Kevin/user groups

app/controllers/admin/bridge_controller.rb

@@ -9,13 +9,15 @@ def officer_photo_index
   end
 
   def officer_photo_upload
+    redirect_to admin_bridge_officer_index_path, alert: "Params missing" and return unless params[:user].has_key?(:id) && params.has_key?(:file_info)
     officer = User.find_by_id(params[:user][:id])
     officer.picture = params[:file_info]
     if officer.save
-      flash[:notice] = "Successfully uploaded photo for #{officer.full_name}"
+      flash[:notice] = "Successfully uploaded "
     else
-      flash[:alert] = "Failed to upload photo for #{officer.full_name}"
+      flash[:notice] = "Failed to upload "
     end
+    flash[:notice] += "photo for #{officer.full_name}"
     redirect_to admin_bridge_officer_index_path
   end
 end

app/controllers/admin/vp_controller.rb

@@ -1,6 +1,6 @@
 class Admin::VpController < ApplicationController
   before_filter :authenticate_vp!
-  
+
   def index
   end
 end

app/controllers/application_controller.rb

@@ -9,7 +9,7 @@ def update_sanitized_params
     devise_parameter_sanitizer.for(:sign_up) {|u| u.permit(:first_name, :last_name, :username, :email, :password, :password_confirmation)}
   end
 
-  helper_method :authorize, :candidate_authorize
+  helper_method :authorize, :candidate_authorize, :comm_authorize, :active_member_authorize
 
   def method_missing(name, *args)
     case name.to_s
@@ -28,22 +28,30 @@ def authorize(group)
     return unless current_user
     if !user_session[group].nil?
       user_session[group]
-    elsif current_user.is_current_officer?(group) || current_user.is_current_officer?(:compserv)
-      user_session[group] = true
-      true
+    elsif current_user.has_ever_had_position?(group) || current_user.is_current_officer?(:compserv)
+      user_session[group] = true # assigns and returns true
     else
-      user_session[group] = false
-      false
+      user_session[group] = false # assigns and returns false
     end
   end
 
   def candidate_authorize
     return unless current_user
-    user_session[:candidate].nil? ? (user_session[:candidate] = current_user && current_user.has_ever_had_role?(:candidate)) : user_session[:candidate]
+    user_session[:candidate].nil? ? (user_session[:candidate] = current_user.has_ever_had_role?(:candidate)) : user_session[:candidate]
+  end
+
+  def comm_authorize
+    return unless current_user
+    user_session[:comm].nil? ? user_session[:comm] = current_user.has_ever_had_role?(:committee_member) || current_user.has_ever_had_role?(:officer) : user_session[:comm]
+  end
+
+  def active_member_authorize
+    return unless current_user
+    user_session[:current_comm].nil? ? user_session[:current_comm] = current_user.is_active_member? : user_session[:current_comm]
   end
 
   def authenticate!(group)
-    unless authenticate_user! and (current_user.is_current_officer?(group) || current_user.is_current_officer?(:compserv))
+    unless authorize(group)
       redirect_to root_path, alert: "You do not have permission(#{group}) to access that"
     end
   end

app/controllers/registrations_controller.rb

@@ -11,4 +11,12 @@ def create
     super
   end
 
+  def new
+    super
+  end
+
+  def update
+    super
+  end
+
 end

app/controllers/resumes_controller.rb

@@ -1,6 +1,11 @@
 class ResumesController < ApplicationController
   before_action :set_resume, only: [:show, :edit, :update, :destroy]
-  # before_filter :authorize_indrel, :only => [:index, :resume_books, :upload_for, :include, :exclude, :status_list]
+  before_filter :authenticate_indrel!, :only => [:index, :resume_books, :upload_for, :include, :exclude, :status_list]
+  before_filter :my_resume_or_indrel!, only: [:show, :edit, :update, :destroy]
+
+  def my_resume_or_indrel!
+    @resume.user.id == current_user.id || authenticate_indrel!
+  end
 
   # GET /resumes
   def index
@@ -13,6 +18,9 @@ def show
 
   # GET /resumes/new
   def new
+    if current_user.resume # help user just in case (multiple resumes for a single user aren't allowed)
+      redirect_to edit_resume_path(current_user.resume) and return
+    end
     @resume = Resume.new
   end
 
@@ -22,14 +30,15 @@ def edit
 
   # POST /resumes
   def create
-    params[:resume][:user_id] = User.first.id # TODO reflect current_user.
+    params[:resume][:user_id] ||= current_user.id # account for indrel potentially uploading for someone.
     params[:resume][:included] = false
     @resume = Resume.new(resume_params)
+    my_resume_or_indrel! # security verification.
 
