From 606073fe93f91b479c96b37c705d823caace8b66 Mon Sep 17 00:00:00 2001 From: Kevin Casey Date: Tue, 7 Jan 2014 12:08:56 -0800 Subject: [PATCH 1/9] interface for adding and losing roles --- app/controllers/application_controller.rb | 10 ++++---- app/controllers/users_controller.rb | 23 +++++++++++++++++- app/models/member_semester.rb | 7 ++++++ app/models/user.rb | 10 +++++++- app/views/users/roles.html.erb | 29 +++++++++++++++++++++++ app/views/users/show.html.erb | 2 +- config/routes.rb | 2 ++ 7 files changed, 74 insertions(+), 9 deletions(-) create mode 100644 app/views/users/roles.html.erb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 188ea95..75338b7 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -28,12 +28,10 @@ def authorize(group) return unless current_user if !user_session[group].nil? user_session[group] - elsif current_user.is_current_officer?(group) || current_user.is_current_officer?(:compserv) - user_session[group] = true - true + elsif current_user.has_ever_had_position?(group) || current_user.is_current_officer?(:compserv) + user_session[group] = true # assigns and returns true else - user_session[group] = false - false + user_session[group] = false # assigns and returns false end end @@ -43,7 +41,7 @@ def candidate_authorize end def authenticate!(group) - unless authenticate_user! and (current_user.is_current_officer?(group) || current_user.is_current_officer?(:compserv)) + unless authorize(group) redirect_to root_path, alert: "You do not have permission(#{group}) to access that" end end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 5e11e2d..deeaa2e 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,7 +1,7 @@ require 'will_paginate/array' class UsersController < ApplicationController - before_action :set_user, only: [:show, :edit, :update, :destroy, :approve] + before_action :set_user, only: [:show, :edit, :update, :destroy, :approve, :roles, :alter_roles] before_filter :authenticate_user! # GET /users/1 @@ -115,6 +115,7 @@ def list end def approve + authenticate_vp! if @user.update(approved: true) flash[:notice] = "Successfully approved #{@user.full_name}, an email has been sent to #{@user.email}" AccountMailer.account_approval(@user).deliver @@ -124,6 +125,26 @@ def approve redirect_to user_path(@user) end + def roles + authenticate_superuser! # roles are shown on a user's show page, no reason for civilians to be here + @current_semester = MemberSemester.current + @roles = @user.roles.order(:resource_id, :role_type) + end + + def alter_roles + authenticate_superuser! + if params[:delete] + r = Role.find_by_id(params[:role]) + @user.delete_role(r) + flash[:notice] = @user.full_name + " has lost the title " + r.nice_position + " in " + r.nice_semester + else + semester = MemberSemester.find_by_season_and_year(params[:season], params[:year]) + r = @user.add_position_for_semester_and_role_type(params[:position], semester, params[:role]) + flash[:notice] = @user.full_name + " has gained the title " + r.nice_position + " in " + r.nice_semester + end + redirect_to edit_roles_user_path(@user) + end + private # Use callbacks to share common setup or constraints between actions. def set_user diff --git a/app/models/member_semester.rb b/app/models/member_semester.rb index b12d159..e01e9ed 100644 --- a/app/models/member_semester.rb +++ b/app/models/member_semester.rb @@ -11,12 +11,19 @@ class MemberSemester < ActiveRecord::Base has_and_belongs_to_many :users + SEASONS = ['Fall', 'Spring'] + validates :season, inclusion: { in: SEASONS, + message: "%{value} is not a valid semester" } class << self def current # TODO(mark): This isn't always the case, but works for now. last end + + def years + pluck(:year).uniq + end end def name diff --git a/app/models/user.rb b/app/models/user.rb index 7f28a19..390f38b 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -84,6 +84,14 @@ def has_position_for_semester_and_role_type(position, semester, role) Role.find_by_name_and_resource_id_and_role_type(position, semester.id, role) end + def delete_position_for_semester_and_role_type(position, semester, role) + Role.find_by_name_and_resource_id_and_role_type(position, semester.id, role).delete(self) + end + + def delete_role(r) # r should be an object of Role class + r.users.delete(self) + end + # Helpers for adding and checking roles for a user. def add_role_for_semester(role, semester) add_role role, semester @@ -118,7 +126,7 @@ def is_current_officer?(position) end def is_officer_for_semester?(semester) - roles_for_semester(semester).where(role_type: "officer").count > 0 + roles_for_semester(semester).officers.count > 0 end def full_name diff --git a/app/views/users/roles.html.erb b/app/views/users/roles.html.erb new file mode 100644 index 0000000..c123717 --- /dev/null +++ b/app/views/users/roles.html.erb @@ -0,0 +1,29 @@ +<%= link_to raw("← profile"), user_path(@user) %> + +<%= form_tag alter_roles_user_path do %> +
+ <%= label_tag :semester %> + <%= select_tag :season, options_for_select(MemberSemester::SEASONS, @current_semester.season) %> + <%= select_tag :year, options_for_select(MemberSemester.years, @current_semester.year), :style => 'padding-bottom: 10px;' %> +
+
+ <%= label_tag :position %> + <%= select_tag :position, options_for_select(Role.committees + ["candidate"], "candidate") %> +
+
+ <%= label_tag :role %> + <%= select_tag :role, options_for_select(Role::Positions) %> +
+
+ <%= submit_tag "Add Role"%> +
+<% end %> + +

