discourse/app/controllers/user_badges_controller.rb

class UserBadgesController < ApplicationController
  def index
    params.permit [:granted_before, :offset, :username]

    badge = fetch_badge_from_params
    user_badges = badge.user_badges.order('granted_at DESC, id DESC').limit(96)
    user_badges = user_badges.includes(:user, :granted_by, badge: :badge_type, post: :topic)

    grant_count = nil

    if params[:username]
      user_id = User.where(username_lower: params[:username].downcase).pluck(:id).first
      user_badges = user_badges.where(user_id: user_id) if user_id
      grant_count = badge.user_badges.where(user_id: user_id).count
    end

    if offset = params[:offset]
      user_badges = user_badges.offset(offset.to_i)
    end

    user_badges = UserBadges.new(user_badges: user_badges,
                                 username: params[:username],
                                 grant_count: grant_count)

    render_serialized(user_badges, UserBadgesSerializer, root: :user_badge_info, include_long_description: true)
  end

  def username
    params.permit [:grouped]

    user = fetch_user_from_params
    user_badges = user.user_badges

    if params[:grouped]
      user_badges = user_badges.group(:badge_id)
        .select(UserBadge.attribute_names.map { |x| "MAX(#{x}) AS #{x}" }, 'COUNT(*) AS "count"')
    end

    user_badges = user_badges.includes(badge: [:badge_grouping, :badge_type])
      .includes(post: :topic)
      .includes(:granted_by)

    render_serialized(user_badges, DetailedUserBadgeSerializer, root: :user_badges)
  end

  def create
    params.require(:username)
    user = fetch_user_from_params

    unless can_assign_badge_to_user?(user)
      render json: failed_json, status: 403
      return
    end

    badge = fetch_badge_from_params
    post_id = nil

    if params[:reason].present?
      path = URI.parse(params[:reason]).path rescue nil
      route = Rails.application.routes.recognize_path(path) if path
      if route
        topic_id = route[:topic_id].to_i
        post_number = route[:post_number] || 1

        post_id = Post.find_by(topic_id: topic_id, post_number: post_number).try(:id) if topic_id > 0
      end
    end

    user_badge = BadgeGranter.grant(badge, user, granted_by: current_user, post_id: post_id)

    render_serialized(user_badge, DetailedUserBadgeSerializer, root: "user_badge")
  end

  def destroy
    params.require(:id)
    user_badge = UserBadge.find(params[:id])

    unless can_assign_badge_to_user?(user_badge.user)
      render json: failed_json, status: 403
      return
    end

    BadgeGranter.revoke(user_badge, revoked_by: current_user)
    render json: success_json
  end

  private

    # Get the badge from either the badge name or id specified in the params.
    def fetch_badge_from_params
      badge = nil

      params.permit(:badge_name)
      if params[:badge_name].nil?
        params.require(:badge_id)
        badge = Badge.find_by(id: params[:badge_id], enabled: true)
      else
        badge = Badge.find_by(name: params[:badge_name], enabled: true)
      end
      raise Discourse::NotFound if badge.blank?

      badge
    end

    def can_assign_badge_to_user?(user)
      master_api_call = current_user.nil? && is_api?
      master_api_call || guardian.can_grant_badges?(user)
    end
end
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`class UserBadgesController < ApplicationController`
			`def index`
FEATURE: you can not drill down and see why you have badges Clicking on badges filters down the list to a particular user. 2016-01-18 01:59:07 -05:00			`params.permit [:granted_before, :offset, :username]`
Sort the badges on the user profile page Also clean up UserBadgesController so it isn't doing two things in one method 2014-08-25 13:38:20 -04:00
			`badge = fetch_badge_from_params`
Revert "FIX: properly filter badges when they're on a whisper" This reverts commit 6b07575632618d0d64f2eb034d49a917ba47ac13. 2015-09-24 20:20:47 -04:00			`user_badges = badge.user_badges.order('granted_at DESC, id DESC').limit(96)`
Sort the badges on the user profile page Also clean up UserBadgesController so it isn't doing two things in one method 2014-08-25 13:38:20 -04:00			`user_badges = user_badges.includes(:user, :granted_by, badge: :badge_type, post: :topic)`
Load 100 users at a time for the badge page, with a button to load more. 2014-04-22 05:40:47 -04:00
FEATURE: you can not drill down and see why you have badges Clicking on badges filters down the list to a particular user. 2016-01-18 01:59:07 -05:00			`grant_count = nil`

			`if params[:username]`
			`user_id = User.where(username_lower: params[:username].downcase).pluck(:id).first`
			`user_badges = user_badges.where(user_id: user_id) if user_id`
FIX: Don't limit the count of badges to 96 2016-03-04 18:57:32 -05:00			`grant_count = badge.user_badges.where(user_id: user_id).count`
FEATURE: you can not drill down and see why you have badges Clicking on badges filters down the list to a particular user. 2016-01-18 01:59:07 -05:00			`end`

