100 lines
3.0 KiB
Ruby
100 lines
3.0 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class SidebarSectionsController < ApplicationController
|
|
requires_login
|
|
before_action :check_if_member_of_group
|
|
before_action :check_access_if_public
|
|
|
|
def index
|
|
sections =
|
|
SidebarSection
|
|
.where("public OR user_id = ?", current_user.id)
|
|
.order("(public IS TRUE) DESC")
|
|
.map { |section| SidebarSectionSerializer.new(section, root: false) }
|
|
render json: sections
|
|
end
|
|
|
|
def create
|
|
sidebar_section =
|
|
SidebarSection.create!(
|
|
section_params.merge(user: current_user, sidebar_urls_attributes: links_params),
|
|
)
|
|
|
|
if sidebar_section.public?
|
|
StaffActionLogger.new(current_user).log_create_public_sidebar_section(sidebar_section)
|
|
MessageBus.publish(
|
|
"/refresh-sidebar-sections",
|
|
nil,
|
|
group_ids: SiteSetting.enable_custom_sidebar_sections_map,
|
|
)
|
|
end
|
|
|
|
render json: SidebarSectionSerializer.new(sidebar_section)
|
|
rescue ActiveRecord::RecordInvalid => e
|
|
render_json_error(e.record.errors.full_messages.first)
|
|
end
|
|
|
|
def update
|
|
sidebar_section = SidebarSection.find_by(id: section_params["id"])
|
|
@guardian.ensure_can_edit!(sidebar_section)
|
|
|
|
sidebar_section.update!(section_params.merge(sidebar_urls_attributes: links_params))
|
|
|
|
if sidebar_section.public?
|
|
StaffActionLogger.new(current_user).log_update_public_sidebar_section(sidebar_section)
|
|
MessageBus.publish(
|
|
"/refresh-sidebar-sections",
|
|
nil,
|
|
group_ids: SiteSetting.enable_custom_sidebar_sections_map,
|
|
)
|
|
end
|
|
|
|
render json: SidebarSectionSerializer.new(sidebar_section)
|
|
rescue ActiveRecord::RecordInvalid => e
|
|
render_json_error(e.record.errors.full_messages.first)
|
|
rescue Discourse::InvalidAccess
|
|
render json: failed_json, status: 403
|
|
end
|
|
|
|
def destroy
|
|
sidebar_section = SidebarSection.find_by(id: section_params["id"])
|
|
@guardian.ensure_can_delete!(sidebar_section)
|
|
sidebar_section.destroy!
|
|
|
|
if sidebar_section.public?
|
|
StaffActionLogger.new(current_user).log_destroy_public_sidebar_section(sidebar_section)
|
|
MessageBus.publish(
|
|
"/refresh-sidebar-sections",
|
|
nil,
|
|
group_ids: SiteSetting.enable_custom_sidebar_sections_map,
|
|
)
|
|
end
|
|
render json: SidebarSectionSerializer.new(sidebar_section)
|
|
rescue Discourse::InvalidAccess
|
|
render json: failed_json, status: 403
|
|
end
|
|
|
|
def section_params
|
|
params.permit(:id, :title, :public)
|
|
end
|
|
|
|
def links_params
|
|
params.permit(links: %i[icon name value id _destroy])["links"]
|
|
end
|
|
|
|
def check_if_member_of_group
|
|
### TODO remove when enable_custom_sidebar_sections SiteSetting is removed
|
|
if !SiteSetting.enable_custom_sidebar_sections.present? ||
|
|
!current_user.in_any_groups?(SiteSetting.enable_custom_sidebar_sections_map)
|
|
raise Discourse::InvalidAccess
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def check_access_if_public
|
|
return true if !params[:public]
|
|
raise Discourse::InvalidAccess.new if !guardian.can_create_public_sidebar_section?
|
|
end
|
|
end
|