Current Groups for <%= @user.full_name %> (<%= @user.username %>)

+ +<% @roles.each do |role| %> +

+ <%= role.nice_position %> in <%= role.nice_semester %>. + <%= button_to "Delete this role?", alter_roles_user_path(:delete => true, :role => role.id) %> +

+<% end %> diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index d53feed..d26916a 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -7,7 +7,7 @@ <% if authorize(:superuser) %> <%= link_to "[Edit]", edit_user_path(@user) %> <%= link_to "[Delete]", user_path(@user), :method => :delete, data: { confirm: "Are you sure you want to remove \"" + @user.full_name + "\"?" } %> - <%#= link_to "[Groups]", groups_person_path(@person.username) %> + <%= link_to "[Groups]", edit_roles_user_path(@user) %> <% elsif !@user.approved %> <%= link_to "[Delete]", user_path(@user), :method => :delete, :confirm => "Are you sure you want to remove \"" + @user.full_name + "\"?" %> <% end %> diff --git a/config/routes.rb b/config/routes.rb index 0d0d8fa..bfa43a1 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -12,6 +12,8 @@ match "dept_tours/:id", to: "dept_tours#respond_to_tour", via: :post match "users/approve/:id", to: "users#approve", via: :post, as: "users_approve" match "users/list(/:category)", to: "users#list", via: :get, as: "users_list" + match "users/roles/:id", to: "users#roles", via: :get, as: "edit_roles_user" + match "users/roles/:id", to: "users#alter_roles", via: :post, as: "alter_roles_user" resources :alum resources :challenges, only: [:create, :update, :index] From c81dc1cc3fd5c2f09bf29c462d18a8470e203efc Mon Sep 17 00:00:00 2001 From: Kevin Casey Date: Tue, 7 Jan 2014 12:29:23 -0800 Subject: [PATCH 2/9] bug fixes and user_session destruction --- app/controllers/users_controller.rb | 4 +++- app/models/user.rb | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index deeaa2e..4dacbe1 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -139,9 +139,11 @@ def alter_roles flash[:notice] = @user.full_name + " has lost the title " + r.nice_position + " in " + r.nice_semester else semester = MemberSemester.find_by_season_and_year(params[:season], params[:year]) - r = @user.add_position_for_semester_and_role_type(params[:position], semester, params[:role]) + @user.add_position_for_semester_and_role_type(params[:position], semester, params[:role]) + r = Role.find_by_name_and_resource_id_and_role_type(params[:position], semester.id, params[:role]) flash[:notice] = @user.full_name + " has gained the title " + r.nice_position + " in " + r.nice_semester end + destroy_user_session_path(@user) # this appears to clear the user session of the user w/out signing them out, this is so user authentications go off again. redirect_to edit_roles_user_path(@user) end diff --git a/app/models/user.rb b/app/models/user.rb index 390f38b..5d77510 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -85,7 +85,7 @@ def has_position_for_semester_and_role_type(position, semester, role) end def delete_position_for_semester_and_role_type(position, semester, role) - Role.find_by_name_and_resource_id_and_role_type(position, semester.id, role).delete(self) + Role.find_by_name_and_resource_id_and_role_type(position, semester.id, role).users.delete(self) end def delete_role(r) # r should be an object of Role class From f30603134449e0fdb19e5354bb03077ff346c4cb Mon Sep 17 00:00:00 2001 From: Kevin Casey Date: Tue, 7 Jan 2014 12:48:56 -0800 Subject: [PATCH 3/9] registrations changes --- app/controllers/registrations_controller.rb | 8 ++++++++ app/controllers/users_controller.rb | 2 +- app/views/devise/registrations/new.html.erb | 2 +- config/locales/devise.en.yml | 2 +- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index 1df784e..558da64 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -11,4 +11,12 @@ def create super end + def new + super + end + + def update + super + end + end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 4dacbe1..c771c2a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -115,7 +115,7 @@ def list end def approve - authenticate_vp! + authenticate_vp! # current user must at least be vp to approve if @user.update(approved: true) flash[:notice] = "Successfully approved #{@user.full_name}, an email has been sent to #{@user.email}" AccountMailer.account_approval(@user).deliver diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index 60f5af7..0b00b44 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -3,7 +3,7 @@ Otherwise, send us an email with your reason for registration.