     if @resume.save
       redirect_to @resume, notice: 'Resume was successfully created.'
     else
-      render action: 'new'
+      render :new
     end
   end
 
@@ -38,14 +47,22 @@ def update
     if @resume.update(resume_params)
       redirect_to @resume, notice: 'Resume was successfully updated.'
     else
-      render action: 'edit'
+      render :edit
     end
   end
 
   # DELETE /resumes/1
   def destroy
     @resume.destroy
-    redirect_to resumes_url, notice: 'Resume was successfully destroyed.'
+    redirect_to new_resume_path, notice: 'Resume was successfully destroyed.'
+  end
+
+  def upload_for
+    @user = User.find_by_id(params[:id])
+    if @user.resume
+      redirect_to edit_resume_path(@user.resume), alert: "#{@user.full_name} has a resume already" and return
+    end
+    @resume = Resume.new
   end
 
   private

app/controllers/users_controller.rb

@@ -1,7 +1,7 @@
 require 'will_paginate/array'
 
 class UsersController < ApplicationController
-  before_action :set_user, only: [:show, :edit, :update, :destroy, :approve]
+  before_action :set_user, only: [:show, :edit, :update, :destroy, :approve, :roles, :alter_roles]
   before_filter :authenticate_user!
 
   # GET /users/1
@@ -17,10 +17,6 @@ def edit
     @mobile_carriers = MobileCarrier.all
   end
 
-  # POST /users
-  def create
-  end
-
   # PATCH/PUT /users/1
   def update
     # Permissions
@@ -49,13 +45,13 @@ def update
     if @user.update_attributes(user_params)
       redirect_to path, notice: 'Settings successfully updated.'
     else
-      render action: 'edit'
+      render :edit
     end
   end
 
   # DELETE /users/1
   def destroy
-    unless @user == current_user || authorize(:superuser) || (authorize(:vp) and @user.approved == false)
+    unless @user.id == current_user.id || authorize(:superuser) || (authorize(:vp) and @user.approved == false)
       redirect_to edit_user_path(current_user), notice: "You can't delete #{@user.username}" and return
     end
     @user.destroy
@@ -98,13 +94,13 @@ def list
              :joins      => joinstr,
              :conditions => cond
            }
-   
+
     user_selector = User.uniq(:id)
     if authenticate_vp and params[:approved] == 'false'
       user_selector = user_selector.where(:approved => false )
     end
 
-    @users = user_selector.paginate opts 
+    @users = user_selector.paginate opts
 
     respond_to do |format|
       format.html
@@ -115,6 +111,7 @@ def list
   end
 
   def approve
+    authenticate_vp! # current user must at least be vp to approve
     if @user.update(approved: true)
       flash[:notice] = "Successfully approved #{@user.full_name}, an email has been sent to #{@user.email}"
       AccountMailer.account_approval(@user).deliver
@@ -124,6 +121,28 @@ def approve
     redirect_to user_path(@user)
   end
 
+  def roles
+    authenticate_superuser! # roles are shown on a user's show page, no reason for civilians to be here
+    @current_semester = MemberSemester.current
+    @roles = @user.roles.order(:resource_id, :role_type)
+  end
+
+  def alter_roles
+    authenticate_superuser!
+    if params[:delete]
+      r = Role.find_by_id(params[:role])
+      @user.delete_role(r)
+      flash[:notice] = @user.full_name + " has lost the title " + r.nice_position + " in " + r.nice_semester
+    else
+      semester = MemberSemester.find_by_season_and_year(params[:season], params[:year])
+      @user.add_position_for_semester_and_role_type(params[:position], semester, params[:role])
+      role = Role.find_by_name_and_resource_id_and_role_type(params[:position], semester.id, params[:role])
+      flash[:notice] = @user.full_name + " has gained the title " + role.nice_position + " in " + role.nice_semester
+    end
+    destroy_user_session_path(@user) # this appears to clear the user session of the user w/out signing them out, this is so user authentications go off again.
+    redirect_to edit_roles_user_path(@user)
+  end
+
   private
     # Use callbacks to share common setup or constraints between actions.
     def set_user