FEATURE: badge grouping UI FIX: not loading more badges on badge show page 2014-07-18 01:46:36 -04:00			`if offset = params[:offset]`
			`user_badges = user_badges.offset(offset.to_i)`
Add badge page. 2014-04-16 10:56:11 -04:00			`end`
Load 100 users at a time for the badge page, with a button to load more. 2014-04-22 05:40:47 -04:00
FEATURE: you can not drill down and see why you have badges Clicking on badges filters down the list to a particular user. 2016-01-18 01:59:07 -05:00			`user_badges = UserBadges.new(user_badges: user_badges,`
			`username: params[:username],`
			`grant_count: grant_count)`

			`render_serialized(user_badges, UserBadgesSerializer, root: :user_badge_info, include_long_description: true)`
Sort the badges on the user profile page Also clean up UserBadgesController so it isn't doing two things in one method 2014-08-25 13:38:20 -04:00			`end`

			`def username`
			`params.permit [:grouped]`

			`user = fetch_user_from_params`
Revert "FIX: properly filter badges when they're on a whisper" This reverts commit 6b07575632618d0d64f2eb034d49a917ba47ac13. 2015-09-24 20:20:47 -04:00			`user_badges = user.user_badges`
Load 100 users at a time for the badge page, with a button to load more. 2014-04-22 05:40:47 -04:00
Cosmetic changes. 2014-06-09 21:23:18 -04:00			`if params[:grouped]`
FEATURE: Allow admins to disable specific badges 2014-07-14 03:40:01 -04:00			`user_badges = user_badges.group(:badge_id)`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`.select(UserBadge.attribute_names.map { \|x\| "MAX(#{x}) AS #{x}" }, 'COUNT(*) AS "count"')`
Multiple grant badges. 2014-05-21 03:22:42 -04:00			`end`

Revert "FIX: properly filter badges when they're on a whisper" This reverts commit 6b07575632618d0d64f2eb034d49a917ba47ac13. 2015-09-24 20:20:47 -04:00			`user_badges = user_badges.includes(badge: [:badge_grouping, :badge_type])`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`.includes(post: :topic)`
			`.includes(:granted_by)`
Revert "FIX: properly filter badges when they're on a whisper" This reverts commit 6b07575632618d0d64f2eb034d49a917ba47ac13. 2015-09-24 20:20:47 -04:00
FEATURE: you can not drill down and see why you have badges Clicking on badges filters down the list to a particular user. 2016-01-18 01:59:07 -05:00			`render_serialized(user_badges, DetailedUserBadgeSerializer, root: :user_badges)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`

			`def create`
			`params.require(:username)`
			`user = fetch_user_from_params`

			`unless can_assign_badge_to_user?(user)`
			`render json: failed_json, status: 403`
			`return`
			`end`

			`badge = fetch_badge_from_params`
FEATURE: Allow manual assignment of related post to badge PERF: clean up performance of user badges admin when large number of badges exist 2015-02-24 20:52:43 -05:00			`post_id = nil`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00
FEATURE: Allow manual assignment of related post to badge PERF: clean up performance of user badges admin when large number of badges exist 2015-02-24 20:52:43 -05:00			`if params[:reason].present?`
			`path = URI.parse(params[:reason]).path rescue nil`
			`route = Rails.application.routes.recognize_path(path) if path`
			`if route`
			`topic_id = route[:topic_id].to_i`
			`post_number = route[:post_number] \|\| 1`

			`post_id = Post.find_by(topic_id: topic_id, post_number: post_number).try(:id) if topic_id > 0`
			`end`
			`end`

			`user_badge = BadgeGranter.grant(badge, user, granted_by: current_user, post_id: post_id)`

			`render_serialized(user_badge, DetailedUserBadgeSerializer, root: "user_badge")`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`

			`def destroy`
			`params.require(:id)`
			`user_badge = UserBadge.find(params[:id])`

			`unless can_assign_badge_to_user?(user_badge.user)`
			`render json: failed_json, status: 403`
			`return`
			`end`

Log badge grant/revoke to the staff actions log. 2014-03-19 15:30:12 -04:00			`BadgeGranter.revoke(user_badge, revoked_by: current_user)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`render json: success_json`
			`end`

			`private`

			`# Get the badge from either the badge name or id specified in the params.`
			`def fetch_badge_from_params`
			`badge = nil`

			`params.permit(:badge_name)`
			`if params[:badge_name].nil?`
			`params.require(:badge_id)`
FEATURE: Allow admins to disable specific badges 2014-07-14 03:40:01 -04:00			`badge = Badge.find_by(id: params[:badge_id], enabled: true)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`else`
FEATURE: Allow admins to disable specific badges 2014-07-14 03:40:01 -04:00			`badge = Badge.find_by(name: params[:badge_name], enabled: true)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`
usage of raise corrected 2015-05-06 21:00:51 -04:00			`raise Discourse::NotFound if badge.blank?`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00
			`badge`
			`end`

			`def can_assign_badge_to_user?(user)`
			`master_api_call = current_user.nil? && is_api?`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`master_api_call \|\| guardian.can_grant_badges?(user)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`
			`end`