-<%= form_for(resource, :as => resource_name, :url => new_user_registration_path(resource_name)) do |f| %> +<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %> <%= devise_error_messages! %>
diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml index 262dbe9..6ee37dc 100644 --- a/config/locales/devise.en.yml +++ b/config/locales/devise.en.yml @@ -42,7 +42,7 @@ en: update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address." updated: "You updated your account successfully." user: - signed_up_but_not_approved: 'You have signed up successfully but your account has not been approved by vp/compserv yet' + signed_up_but_not_approved: 'You have signed up successfully, however please give at least 24 hrs for vp/compserv to approve your account' sessions: signed_in: "Signed in successfully." signed_out: "Signed out successfully." From b2dda83b373d49f841405f974524816c98260214 Mon Sep 17 00:00:00 2001 From: Kevin Casey Date: Tue, 7 Jan 2014 13:13:29 -0800 Subject: [PATCH 4/9] active member saved in user_session --- app/controllers/application_controller.rb | 14 ++++++++++++-- app/models/user.rb | 4 +--- app/views/layouts/_officer_submenu.html.erb | 8 ++++---- app/views/layouts/application.html.erb | 2 +- 4 files changed, 18 insertions(+), 10 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 75338b7..8297271 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -9,7 +9,7 @@ def update_sanitized_params devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:first_name, :last_name, :username, :email, :password, :password_confirmation)} end - helper_method :authorize, :candidate_authorize + helper_method :authorize, :candidate_authorize, :comm_authorize, :active_member_authorize def method_missing(name, *args) case name.to_s @@ -37,7 +37,17 @@ def authorize(group) def candidate_authorize return unless current_user - user_session[:candidate].nil? ? (user_session[:candidate] = current_user && current_user.has_ever_had_role?(:candidate)) : user_session[:candidate] + user_session[:candidate].nil? ? (user_session[:candidate] = current_user.has_ever_had_role?(:candidate)) : user_session[:candidate] + end + + def comm_authorize + return unless current_user + user_session[:comm].nil? ? user_session[:comm] = current_user.has_ever_had_role?(:committee_member) || current_user.has_ever_had_role?(:officer) : user_session[:comm] + end + + def active_member_authorize + return unless current_user + user_session[:current_comm].nil? ? user_session[:current_comm] = current_user.is_active_member? : user_session[:current_comm] end def authenticate!(group) diff --git a/app/models/user.rb b/app/models/user.rb index 5d77510..343dc97 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -71,9 +71,7 @@ def rsvp!(event_id) end def is_active_member? - # TODO(mark): This should be true for all officers and committee members. - # Will add functionality when semesters + roles are working. - true + Role.semester_filter(MemberSemester.current).members.all_users.include?(self) end def add_position_for_semester_and_role_type(position, semester, role) diff --git a/app/views/layouts/_officer_submenu.html.erb b/app/views/layouts/_officer_submenu.html.erb index fddce68..38593c5 100644 --- a/app/views/layouts/_officer_submenu.html.erb +++ b/app/views/layouts/_officer_submenu.html.erb @@ -33,7 +33,7 @@
  • <%= link_to "Candidates", users_list_path('candidates') %>
  • <%= link_to 'Election Details', 'admin_election_details_path', :class => "navigation_sublevel_item" %>
    • - <% if current_user.is_active_member? %> + <% if active_member_authorize %>
  • <%= link_to 'Contact Card', 'contact_card_path', :class => 'navigation_sublevel_item' %>
    • <% end %>
@@ -59,7 +59,7 @@
    - <% if user_signed_in? && (user_session[:alum].nil? ? user_session[:alum] = !current_user.alum.nil? : user_session[:alum]) %> + <% if current_user && (user_session[:alum].nil? ? user_session[:alum] = !current_user.alum.nil? : user_session[:alum]) %>
  • <%= link_to "View My Alumnus/Alumna Information", edit_alum_path(current_user.alum) %>
    • <% else %>
  • <%= link_to "Create Alumnus/Alumna", new_alum_path %>
    • @@ -80,7 +80,7 @@
-<% if user_signed_in? && candidate_authorize %> +<% if candidate_authorize %>
  • <%= link_to "Portal Home", candidate_portal_path, :class=>"navigation_sublevel_item" %>
    • @@ -90,7 +90,7 @@
<% end %> -<% if user_signed_in? && current_user.is_active_member? %> +<% if active_member_authorize %>
  • Tutor Slot Signup
    • diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index cb90792..e42c6bb 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -42,7 +42,7 @@ <% if candidate_authorize %>
  • Candidate Portal
    • <% end %> - <% if current_user && current_user.is_officer_for_semester?(MemberSemester.current) %> + <% if comm_authorize %>
  • Admin
    • <% end %>
From ba7b43ce5f8349b5a41459c8a1a1fc00fb89001d Mon Sep 17 00:00:00 2001 From: Kevin Casey Date: Tue, 7 Jan 2014 16:39:10 -0800 Subject: [PATCH 5/9] fixed 2 method namings --- app/views/indrel/why_hkn.html.erb | 2 +- app/views/layouts/_officer_submenu.html.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/indrel/why_hkn.html.erb b/app/views/indrel/why_hkn.html.erb index 357cb3c..bbe6c2e 100644 --- a/app/views/indrel/why_hkn.html.erb +++ b/app/views/indrel/why_hkn.html.erb @@ -26,7 +26,7 @@

