discourse/app/controllers/user_badges_controller.rb

class UserBadgesController < ApplicationController
  before_action :ensure_badges_enabled

  def index
    params.permit [:granted_before, :offset, :username]

    badge = fetch_badge_from_params
    user_badges = badge.user_badges.order('granted_at DESC, id DESC').limit(96)
    user_badges = user_badges.includes(:user, :granted_by, badge: :badge_type, post: :topic)

    grant_count = nil

    if params[:username]
      user_id = User.where(username_lower: params[:username].downcase).pluck(:id).first
      user_badges = user_badges.where(user_id: user_id) if user_id
      grant_count = badge.user_badges.where(user_id: user_id).count
    end

    if offset = params[:offset]
      user_badges = user_badges.offset(offset.to_i)
    end

    user_badges = UserBadges.new(user_badges: user_badges,
                                 username: params[:username],
                                 grant_count: grant_count)

    render_serialized(user_badges, UserBadgesSerializer, root: :user_badge_info, include_long_description: true)
  end

  def username
    params.permit [:grouped]

    user = fetch_user_from_params(include_inactive: current_user.try(:staff?) || (current_user && SiteSetting.show_inactive_accounts))
    user_badges = user.user_badges

    if params[:grouped]
      user_badges = user_badges.group(:badge_id)
        .select(UserBadge.attribute_names.map { |x| "MAX(#{x}) AS #{x}" }, 'COUNT(*) AS "count"')
    end

    user_badges = user_badges.includes(badge: [:badge_grouping, :badge_type])
      .includes(post: :topic)
      .includes(:granted_by)

    render_serialized(user_badges, DetailedUserBadgeSerializer, root: :user_badges)
  end

  def create
    params.require(:username)
    user = fetch_user_from_params

    unless can_assign_badge_to_user?(user)
      render json: failed_json, status: 403
      return
    end

    badge = fetch_badge_from_params
    post_id = nil

    if params[:reason].present?
      path = begin
        URI.parse(params[:reason]).path
      rescue URI::InvalidURIError
      end

      route = Rails.application.routes.recognize_path(path) if path
      if route
        topic_id = route[:topic_id].to_i
        post_number = route[:post_number] || 1

        post_id = Post.find_by(topic_id: topic_id, post_number: post_number).try(:id) if topic_id > 0
      end
    end

    user_badge = BadgeGranter.grant(badge, user, granted_by: current_user, post_id: post_id)

    render_serialized(user_badge, DetailedUserBadgeSerializer, root: "user_badge")
  end

  def destroy
    params.require(:id)
    user_badge = UserBadge.find(params[:id])

    unless can_assign_badge_to_user?(user_badge.user)
      render json: failed_json, status: 403
      return
    end

    BadgeGranter.revoke(user_badge, revoked_by: current_user)
    render json: success_json
  end

  private

    # Get the badge from either the badge name or id specified in the params.
    def fetch_badge_from_params
      badge = nil

      params.permit(:badge_name)
      if params[:badge_name].nil?
        params.require(:badge_id)
        badge = Badge.find_by(id: params[:badge_id], enabled: true)
      else
        badge = Badge.find_by(name: params[:badge_name], enabled: true)
      end
      raise Discourse::NotFound if badge.blank?

      badge
    end

    def can_assign_badge_to_user?(user)
      master_api_call = current_user.nil? && is_api?
      master_api_call || guardian.can_grant_badges?(user)
    end

    def ensure_badges_enabled
      raise Discourse::NotFound unless SiteSetting.enable_badges?
    end
end
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`class UserBadgesController < ApplicationController`
FIX: Some badge routes were still working even with badges disabled 2017-11-21 12:22:24 -05:00			`before_action :ensure_badges_enabled`

Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`def index`
FEATURE: you can not drill down and see why you have badges Clicking on badges filters down the list to a particular user. 2016-01-18 01:59:07 -05:00			`params.permit [:granted_before, :offset, :username]`
Sort the badges on the user profile page Also clean up UserBadgesController so it isn't doing two things in one method 2014-08-25 13:38:20 -04:00
			`badge = fetch_badge_from_params`
Revert "FIX: properly filter badges when they're on a whisper" This reverts commit 6b07575632618d0d64f2eb034d49a917ba47ac13. 2015-09-24 20:20:47 -04:00			`user_badges = badge.user_badges.order('granted_at DESC, id DESC').limit(96)`
Sort the badges on the user profile page Also clean up UserBadgesController so it isn't doing two things in one method 2014-08-25 13:38:20 -04:00			`user_badges = user_badges.includes(:user, :granted_by, badge: :badge_type, post: :topic)`
Load 100 users at a time for the badge page, with a button to load more. 2014-04-22 05:40:47 -04:00
FEATURE: you can not drill down and see why you have badges Clicking on badges filters down the list to a particular user. 2016-01-18 01:59:07 -05:00			`grant_count = nil`

			`if params[:username]`
			`user_id = User.where(username_lower: params[:username].downcase).pluck(:id).first`
			`user_badges = user_badges.where(user_id: user_id) if user_id`
FIX: Don't limit the count of badges to 96 2016-03-04 18:57:32 -05:00			`grant_count = badge.user_badges.where(user_id: user_id).count`
FEATURE: you can not drill down and see why you have badges Clicking on badges filters down the list to a particular user. 2016-01-18 01:59:07 -05:00			`end`

FEATURE: badge grouping UI FIX: not loading more badges on badge show page 2014-07-18 01:46:36 -04:00			`if offset = params[:offset]`
			`user_badges = user_badges.offset(offset.to_i)`
Add badge page. 2014-04-16 10:56:11 -04:00			`end`
Load 100 users at a time for the badge page, with a button to load more. 2014-04-22 05:40:47 -04:00
FEATURE: you can not drill down and see why you have badges Clicking on badges filters down the list to a particular user. 2016-01-18 01:59:07 -05:00			`user_badges = UserBadges.new(user_badges: user_badges,`
			`username: params[:username],`
			`grant_count: grant_count)`

			`render_serialized(user_badges, UserBadgesSerializer, root: :user_badge_info, include_long_description: true)`
Sort the badges on the user profile page Also clean up UserBadgesController so it isn't doing two things in one method 2014-08-25 13:38:20 -04:00			`end`

			`def username`
			`params.permit [:grouped]`

FEATURE: new site setting show_inactive_accounts 2017-12-07 01:23:27 -05:00			`user = fetch_user_from_params(include_inactive: current_user.try(:staff?) \|\| (current_user && SiteSetting.show_inactive_accounts))`
Revert "FIX: properly filter badges when they're on a whisper" This reverts commit 6b07575632618d0d64f2eb034d49a917ba47ac13. 2015-09-24 20:20:47 -04:00			`user_badges = user.user_badges`
Load 100 users at a time for the badge page, with a button to load more. 2014-04-22 05:40:47 -04:00
Cosmetic changes. 2014-06-09 21:23:18 -04:00			`if params[:grouped]`
FEATURE: Allow admins to disable specific badges 2014-07-14 03:40:01 -04:00			`user_badges = user_badges.group(:badge_id)`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`.select(UserBadge.attribute_names.map { \|x\| "MAX(#{x}) AS #{x}" }, 'COUNT(*) AS "count"')`
Multiple grant badges. 2014-05-21 03:22:42 -04:00			`end`

