2019-05-02 02:57:12 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2020-01-13 09:20:26 -05:00
|
|
|
require 'csv'
|
|
|
|
|
2014-03-05 07:52:20 -05:00
|
|
|
class Admin::BadgesController < Admin::AdminController
|
2021-07-14 22:53:26 -04:00
|
|
|
MAX_CSV_LINES = 50_000
|
|
|
|
BATCH_SIZE = 200
|
2014-07-24 04:28:09 -04:00
|
|
|
|
|
|
|
def index
|
|
|
|
data = {
|
2014-07-27 04:22:01 -04:00
|
|
|
badge_types: BadgeType.all.order(:id).to_a,
|
|
|
|
badge_groupings: BadgeGrouping.all.order(:position).to_a,
|
2014-07-29 18:35:15 -04:00
|
|
|
badges: Badge.includes(:badge_grouping)
|
2021-03-17 01:55:23 -04:00
|
|
|
.includes(:badge_type, :image_upload)
|
2014-07-29 18:35:15 -04:00
|
|
|
.references(:badge_grouping)
|
|
|
|
.order('badge_groupings.position, badge_type_id, badges.name').to_a,
|
2014-07-24 04:28:09 -04:00
|
|
|
protected_system_fields: Badge.protected_system_fields,
|
|
|
|
triggers: Badge.trigger_hash
|
|
|
|
}
|
|
|
|
render_serialized(OpenStruct.new(data), AdminBadgesSerializer)
|
|
|
|
end
|
|
|
|
|
|
|
|
def preview
|
2016-07-27 19:03:00 -04:00
|
|
|
unless SiteSetting.enable_badge_sql
|
2018-05-17 12:09:27 -04:00
|
|
|
return render json: "preview not allowed", status: 403
|
2016-07-27 19:03:00 -04:00
|
|
|
end
|
|
|
|
|
FEATURE: Badge query validation, preview results, and EXPLAIN
Upon saving a badge or requesting a badge result preview,
BadgeGranter.contract_checks! will examine the provided badge SQL for
some contractual obligations - namely, the returned columns and use of
trigger parameters.
Saving the badge is wrapped in a transaction to make this easier, by
raising ActiveRecord::Rollback on a detected violation.
On the client, a modal view is added for the badge query sample run
results, named admin-badge-preview.
The preview action is moved up to the route.
The save action, on failure, triggers a 'saveError' action (also in the
route).
The preview action gains a new parameter, 'explain', which will give the
output of an EXPLAIN query for the badge sql, which can be used by forum
admins to estimate the cost of their badge queries.
The preview link is replaced by two links, one which omits (false) and
includes (true) the EXPLAIN query.
The Badge.save() method is amended to propogate errors.
Badge::Trigger gets some utility methods for use in the
BadgeGranter.contract_checks! method.
Additionally, extra checks outside of BadgeGranter.contract_checks! are
added in the preview() method, to cover cases of null granted_at
columns.
An uninitialized variable path is removed in the backfill() method.
TODO - it would be nice to be able to get the actual names of all
columns the provided query returns, so we could give more errors
2014-08-25 18:17:29 -04:00
|
|
|
render json: BadgeGranter.preview(params[:sql],
|
|
|
|
target_posts: params[:target_posts] == "true",
|
|
|
|
explain: params[:explain] == "true",
|
|
|
|
trigger: params[:trigger].to_i)
|
2014-07-24 04:28:09 -04:00
|
|
|
end
|
|
|
|
|
2014-10-17 14:27:40 -04:00
|
|
|
def new
|
|
|
|
end
|
|
|
|
|
|
|
|
def show
|
|
|
|
end
|
|
|
|
|
2020-01-13 09:20:26 -05:00
|
|
|
def award
|
|
|
|
end
|
|
|
|
|
|
|
|
def mass_award
|
|
|
|
csv_file = params.permit(:file).fetch(:file, nil)
|
|
|
|
badge = Badge.find_by(id: params[:badge_id])
|
|
|
|
raise Discourse::InvalidParameters if csv_file.try(:tempfile).nil? || badge.nil?
|
|
|
|
|
2021-03-12 12:28:27 -05:00
|
|
|
if !badge.enabled?