Sincerely,

    <% @indrel_officers.each do |person| %> -
  • <%= mail_to "#{person.username}@hkn.eecs.berkeley.edu", person.fullname, :encode => :hex %>
    • +
  • <%= mail_to "#{person.username}@hkn.eecs.berkeley.edu", person.full_name, :encode => :hex %>
    • <% end %>
diff --git a/app/views/layouts/_officer_submenu.html.erb b/app/views/layouts/_officer_submenu.html.erb index 38593c5..ed6d438 100644 --- a/app/views/layouts/_officer_submenu.html.erb +++ b/app/views/layouts/_officer_submenu.html.erb @@ -49,7 +49,7 @@ <% if user_signed_in? %>
  • <%= link_to "My RSVPs", 'my_rsvps_path' %>
    • - <% if user_signed_in? && current_user.is_active_member? %> + <% if user_signed_in? && active_member_authorize %>
  • <%= link_to "New Event", 'new_event_path' %>
  • <%= link_to "Leaderboard", 'leaderboard_path' %>
    • <% end %> From fe1c9aeaf7f35fdfeb9ac65bffbd81ef5a48c013 Mon Sep 17 00:00:00 2001 From: Kevin Casey Date: Tue, 7 Jan 2014 17:24:29 -0800 Subject: [PATCH 6/9] changes with respect to rails_best_practices --- app/controllers/admin/bridge_controller.rb | 5 +++-- app/controllers/admin/vp_controller.rb | 2 +- app/controllers/resumes_controller.rb | 4 ++-- app/controllers/users_controller.rb | 16 ++++++---------- app/helpers/application_helper.rb | 8 ++++---- app/helpers/indrel_helper.rb | 2 -- app/models/resume.rb | 8 ++++---- app/models/role.rb | 6 +++--- app/views/alum/show.html.erb | 2 +- app/views/resumes/index.html.erb | 2 +- app/views/resumes/show.html.erb | 2 +- app/views/users/list.html.erb | 2 +- app/views/users/show.html.erb | 15 ++++++++------- config/routes.rb | 2 +- db/migrate/20140108011216_add_indexes.rb | 8 ++++++++ db/schema.rb | 8 +++++++- 16 files changed, 51 insertions(+), 41 deletions(-) delete mode 100644 app/helpers/indrel_helper.rb create mode 100644 db/migrate/20140108011216_add_indexes.rb diff --git a/app/controllers/admin/bridge_controller.rb b/app/controllers/admin/bridge_controller.rb index 5a6ec0b..eb75301 100644 --- a/app/controllers/admin/bridge_controller.rb +++ b/app/controllers/admin/bridge_controller.rb @@ -12,10 +12,11 @@ def officer_photo_upload officer = User.find_by_id(params[:user][:id]) officer.picture = params[:file_info] if officer.save - flash[:notice] = "Successfully uploaded photo for #{officer.full_name}" + flash[:notice] = "Successfully uploaded " else - flash[:alert] = "Failed to upload photo for #{officer.full_name}" + flash[:notice] = "Failed to upload " end + flash[:notice] += "photo for #{officer.full_name}" redirect_to admin_bridge_officer_index_path end end diff --git a/app/controllers/admin/vp_controller.rb b/app/controllers/admin/vp_controller.rb index c244954..27de420 100644 --- a/app/controllers/admin/vp_controller.rb +++ b/app/controllers/admin/vp_controller.rb @@ -1,6 +1,6 @@ class Admin::VpController < ApplicationController before_filter :authenticate_vp! - + def index end end diff --git a/app/controllers/resumes_controller.rb b/app/controllers/resumes_controller.rb index c7a73be..9ea2387 100644 --- a/app/controllers/resumes_controller.rb +++ b/app/controllers/resumes_controller.rb @@ -29,7 +29,7 @@ def create if @resume.save redirect_to @resume, notice: 'Resume was successfully created.' else - render action: 'new' + render :new end end @@ -38,7 +38,7 @@ def update if @resume.update(resume_params) redirect_to @resume, notice: 'Resume was successfully updated.' else - render action: 'edit' + render :edit end end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index c771c2a..7f38e80 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -17,10 +17,6 @@ def edit @mobile_carriers = MobileCarrier.all end - # POST /users - def create - end - # PATCH/PUT /users/1 def update # Permissions @@ -49,13 +45,13 @@ def update if @user.update_attributes(user_params) redirect_to path, notice: 'Settings successfully updated.' else - render action: 'edit' + render :edit end end # DELETE /users/1 def destroy - unless @user == current_user || authorize(:superuser) || (authorize(:vp) and @user.approved == false) + unless @user.id == current_user.id || authorize(:superuser) || (authorize(:vp) and @user.approved == false) redirect_to edit_user_path(current_user), notice: "You can't delete #{@user.username}" and return end @user.destroy @@ -98,13 +94,13 @@ def list :joins => joinstr, :conditions => cond } - + user_selector = User.uniq(:id) if authenticate_vp and params[:approved] == 'false' user_selector = user_selector.where(:approved => false ) end - @users = user_selector.paginate opts + @users = user_selector.paginate opts respond_to do |format| format.html @@ -140,8 +136,8 @@ def alter_roles else semester = MemberSemester.find_by_season_and_year(params[:season], params[:year]) @user.add_position_for_semester_and_role_type(params[:position], semester, params[:role]) - r = Role.find_by_name_and_resource_id_and_role_type(params[:position], semester.id, params[:role]) - flash[:notice] = @user.full_name + " has gained the title " + r.nice_position + " in " + r.nice_semester + role = Role.find_by_name_and_resource_id_and_role_type(params[:position], semester.id, params[:role]) + flash[:notice] = @user.full_name + " has gained the title " + role.nice_position + " in " + role.nice_semester end destroy_user_session_path(@user) # this appears to clear the user session of the user w/out signing them out, this is so user authentications go off again. redirect_to edit_roles_user_path(@user) diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 6937aa4..39ee06a 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -7,18 +7,18 @@ def html_obfuscate(string) lower = %w(a b c d e f g h i j k l m n o p q r s t u v w x y z) upper = %w(A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) char_array = string.split('') - char_array.each do |char| + char_array.each do |char| output = lower.index(char) + 97 if lower.include?(char) output = upper.index(char) + 65 if upper.include?(char) if output output_array << "&##{output};" - else + else output_array << char end end return output_array.join end - + # This is for the pagination sort links # This could probably be cleaned up a bit more... def sort_link(inner_text, sort_variable, opts = {}) @@ -52,7 +52,7 @@ def ajaxify_links(class_name='ajax-controls') url: el.href, method: 'get', dataType: 'script', - complete: function (xhr, status) { // This is retarded. Because we are asking for a script response and getting an html render response it will throw the error handler and not the success. Hack solution is to use complete + complete: function (xhr, status) { // Because we are asking for a script response and getting an html render response it will throw the error handler and not the success. Hack solution is to use complete if (status === 'error' || !xhr.responseText) { // just give up? } diff --git a/app/helpers/indrel_helper.rb b/app/helpers/indrel_helper.rb deleted file mode 100644 index 319f0d6..0000000 --- a/app/helpers/indrel_helper.rb +++ /dev/null @@ -1,2 +0,0 @@ -module IndrelHelper -end diff --git a/app/models/resume.rb b/app/models/resume.rb index 0f70581..c953ae3 100644 --- a/app/models/resume.rb +++ b/app/models/resume.rb @@ -43,10 +43,6 @@ class Resume < ActiveRecord::Base :content_type => "application/pdf", :message => "Oops, please use a pdf" - default_scope :order => 'resumes.created_at DESC' - # so we can just pick out the 'first' of the resumes to get the most recent - - Paperclip.interpolates :normalized_file_name do |attachment, style| attachment.instance.normalized_file_name end @@ -54,4 +50,8 @@ class Resume < ActiveRecord::Base def normalized_file_name "#{self.user.username}/#{self.created_at}" end + + def get_username + self.user.username + end end diff --git a/app/models/role.rb b/app/models/role.rb index 5d813b2..5531542 100644 --- a/app/models/role.rb +++ b/app/models/role.rb @@ -100,9 +100,9 @@ def nice_title end def nice_committee - nice_committees = { - "pres" => "President", - "vp" => "Vice President", + nice_committees = { + "pres" => "President", + "vp" => "Vice President", "rsec" => "Recording Secretary", "csec" => "Corresponding Secretary", "treas" => "Treasurer", diff --git a/app/views/alum/show.html.erb b/app/views/alum/show.html.erb index 90572cf..ff1a399 100644 --- a/app/views/alum/show.html.erb +++ b/app/views/alum/show.html.erb @@ -25,7 +25,7 @@