app/helpers/application_helper.rb

@@ -7,18 +7,18 @@ def html_obfuscate(string)
     lower = %w(a b c d e f g h i j k l m n o p q r s t u v w x y z)
     upper = %w(A B C D E F G H I J K L M N O P Q R S T U V W X Y Z)
     char_array = string.split('')
-    char_array.each do |char|  
+    char_array.each do |char|
       output = lower.index(char) + 97 if lower.include?(char)
       output = upper.index(char) + 65 if upper.include?(char)
       if output
         output_array << "&##{output};"
-      else 
+      else
         output_array << char
       end
     end
     return output_array.join
   end
-  
+
   # This is for the pagination sort links
   # This could probably be cleaned up a bit more...
   def sort_link(inner_text, sort_variable, opts = {})
@@ -52,7 +52,7 @@ def ajaxify_links(class_name='ajax-controls')
             url: el.href,
             method: 'get',
             dataType: 'script',
-            complete: function (xhr, status) { // This is retarded. Because we are asking for a script response and getting an html render response it will throw the error handler and not the success.  Hack solution is to use complete
+            complete: function (xhr, status) { // Because we are asking for a script response and getting an html render response it will throw the error handler and not the success.  Hack solution is to use complete
               if (status === 'error' || !xhr.responseText) {
                 // just give up?
               }

app/models/member_semester.rb

@@ -11,12 +11,19 @@
 
 class MemberSemester < ActiveRecord::Base
   has_and_belongs_to_many :users
+  SEASONS = ['Fall', 'Spring']
+  validates :season, inclusion: { in: SEASONS,
+      message: "%{value} is not a valid semester" }
 
   class << self
     def current
       # TODO(mark): This isn't always the case, but works for now.
       last
     end
+
+    def years
+      pluck(:year).uniq
+    end
   end
 
   def name

app/models/resume.rb

@@ -32,6 +32,7 @@ class Resume < ActiveRecord::Base
       inclusion: { in: %w(Spring Fall),
       message: "%{value} is not a valid semester" }
   validates :included, :inclusion => [true,false]
+  validates :user_id, presence: true, uniqueness: true
 
   has_attached_file :file, :default_url => '/resumes/new',
       :path => ":rails_root/public/resumes/:normalized_file_name.:extension",
@@ -43,15 +44,15 @@ class Resume < ActiveRecord::Base
       :content_type => "application/pdf",
       :message => "Oops, please use a pdf"
 
-  default_scope :order => 'resumes.created_at DESC'
-  # so we can just pick out the 'first' of the resumes to get the most recent
-
-
   Paperclip.interpolates :normalized_file_name do |attachment, style|
     attachment.instance.normalized_file_name
   end
 
   def normalized_file_name
     "#{self.user.username}/#{self.created_at}"
   end
+
+  def get_username
+    self.user.username
+  end
 end

app/models/role.rb

@@ -100,9 +100,9 @@ def nice_title
   end
 
   def nice_committee
-    nice_committees = { 
-      "pres"     => "President", 
-      "vp"       => "Vice President", 
+    nice_committees = {
+      "pres"     => "President",
+      "vp"       => "Vice President",
       "rsec"     => "Recording Secretary",
       "csec"     => "Corresponding Secretary",
       "treas"    => "Treasurer",

app/models/user.rb

@@ -40,7 +40,7 @@ class User < ActiveRecord::Base
 
   has_many :rsvps
   has_many :events, through: :rsvps
-  has_many :resumes, :dependent => :destroy
+  has_one :resume, :dependent => :destroy
   has_one :alum
   belongs_to :mobile_carrier
   has_many :tutor_slot_preferences
@@ -71,9 +71,7 @@ def rsvp!(event_id)
   end
 
   def is_active_member?
-    # TODO(mark): This should be true for all officers and committee members.
-    # Will add functionality when semesters + roles are working.
-    true
+    Role.semester_filter(MemberSemester.current).members.all_users.include?(self)
   end
 
   def add_position_for_semester_and_role_type(position, semester, role)
@@ -84,6 +82,14 @@ def has_position_for_semester_and_role_type(position, semester, role)
     Role.find_by_name_and_resource_id_and_role_type(position, semester.id, role)
   end
 
+  def delete_position_for_semester_and_role_type(position, semester, role)
+    Role.find_by_name_and_resource_id_and_role_type(position, semester.id, role).users.delete(self)
+  end
+
+  def delete_role(r) # r should be an object of Role class
+    r.users.delete(self)
+  end
+
   # Helpers for adding and checking roles for a user.
   def add_role_for_semester(role, semester)
     add_role role, semester
@@ -118,7 +124,7 @@ def is_current_officer?(position)
   end
 
   def is_officer_for_semester?(semester)
-    roles_for_semester(semester).where(role_type: "officer").count > 0
+    roles_for_semester(semester).officers.count > 0
   end
 
   def full_name

app/views/alum/show.html.erb

@@ -25,7 +25,7 @@
 
 <p>
   <strong>User:</strong>
-  <%= @alum.user.username %>
+  <%= @alum.get_username %>
 </p>
 
 <p>