discourse/app/controllers/admin/groups_controller.rb
Sam Saffron 6dd4bc7d57 FEATURE: support group owner, capable of controlling group membership
Group owners are regular users that can add or remove users to a group
The Admin UX allows admins to appoint group owners
The public group UX will display group owners first and unlock UI to
add and remove members

Group owners can only be appointed on non automatic groups
Group owners may not appoint another group owner
2015-11-10 00:56:57 +11:00

141 lines
3.8 KiB
Ruby

class Admin::GroupsController < Admin::AdminController
def index
groups = Group.order(:name)
if search = params[:search]
search = search.to_s
groups = groups.where("name ILIKE ?", "%#{search}%")
end
if params[:ignore_automatic].to_s == "true"
groups = groups.where(automatic: false)
end
render_serialized(groups, BasicGroupSerializer)
end
def show
render nothing: true
end
def bulk
render nothing: true
end
def bulk_perform
group = Group.find(params[:group_id].to_i)
if group.present?
users = (params[:users] || []).map {|u| u.downcase}
user_ids = User.where("username_lower in (:users) OR email IN (:users)", users: users).pluck(:id)
if user_ids.present?
Group.exec_sql("INSERT INTO group_users
(group_id, user_id, created_at, updated_at)
SELECT #{group.id},
u.id,
CURRENT_TIMESTAMP,
CURRENT_TIMESTAMP
FROM users AS u
WHERE u.id IN (#{user_ids.join(', ')})
AND NOT EXISTS(SELECT 1 FROM group_users AS gu
WHERE gu.user_id = u.id AND
gu.group_id = #{group.id})")
if group.primary_group?
User.where(id: user_ids).update_all(primary_group_id: group.id)
end
if group.title.present?
User.where(id: user_ids).update_all(title: group.title)
end
end
end
render json: success_json
end
def create
group = Group.new
group.name = (params[:name] || '').strip
save_group(group)
end
def update
group = Group.find(params[:id])
# group rename is ignored for automatic groups
group.name = params[:name] if params[:name] && !group.automatic
save_group(group)
end
def save_group(group)
group.alias_level = params[:alias_level].to_i if params[:alias_level].present?
group.visible = params[:visible] == "true"
grant_trust_level = params[:grant_trust_level].to_i
group.grant_trust_level = (grant_trust_level > 0 && grant_trust_level <= 4) ? grant_trust_level : nil
group.automatic_membership_email_domains = params[:automatic_membership_email_domains] unless group.automatic
group.automatic_membership_retroactive = params[:automatic_membership_retroactive] == "true" unless group.automatic
group.primary_group = group.automatic ? false : params["primary_group"] == "true"
title = params[:title] if params[:title].present?
group.title = group.automatic ? nil : title
if group.save
render_serialized(group, BasicGroupSerializer)
else
render_json_error group
end
end
def destroy
group = Group.find(params[:id])
if group.automatic
can_not_modify_automatic
else
group.destroy
render json: success_json
end
end
def refresh_automatic_groups
Group.refresh_automatic_groups!
render json: success_json
end
def add_owners
group = Group.find(params.require(:id))
return can_not_modify_automatic if group.automatic
users = User.where(username: params[:usernames].split(","))
users.each do |user|
if !group.users.include?(user)
group.add(user)
end
group.group_users.where(user_id: user.id).update_all(owner: true)
end
render json: success_json
end
def remove_owner
group = Group.find(params.require(:id))
return can_not_modify_automatic if group.automatic
user = User.find(params[:user_id].to_i)
group.group_users.where(user_id: user.id).update_all(owner: false)
render json: success_json
end
protected
def can_not_modify_automatic
render json: {errors: I18n.t('groups.errors.can_not_modify_automatic')}, status: 422
end
end