    User: - <%= @alum.user.username %> + <%= @alum.get_username %>

    diff --git a/app/views/resumes/index.html.erb b/app/views/resumes/index.html.erb index ccd0121..631c64a 100644 --- a/app/views/resumes/index.html.erb +++ b/app/views/resumes/index.html.erb @@ -24,7 +24,7 @@ <%= resume.resume_text %> <%= resume.graduation_year %> <%= resume.graduation_semester %> - <%= resume.user.username %> + <%= resume.get_username %> <%= resume.included %> <%= link_to 'Show', resume %> <%= link_to 'Edit', edit_resume_path(resume) %> diff --git a/app/views/resumes/show.html.erb b/app/views/resumes/show.html.erb index e744e15..5e0ec84 100644 --- a/app/views/resumes/show.html.erb +++ b/app/views/resumes/show.html.erb @@ -29,7 +29,7 @@

    User: - <%= @resume.user.username %> + <%= @resume.get_username %>

    diff --git a/app/views/users/list.html.erb b/app/views/users/list.html.erb index 6427b1e..1515ed8 100644 --- a/app/views/users/list.html.erb +++ b/app/views/users/list.html.erb @@ -1,3 +1,3 @@ -<%= render :partial => 'list_results' %> +<%= render 'list_results' %> <%= ajaxify_links %> diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index d26916a..72a2e14 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -6,9 +6,9 @@ <% end %> <% if authorize(:superuser) %> <%= link_to "[Edit]", edit_user_path(@user) %> - <%= link_to "[Delete]", user_path(@user), :method => :delete, data: { confirm: "Are you sure you want to remove \"" + @user.full_name + "\"?" } %> - <%= link_to "[Groups]", edit_roles_user_path(@user) %> - <% elsif !@user.approved %> + <%= link_to "[Roles]", edit_roles_user_path(@user) %> + <% end %> + <% if !@user.approved || authorize(:superuser) %> <%= link_to "[Delete]", user_path(@user), :method => :delete, :confirm => "Are you sure you want to remove \"" + @user.full_name + "\"?" %> <% end %>