|
|
|
|
render_json_error(
|
|
|
|
I18n.t('badges.mass_award.errors.badge_disabled', badge_name: badge.display_name),
|
|
|
|
status: 422
|
|
|
|
)
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2020-01-23 12:14:58 -05:00
|
|
|
replace_badge_owners = params[:replace_badge_owners] == 'true'
|
2021-07-14 22:53:26 -04:00
|
|
|
ensure_users_have_badge_once = params[:grant_existing_holders] != 'true'
|
|
|
|
if !ensure_users_have_badge_once && !badge.multiple_grant?
|
|
|
|
render_json_error(
|
|
|
|
I18n.t('badges.mass_award.errors.cant_grant_multiple_times', badge_name: badge.display_name),
|
|
|
|
status: 422
|
|
|
|
)
|
|
|
|
return
|
|
|
|
end
|
2020-01-23 12:14:58 -05:00
|
|
|
|
2020-01-23 12:04:06 -05:00
|
|
|
line_number = 1
|
2021-07-14 22:53:26 -04:00
|
|
|
usernames = []
|
|
|
|
emails = []
|
2020-01-13 09:20:26 -05:00
|
|
|
File.open(csv_file) do |csv|
|
2021-07-14 22:53:26 -04:00
|
|
|
csv.each_line do |line|
|
|
|
|
line = CSV.parse_line(line).first&.strip
|
|
|
|
line_number += 1
|
2020-02-27 09:07:46 -05:00
|
|
|
|
|
|
|
if line.present?
|
2021-07-14 22:53:26 -04:00
|
|
|
if line.include?('@')
|
|
|
|
emails << line
|
|
|
|
else
|
|
|
|
usernames << line
|
|
|
|
end
|
2020-02-27 09:07:46 -05:00
|
|
|
end
|
2020-01-13 09:20:26 -05:00
|
|
|
|
2021-07-14 22:53:26 -04:00
|
|
|
if emails.size + usernames.size > MAX_CSV_LINES
|
|
|
|
return render_json_error I18n.t('badges.mass_award.errors.too_many_csv_entries', count: MAX_CSV_LINES), status: 400
|
2020-01-13 09:20:26 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2021-07-14 22:53:26 -04:00
|
|
|
BadgeGranter.revoke_all(badge) if replace_badge_owners
|
2020-01-13 09:20:26 -05:00
|
|
|
|
2021-07-14 22:53:26 -04:00
|
|
|
results = BadgeGranter.enqueue_mass_grant_for_users(
|
|
|
|
badge,
|
|
|
|
emails: emails,
|
|
|
|
usernames: usernames,
|
|
|
|
ensure_users_have_badge_once: ensure_users_have_badge_once
|
|
|
|
)
|
|
|
|
|
|
|
|
render json: {
|
|
|
|
unmatched_entries: results[:unmatched_entries].first(100),
|
|
|
|
matched_users_count: results[:matched_users_count],
|
|
|
|
unmatched_entries_count: results[:unmatched_entries_count]
|
|
|
|
}, status: :ok
|
2020-01-13 09:20:26 -05:00
|
|
|
rescue CSV::MalformedCSVError
|
2020-01-23 12:04:06 -05:00
|
|
|
render_json_error I18n.t('badges.mass_award.errors.invalid_csv', line_number: line_number), status: 400
|
2020-01-13 09:20:26 -05:00
|
|
|
end
|
|
|
|
|
2014-03-05 07:52:20 -05:00
|
|
|
def badge_types
|
|
|
|
badge_types = BadgeType.all.to_a
|
|
|
|
render_serialized(badge_types, BadgeTypeSerializer, root: "badge_types")
|
|
|
|
end
|
|
|
|
|
2014-07-27 04:22:01 -04:00
|
|
|
def save_badge_groupings
|
|
|
|
badge_groupings = BadgeGrouping.all.order(:position).to_a
|
|
|
|
ids = params[:ids].map(&:to_i)
|
|
|
|
|
|
|
|
params[:names].each_with_index do |name, index|
|
|
|
|
id = ids[index].to_i
|
2018-05-17 12:09:27 -04:00
|
|
|
group = badge_groupings.find { |b| b.id == id } || BadgeGrouping.new
|
2014-07-27 04:22:01 -04:00
|
|
|
group.name = name
|
|
|
|
group.position = index
|
|
|
|
group.save
|
|
|
|
end
|
|
|
|
|
|
|
|
badge_groupings.each do |g|
|
|
|
|
g.destroy unless g.system? || ids.include?(g.id)
|
|
|
|
end
|
|
|
|
|
|
|
|
badge_groupings = BadgeGrouping.all.order(:position).to_a
|
2014-07-21 21:11:30 -04:00
|
|
|
render_serialized(badge_groupings, BadgeGroupingSerializer, root: "badge_groupings")
|
|
|
|
end
|
|
|
|
|
2014-03-05 07:52:20 -05:00
|
|
|
def create
|
|
|
|
badge = Badge.new
|
2014-09-02 16:22:52 -04:00
|
|
|
errors = update_badge_from_params(badge, new: true)
|
|
|
|
|
|
|
|
if errors.present?
