Module: MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController

Extended by:

ActiveSupport::Concern

Included in:

Jpi::V1::OrganizationsController

Defined in:

lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb

Instance Method Summary

• #create ⇒ Object

  POST /mnoe/jpi/v1/organizations.

• #destroy ⇒ Object

  DELETE /mnoe/jpi/v1/organizations/1.

• #index ⇒ Object

  Instance methods ================================================================== GET /mnoe/jpi/v1/organizations.

• #invite_members ⇒ Object

  PUT /mnoe/jpi/v1/organizations/:id/invite_members.

• #remove_member ⇒ Object

  PUT /mnoe/jpi/v1/organizations/:id/remove_member.

• #show ⇒ Object

  GET /mnoe/jpi/v1/organizations/1.

• #update ⇒ Object

  PUT /mnoe/jpi/v1/organizations/:id.

• #update_billing ⇒ Object

  PUT /mnoe/jpi/v1/organizations/:id/update_billing.

• #update_member ⇒ Object

  PUT /mnoe/jpi/v1/organizations/:id/update_member.

Instance Method Details

#create ⇒ Object

POST /mnoe/jpi/v1/organizations

# File 'lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb', line 53

def create
  # Create new organization
  @organization = MnoEnterprise::Organization.create(organization_update_params)

  # Add the current user as Super Admin
  @organization.add_user(current_user,'Super Admin')

  # Bust cache
  current_user.refresh_user_cache
  MnoEnterprise::EventLogger.info('organization_create', current_user.id, 'Organization created', organization)
  render 'show'
end

#destroy ⇒ Object

DELETE /mnoe/jpi/v1/organizations/1

# File 'lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb', line 42

def destroy
  if organization
    authorize! :destroy, organization
    MnoEnterprise::EventLogger.info('organization_destroy', current_user.id, 'Organization deleted', organization)
    organization.destroy
  end

  head :no_content
end

#index ⇒ Object

Instance methods

GET /mnoe/jpi/v1/organizations

# File 'lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb', line 17

def index
  @organizations ||= current_user.organizations
end

#invite_members ⇒ Object

PUT /mnoe/jpi/v1/organizations/:id/invite_members

# File 'lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb', line 102

def invite_members
  # Filter
  whitelist = ['email','role','team_id']
  attributes = []
  params[:invites].each do |invite|
    attributes << invite.slice(*whitelist)
  end

  # Authorize and create
  authorize! :invite_member, organization
  attributes.each do |invite|
    @org_invite = organization.org_invites.create(
      user_email: invite['email'],
      user_role: invite['role'],
      team_id: invite['team_id'],
      referrer_id: current_user.id
    )

    MnoEnterprise::SystemNotificationMailer.organization_invite(@org_invite).deliver_now
  end

  # Reload users
  organization.users.reload

  render 'members'
end

#remove_member ⇒ Object

PUT /mnoe/jpi/v1/organizations/:id/remove_member

# File 'lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb', line 159

def remove_member
  authorize! :invite_member, organization

  if member.is_a?(MnoEnterprise::User)
    organization.remove_user(member)
  elsif member.is_a?(MnoEnterprise::OrgInvite)
    member.cancel!
  end

  render 'members'
end

#show ⇒ Object

GET /mnoe/jpi/v1/organizations/1

# File 'lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb', line 22

def show
  organization # load organization
end

#update ⇒ Object

PUT /mnoe/jpi/v1/organizations/:id

# File 'lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb', line 27

def update
  # Update and Authorize
  organization.assign_attributes(organization_update_params)
  authorize! :update, organization
  changes = organization.changes
  # Save
  if organization.save
    MnoEnterprise::EventLogger.info('organization_update', current_user.id, 'Organization update', organization, changes)
    render 'show_reduced'
  else
    render json: organization.errors, status: :bad_request
  end
end

#update_billing ⇒ Object

PUT /mnoe/jpi/v1/organizations/:id/update_billing

# File 'lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb', line 85

def update_billing
  authorize! :manage_billing, organization

  # Upsert
  if (@credit_card = organization.credit_card) && check_valid_payment_method
    @credit_card.assign_attributes(organization_billing_params.merge(organization_id: @credit_card.organization_id))
    @credit_card.save
  end

  if @credit_card.errors.empty?
    render 'credit_card'
  else
    render json: @credit_card.errors, status: :bad_request
  end
end

#update_member ⇒ Object

PUT /mnoe/jpi/v1/organizations/:id/update_member

# File 'lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb', line 130

def update_member
  attributes = params[:member]

  # Authorize and update => Admin or Super Admin
  authorize! :invite_member, organization

  if organization.role == 'Admin'
    # Admin cannot assign Super Admin role
    raise CanCan::AccessDenied if attributes[:role] == 'Super Admin'

    # Admin cannot edit Super Admin
    raise CanCan::AccessDenied if (member.is_a?(MnoEnterprise::User) && member.role == 'Super Admin') ||
      (member.is_a?(MnoEnterprise::OrgInvite) && member.user_role == 'Super Admin')
  elsif member.id == current_user.id && attributes[:role] != 'Super Admin' && organization.users.count {|u| u.role == 'Super Admin'} <= 1
    # A super admin cannot modify his role if he's the last super admin
    raise CanCan::AccessDenied
  end

  # Happy Path
  case member
  when MnoEnterprise::User
    organization.users.update(id: member.id, role: attributes[:role])
  when MnoEnterprise::OrgInvite
    member.update(user_role: attributes[:role])
  end
  render 'members'
end