@@ -22,12 +22,12 @@
- <% unless @user.email.blank? or @user.private %> + <% unless !@user.email? || @user.private %> Email<%= @user.email %> <% end %> - <% unless @user.phone_number.blank? or @user.private %> + <% unless !@user.phone_number? || @user.private %> Phone Number<%= @user.phone_number %> @@ -37,15 +37,16 @@
- +

Badges Earned

<%# for badge in @badges %> <%#= image_tag badge.picture_url, :title=> badge.name, :class=>"badge" %> <%# end %>
- + +

Additional Membership Information

<% @user.roles.order(:resource_id, :role_type).each do |role| %> diff --git a/config/routes.rb b/config/routes.rb index bfa43a1..e313e72 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -20,7 +20,7 @@ resources :dept_tours resources :exams resources :resumes - resources :users + resources :users, except: [:new, :create, :index] scope "candidate" do match "quiz", to: "candidate#quiz", via: :get, as: "candidate_quiz" diff --git a/db/migrate/20140108011216_add_indexes.rb b/db/migrate/20140108011216_add_indexes.rb new file mode 100644 index 0000000..a086d03 --- /dev/null +++ b/db/migrate/20140108011216_add_indexes.rb @@ -0,0 +1,8 @@ +class AddIndexes < ActiveRecord::Migration + def change + add_index :alumni, :user_id + add_index :users, :mobile_carrier_id + add_index :tutor_slot_preferences, :user_id + add_index :tutor_slot_preferences, :tutor_slot_id + end +end diff --git a/db/schema.rb b/db/schema.rb index 977b875..f8656ce 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20140104095728) do +ActiveRecord::Schema.define(version: 20140108011216) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -31,6 +31,8 @@ t.datetime "updated_at" end + add_index "alumni", ["user_id"], name: "index_alumni_on_user_id", using: :btree + create_table "candidate_quizzes", force: true do |t| t.integer "user_id" t.integer "score" @@ -329,6 +331,9 @@ t.datetime "updated_at" end + add_index "tutor_slot_preferences", ["tutor_slot_id"], name: "index_tutor_slot_preferences_on_tutor_slot_id", using: :btree + add_index "tutor_slot_preferences", ["user_id"], name: "index_tutor_slot_preferences_on_user_id", using: :btree + create_table "tutor_slots", force: true do |t| t.string "room" t.string "day" @@ -371,6 +376,7 @@ add_index "users", ["approved"], name: "index_users_on_approved", using: :btree add_index "users", ["candidate_quiz_id"], name: "index_users_on_candidate_quiz_id", using: :btree add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree + add_index "users", ["mobile_carrier_id"], name: "index_users_on_mobile_carrier_id", using: :btree add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree create_table "users_roles", id: false, force: true do |t| From a0643f4f082288709f1e8aff826cff3ca6994789 Mon Sep 17 00:00:00 2001 From: Kevin Casey Date: Tue, 7 Jan 2014 17:37:48 -0800 Subject: [PATCH 7/9] sanity check bridge officer upload --- app/controllers/admin/bridge_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/admin/bridge_controller.rb b/app/controllers/admin/bridge_controller.rb index eb75301..f84b2ba 100644 --- a/app/controllers/admin/bridge_controller.rb +++ b/app/controllers/admin/bridge_controller.rb @@ -9,6 +9,7 @@ def officer_photo_index end def officer_photo_upload + redirect_to admin_bridge_officer_index_path, alert: "Params missing" and return unless params[:user].has_key?(:id) && params.has_key?(:file_info) officer = User.find_by_id(params[:user][:id]) officer.picture = params[:file_info] if officer.save From eeb3b28dc38826d03321ac6fca4f1ed91032c10c Mon Sep 17 00:00:00 2001 From: Kevin Casey Date: Tue, 7 Jan 2014 18:23:48 -0800 Subject: [PATCH 8/9] made the resume creation form look a little better --- .../candidate/_candidate_challenges.html.erb | 4 +-- app/views/candidate/portal.html.erb | 20 +++++++++-- app/views/resumes/_form.html.erb | 33 ++++++++++++------- 3 files changed, 40 insertions(+), 17 deletions(-) diff --git a/app/views/candidate/_candidate_challenges.html.erb b/app/views/candidate/_candidate_challenges.html.erb index 45d781a..f4ed55f 100644 --- a/app/views/candidate/_candidate_challenges.html.erb +++ b/app/views/candidate/_candidate_challenges.html.erb @@ -1,4 +1,4 @@ -

Current Challenges

+

Current Challenges

<% if @challenges.length > 0 %> <% @challenges.each do |challenge| %> @@ -14,7 +14,7 @@ No challenges requested <% end %> -

Request a Challenge

+

Request a Challenge

<%= form_for(Challenge.new) do |f| %>
diff --git a/app/views/candidate/portal.html.erb b/app/views/candidate/portal.html.erb index ae82d9f..992dcd0 100644 --- a/app/views/candidate/portal.html.erb +++ b/app/views/candidate/portal.html.erb @@ -1,3 +1,17 @@ -<%= link_to "Quiz", candidate_quiz_path %> - -<%= render "candidate_challenges" %> \ No newline at end of file +
+ <%= render "candidate_challenges" %> +