|
|
|
|
render_json_error errors
|
|
|
|
else
|
2018-05-17 12:09:27 -04:00
|
|
|
StaffActionLogger.new(current_user).log_badge_creation(badge)
|
2017-05-09 09:25:57 -04:00
|
|
|
render_serialized(badge, AdminBadgeSerializer, root: "badge")
|
2014-09-02 16:22:52 -04:00
|
|
|
end
|
2014-03-05 07:52:20 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def update
|
|
|
|
badge = find_badge
|
2014-09-02 16:22:52 -04:00
|
|
|
errors = update_badge_from_params(badge)
|
FEATURE: Badge query validation, preview results, and EXPLAIN
Upon saving a badge or requesting a badge result preview,
BadgeGranter.contract_checks! will examine the provided badge SQL for
some contractual obligations - namely, the returned columns and use of
trigger parameters.
Saving the badge is wrapped in a transaction to make this easier, by
raising ActiveRecord::Rollback on a detected violation.
On the client, a modal view is added for the badge query sample run
results, named admin-badge-preview.
The preview action is moved up to the route.
The save action, on failure, triggers a 'saveError' action (also in the
route).
The preview action gains a new parameter, 'explain', which will give the
output of an EXPLAIN query for the badge sql, which can be used by forum
admins to estimate the cost of their badge queries.
The preview link is replaced by two links, one which omits (false) and
includes (true) the EXPLAIN query.
The Badge.save() method is amended to propogate errors.
Badge::Trigger gets some utility methods for use in the
BadgeGranter.contract_checks! method.
Additionally, extra checks outside of BadgeGranter.contract_checks! are
added in the preview() method, to cover cases of null granted_at
columns.
An uninitialized variable path is removed in the backfill() method.
TODO - it would be nice to be able to get the actual names of all
columns the provided query returns, so we could give more errors
2014-08-25 18:17:29 -04:00
|
|
|
|
2014-09-02 16:22:52 -04:00
|
|
|
if errors.present?
|
|
|
|
render_json_error errors
|
FEATURE: Badge query validation, preview results, and EXPLAIN
Upon saving a badge or requesting a badge result preview,
BadgeGranter.contract_checks! will examine the provided badge SQL for
some contractual obligations - namely, the returned columns and use of
trigger parameters.
Saving the badge is wrapped in a transaction to make this easier, by
raising ActiveRecord::Rollback on a detected violation.
On the client, a modal view is added for the badge query sample run
results, named admin-badge-preview.
The preview action is moved up to the route.
The save action, on failure, triggers a 'saveError' action (also in the
route).
The preview action gains a new parameter, 'explain', which will give the
output of an EXPLAIN query for the badge sql, which can be used by forum
admins to estimate the cost of their badge queries.
The preview link is replaced by two links, one which omits (false) and
includes (true) the EXPLAIN query.
The Badge.save() method is amended to propogate errors.
Badge::Trigger gets some utility methods for use in the
BadgeGranter.contract_checks! method.
Additionally, extra checks outside of BadgeGranter.contract_checks! are
added in the preview() method, to cover cases of null granted_at
columns.
An uninitialized variable path is removed in the backfill() method.
TODO - it would be nice to be able to get the actual names of all
columns the provided query returns, so we could give more errors
2014-08-25 18:17:29 -04:00
|
|
|
else
|
2018-05-17 12:09:27 -04:00
|
|
|
StaffActionLogger.new(current_user).log_badge_change(badge)
|
2017-05-09 09:25:57 -04:00
|
|
|
render_serialized(badge, AdminBadgeSerializer, root: "badge")
|
FEATURE: Badge query validation, preview results, and EXPLAIN
Upon saving a badge or requesting a badge result preview,
BadgeGranter.contract_checks! will examine the provided badge SQL for
some contractual obligations - namely, the returned columns and use of
trigger parameters.
Saving the badge is wrapped in a transaction to make this easier, by
raising ActiveRecord::Rollback on a detected violation.