Revert "FIX: properly filter badges when they're on a whisper" This reverts commit 6b07575632618d0d64f2eb034d49a917ba47ac13. 2015-09-24 20:20:47 -04:00			`user_badges = user_badges.includes(badge: [:badge_grouping, :badge_type])`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`.includes(post: :topic)`
			`.includes(:granted_by)`
Revert "FIX: properly filter badges when they're on a whisper" This reverts commit 6b07575632618d0d64f2eb034d49a917ba47ac13. 2015-09-24 20:20:47 -04:00
FEATURE: you can not drill down and see why you have badges Clicking on badges filters down the list to a particular user. 2016-01-18 01:59:07 -05:00			`render_serialized(user_badges, DetailedUserBadgeSerializer, root: :user_badges)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`

			`def create`
			`params.require(:username)`
			`user = fetch_user_from_params`

			`unless can_assign_badge_to_user?(user)`
			`render json: failed_json, status: 403`
			`return`
			`end`

			`badge = fetch_badge_from_params`
FEATURE: Allow manual assignment of related post to badge PERF: clean up performance of user badges admin when large number of badges exist 2015-02-24 20:52:43 -05:00			`post_id = nil`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00
FEATURE: Allow manual assignment of related post to badge PERF: clean up performance of user badges admin when large number of badges exist 2015-02-24 20:52:43 -05:00			`if params[:reason].present?`
Remove use of `rescue nil`. * `rescue nil` is a really bad pattern to use in our code base. We should rescue errors that we expect the code to throw and not rescue everything because we're unsure of what errors the code would throw. This would reduce the amount of pain we face when debugging why something isn't working as expexted. I've been bitten countless of times by errors being swallowed as a result during debugging sessions. 2018-03-28 04:20:08 -04:00			`path = begin`
			`URI.parse(params[:reason]).path`
			`rescue URI::InvalidURIError`
			`end`

FEATURE: Allow manual assignment of related post to badge PERF: clean up performance of user badges admin when large number of badges exist 2015-02-24 20:52:43 -05:00			`route = Rails.application.routes.recognize_path(path) if path`
			`if route`
			`topic_id = route[:topic_id].to_i`
			`post_number = route[:post_number] \|\| 1`

			`post_id = Post.find_by(topic_id: topic_id, post_number: post_number).try(:id) if topic_id > 0`
			`end`
			`end`

			`user_badge = BadgeGranter.grant(badge, user, granted_by: current_user, post_id: post_id)`

			`render_serialized(user_badge, DetailedUserBadgeSerializer, root: "user_badge")`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`

			`def destroy`
			`params.require(:id)`
			`user_badge = UserBadge.find(params[:id])`

			`unless can_assign_badge_to_user?(user_badge.user)`
			`render json: failed_json, status: 403`
			`return`
			`end`

Log badge grant/revoke to the staff actions log. 2014-03-19 15:30:12 -04:00			`BadgeGranter.revoke(user_badge, revoked_by: current_user)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`render json: success_json`
			`end`

			`private`

			`# Get the badge from either the badge name or id specified in the params.`
			`def fetch_badge_from_params`
			`badge = nil`

			`params.permit(:badge_name)`
			`if params[:badge_name].nil?`
			`params.require(:badge_id)`
FEATURE: Allow admins to disable specific badges 2014-07-14 03:40:01 -04:00			`badge = Badge.find_by(id: params[:badge_id], enabled: true)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`else`
FEATURE: Allow admins to disable specific badges 2014-07-14 03:40:01 -04:00			`badge = Badge.find_by(name: params[:badge_name], enabled: true)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`
usage of raise corrected 2015-05-06 21:00:51 -04:00			`raise Discourse::NotFound if badge.blank?`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00
			`badge`
			`end`

			`def can_assign_badge_to_user?(user)`
			`master_api_call = current_user.nil? && is_api?`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`master_api_call \|\| guardian.can_grant_badges?(user)`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`
FIX: Some badge routes were still working even with badges disabled 2017-11-21 12:22:24 -05:00
			`def ensure_badges_enabled`
			`raise Discourse::NotFound unless SiteSetting.enable_badges?`
			`end`
Initial badge system implementation. 2014-03-05 07:52:20 -05:00			`end`