+ "> + Forms +

+
    +
  • + "> + <%= link_to "Resume", new_resume_path %> +
    • +
  • + "> + <%= link_to "Quiz", candidate_quiz_path %> +
    • +
+
\ No newline at end of file diff --git a/app/views/resumes/_form.html.erb b/app/views/resumes/_form.html.erb index dae0d75..f0c1121 100644 --- a/app/views/resumes/_form.html.erb +++ b/app/views/resumes/_form.html.erb @@ -10,30 +10,39 @@
<%= f.label :overall_gpa %> - <%= f.text_field :overall_gpa %> +
<%= f.text_field :overall_gpa %>
- <%= f.label :major_gpa %> - <%= f.text_field :major_gpa %>(optional) + <%= f.label :major_gpa, "Major GPA (optional)" %> +
<%= f.text_field :major_gpa %>
- <%= f.label :resume_text %> - <%= f.text_area :resume_text %> - Paste the contents of your résumé (used for searching). + <%= f.label :resume_text, "Resume Text" %> +
+ <%= f.text_area :resume_text %>
+ Paste the contents of your résumé (used for searching). +
<%= f.label :graduation_year %> - <%= select_year 1.year.from_now, :field_name => 'graduation_year', :prefix => 'resume' %> +
+ <%= select_year Date.today, :field_name => 'graduation_year', :prefix => 'resume', :end_year => 1915, :start_year => 4.years.from_now.year %> +
<%= f.label :graduation_semester %> - <%= select :resume, :graduation_semester, options_for_select(%w{ Spring Fall }), :prefix => 'resume' %> +
+ <%= select :resume, :graduation_semester, options_for_select(%w{ Spring Fall }), :prefix => 'resume' %> +
- <%= f.file_field :file %> - Please provide a PDF of your résumé. You should contact indrel@hkn.eecs.berkeley.edu if you can't generate a PDF file. + <%= f.label :file, "Resume" %> +
+ <%= f.file_field(:file, :accept => 'application/pdf') %>
+ Please provide a PDF of your résumé. You should contact indrel@hkn.eecs.berkeley.edu if you can't generate a PDF file. +
-
- <%= f.submit %> +
+ <%= f.submit "Upload Résumé" %>
<% end %> From 6aaf61b8a664341c69a835ffcd5ed3752e920d2d Mon Sep 17 00:00:00 2001 From: Kevin Casey Date: Tue, 7 Jan 2014 22:43:22 -0800 Subject: [PATCH 9/9] resume authentications, resume should be stable from POV of uploader --- app/controllers/resumes_controller.rb | 23 ++++++++++++++++++++--- app/models/resume.rb | 1 + app/models/user.rb | 2 +- app/views/resumes/_form.html.erb | 3 +++ app/views/resumes/edit.html.erb | 5 +++-- app/views/resumes/new.html.erb | 2 +- app/views/resumes/show.html.erb | 9 ++------- app/views/resumes/upload_for.html.erb | 3 +++ app/views/users/edit.html.erb | 21 +++++++++++++++++++-- config/routes.rb | 1 + 10 files changed, 54 insertions(+), 16 deletions(-) create mode 100644 app/views/resumes/upload_for.html.erb diff --git a/app/controllers/resumes_controller.rb b/app/controllers/resumes_controller.rb index 9ea2387..dbf7484 100644 --- a/app/controllers/resumes_controller.rb +++ b/app/controllers/resumes_controller.rb @@ -1,6 +1,11 @@ class ResumesController < ApplicationController before_action :set_resume, only: [:show, :edit, :update, :destroy] - # before_filter :authorize_indrel, :only => [:index, :resume_books, :upload_for, :include, :exclude, :status_list] + before_filter :authenticate_indrel!, :only => [:index, :resume_books, :upload_for, :include, :exclude, :status_list] + before_filter :my_resume_or_indrel!, only: [:show, :edit, :update, :destroy] + + def my_resume_or_indrel! + @resume.user.id == current_user.id || authenticate_indrel! + end # GET /resumes def index @@ -13,6 +18,9 @@ def show # GET /resumes/new def new + if current_user.resume # help user just in case (multiple resumes for a single user aren't allowed) + redirect_to edit_resume_path(current_user.resume) and return + end @resume = Resume.new end @@ -22,9 +30,10 @@ def edit # POST /resumes def create - params[:resume][:user_id] = User.first.id # TODO reflect current_user. + params[:resume][:user_id] ||= current_user.id # account for indrel potentially uploading for someone. params[:resume][:included] = false @resume = Resume.new(resume_params) + my_resume_or_indrel! # security verification. if @resume.save redirect_to @resume, notice: 'Resume was successfully created.' @@ -45,7 +54,15 @@ def update # DELETE /resumes/1 def destroy @resume.destroy - redirect_to resumes_url, notice: 'Resume was successfully destroyed.' + redirect_to new_resume_path, notice: 'Resume was successfully destroyed.' + end + + def upload_for + @user = User.find_by_id(params[:id]) + if @user.resume + redirect_to edit_resume_path(@user.resume), alert: "#{@user.full_name} has a resume already" and return + end + @resume = Resume.new end private diff --git a/app/models/resume.rb b/app/models/resume.rb index c953ae3..1ebfedc 100644 --- a/app/models/resume.rb +++ b/app/models/resume.rb @@ -32,6 +32,7 @@ class Resume < ActiveRecord::Base inclusion: { in: %w(Spring Fall), message: "%{value} is not a valid semester" } validates :included, :inclusion => [true,false] + validates :user_id, presence: true, uniqueness: true has_attached_file :file, :default_url => '/resumes/new', :path => ":rails_root/public/resumes/:normalized_file_name.:extension", diff --git a/app/models/user.rb b/app/models/user.rb index 343dc97..28c4b02 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -40,7 +40,7 @@ class User < ActiveRecord::Base has_many :rsvps has_many :events, through: :rsvps - has_many :resumes, :dependent => :destroy + has_one :resume, :dependent => :destroy has_one :alum belongs_to :mobile_carrier has_many :tutor_slot_preferences diff --git a/app/views/resumes/_form.html.erb b/app/views/resumes/_form.html.erb index f0c1121..429f295 100644 --- a/app/views/resumes/_form.html.erb +++ b/app/views/resumes/_form.html.erb @@ -42,6 +42,9 @@ Please provide a PDF of your résumé. You should contact indrel@hkn.eecs.berkeley.edu if you can't generate a PDF file.
+ <% if @user %> + <%= f.hidden_field :user_id, :value => @user.id %> + <% end %>
<%= f.submit "Upload Résumé" %>
diff --git a/app/views/resumes/edit.html.erb b/app/views/resumes/edit.html.erb index 702e5db..05e3251 100644 --- a/app/views/resumes/edit.html.erb +++ b/app/views/resumes/edit.html.erb @@ -1,6 +1,7 @@ -