On the client, a modal view is added for the badge query sample run
results, named admin-badge-preview.
The preview action is moved up to the route.
The save action, on failure, triggers a 'saveError' action (also in the
route).
The preview action gains a new parameter, 'explain', which will give the
output of an EXPLAIN query for the badge sql, which can be used by forum
admins to estimate the cost of their badge queries.
The preview link is replaced by two links, one which omits (false) and
includes (true) the EXPLAIN query.
The Badge.save() method is amended to propogate errors.
Badge::Trigger gets some utility methods for use in the
BadgeGranter.contract_checks! method.
Additionally, extra checks outside of BadgeGranter.contract_checks! are
added in the preview() method, to cover cases of null granted_at
columns.
An uninitialized variable path is removed in the backfill() method.
TODO - it would be nice to be able to get the actual names of all
columns the provided query returns, so we could give more errors
2014-08-25 18:17:29 -04:00
|
|
|
end
|
2014-03-05 07:52:20 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def destroy
|
2020-05-02 21:02:28 -04:00
|
|
|
Badge.transaction do
|
|
|
|
badge = find_badge
|
|
|
|
StaffActionLogger.new(current_user).log_badge_deletion(badge)
|
|
|
|
badge.clear_user_titles!
|
|
|
|
badge.destroy!
|
|
|
|
end
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2014-03-05 07:52:20 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
private
|
2021-07-14 22:53:26 -04:00
|
|
|
|
2014-03-05 07:52:20 -05:00
|
|
|
def find_badge
|
|
|
|
params.require(:id)
|
|
|
|
Badge.find(params[:id])
|
|
|
|
end
|
|
|
|
|
2014-09-02 16:22:52 -04:00
|
|
|
# Options:
|
|
|
|
# :new - reset the badge id to nil before saving
|
|
|
|
def update_badge_from_params(badge, opts = {})
|
|
|
|
errors = []
|
|
|
|
Badge.transaction do
|
2017-02-20 08:35:05 -05:00
|
|
|
allowed = Badge.column_names.map(&:to_sym)
|
2014-09-02 16:22:52 -04:00
|
|
|
allowed -= [:id, :created_at, :updated_at, :grant_count]
|
|
|
|
allowed -= Badge.protected_system_fields if badge.system?
|
2016-07-27 19:03:00 -04:00
|
|
|
allowed -= [:query] unless SiteSetting.enable_badge_sql
|
|
|
|
|
2014-09-02 16:22:52 -04:00
|
|
|
params.permit(*allowed)
|
|
|
|
|
|
|
|
allowed.each do |key|
|
2019-05-06 21:27:05 -04:00
|
|
|
badge.public_send("#{key}=" , params[key]) if params[key]
|
2014-09-02 16:22:52 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
# Badge query contract checks
|
|
|
|
begin
|
2016-07-27 19:03:00 -04:00
|
|
|
if SiteSetting.enable_badge_sql
|
|
|
|
BadgeGranter.contract_checks!(badge.query, target_posts: badge.target_posts, trigger: badge.trigger)
|
2014-09-02 16:22:52 -04:00
|
|
|
end
|
|
|
|
rescue => e
|
|
|
|
errors << e.message
|
|
|
|
raise ActiveRecord::Rollback
|
|
|
|
end
|
2014-07-21 21:11:30 -04:00
|
|
|
|
2014-10-17 14:27:40 -04:00
|
|
|
badge.id = nil if opts[:new]
|
|
|
|
badge.save!
|
2014-03-05 07:52:20 -05:00
|
|
|
end
|
2018-06-07 01:28:18 -04:00
|
|
|
|
2019-11-08 00:34:24 -05:00
|
|
|
if opts[:new].blank?
|
|
|
|
Jobs.enqueue(
|
|
|
|
:bulk_user_title_update,
|
|
|
|
new_title: badge.name,
|
|
|
|
granted_badge_id: badge.id,
|
|
|
|
action: Jobs::BulkUserTitleUpdate::UPDATE_ACTION
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
2018-06-07 01:28:18 -04:00
|
|
|
errors
|
2014-10-17 14:27:40 -04:00
|
|
|
rescue ActiveRecord::RecordInvalid
|
|
|
|
errors.push(*badge.errors.full_messages)
|
2018-06-07 01:28:18 -04:00
|
|
|
errors
|
|
|
|
end
|
2014-03-05 07:52:20 -05:00
|
|
|
end
|