(user)`
			`end`
			`end`