Editing resume

+

Editing resume <%= "for #{@resume.get_username}" if @resume.user != current_user %>

<%= render 'form' %> <%= link_to 'Show', @resume %> | -<%= link_to 'Back', resumes_path %> +<%= link_to "Back", nil, onclick: "history.back();" %> | +<%= link_to 'Destroy', @resume, method: :delete, data: { confirm: 'Are you sure?' } %> diff --git a/app/views/resumes/new.html.erb b/app/views/resumes/new.html.erb index e225ed4..0364c5a 100644 --- a/app/views/resumes/new.html.erb +++ b/app/views/resumes/new.html.erb @@ -2,4 +2,4 @@ <%= render 'form' %> -<%= link_to 'Back', resumes_path %> +<%= link_to "Back", nil, onclick: "history.back();" %> diff --git a/app/views/resumes/show.html.erb b/app/views/resumes/show.html.erb index 5e0ec84..69369d2 100644 --- a/app/views/resumes/show.html.erb +++ b/app/views/resumes/show.html.erb @@ -32,10 +32,5 @@ <%= @resume.get_username %>

-

- Included: - <%= @resume.included %> -

- -<%= link_to 'Edit', edit_resume_path(@resume) %> | -<%= link_to 'Back', resumes_path %> +<%= link_to "Home", root_path %> | +<%= link_to 'Edit', edit_resume_path(@resume) %> diff --git a/app/views/resumes/upload_for.html.erb b/app/views/resumes/upload_for.html.erb new file mode 100644 index 0000000..4003b60 --- /dev/null +++ b/app/views/resumes/upload_for.html.erb @@ -0,0 +1,3 @@ +

Upload resume on behalf of <%=@user.full_name%>:

+ +<%= render 'form' %> \ No newline at end of file diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb index a06a5bf..df0e4b7 100644 --- a/app/views/users/edit.html.erb +++ b/app/views/users/edit.html.erb @@ -10,9 +10,26 @@ <% end %>
<% end %> - <%# @f = f%> - <%#= render :partial => "current_resume", :locals => { :f => @f }%> +
+ <%= f.label "Current résumé" %> +
+ + <% if @current_user.resume.nil? %> + + + <% else %> + + <% current_resume = @user.resume %> + <% upload_time = current_resume.created_at.getlocal.to_datetime.strftime("%A %B %e, %Y %l:%M %p") %> + + + + <% end %> +
<%= "No résumés on file" %>
<%= link_to "Upload résumé", new_resume_path %>
<%= link_to "Uploaded #{upload_time}", current_resume.file.url %>
<%= "GPA #{current_resume.overall_gpa} (overall)" %>
<%= link_to "Update résumé", edit_resume_path(current_resume) %>
+
+
+
<%= f.label :username %> <%= @user.username %> diff --git a/config/routes.rb b/config/routes.rb index e313e72..a61bba4 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -14,6 +14,7 @@ match "users/list(/:category)", to: "users#list", via: :get, as: "users_list" match "users/roles/:id", to: "users#roles", via: :get, as: "edit_roles_user" match "users/roles/:id", to: "users#alter_roles", via: :post, as: "alter_roles_user" + match "resumes/upload_for/:id" => "resumes#upload_for", via: :get, :as => :resumes_upload_for resources :alum resources :challenges, only: [:create, :update, :index]