app/helpers/organization_users_helper.rb
require_dependency 'carto/uuidhelper'
module OrganizationUsersHelper
include Carto::UUIDHelper
def load_organization
id_or_name = params[:id_or_name]
@organization = Carto::Organization.find_by(uuid?(id_or_name) ? { id: id_or_name } : { name: id_or_name })
unless @organization
render_jsonp({}, 401) # Not giving clues to guessers via 404
return false
end
end
def owners_only
unless current_viewer_is_owner?
render_jsonp({}, 401)
return false
end
end
def admins_only
unless @organization.admin?(current_viewer)
render_jsonp({}, 401)
false
end
end
def load_user
@user = @organization.users.find_by(username: params[:u_username])&.sequel_user
if @user.nil?
render_jsonp("No user with username '#{params[:u_username]}' in '#{@organization.name}'", 404)
return false
end
end
def current_viewer_is_owner?
current_viewer.id == @organization.owner.id
end
# To help with strong params until Rails 4+
def permit(*permitted)
hardened_params = params.dup
hardened_params.keep_if { |k, _v| permitted.flatten.include?(k.to_sym) }
hardened_params.symbolize_keys
end
def central_new_organization_user_validation(user)
Cartodb::Central.new.validate_new_organization_user(username: user.username, email: user.email)
end
# This is not run at model validation flow because we might want to override this rules.
# owner parameter allows validation before actual value setting
def soft_limits_validation(user, params_to_update, owner = user.organization.owner)
errors = user.errors
soft_geocoding_limit = soft_param_to_boolean(params_to_update[:soft_geocoding_limit])
if user.soft_geocoding_limit != soft_geocoding_limit && soft_geocoding_limit && !owner.soft_geocoding_limit
errors.add(:soft_geocoding_limit, "Organization owner hasn't this soft limit")
end
soft_here_isolines_limit = soft_param_to_boolean(params_to_update[:soft_here_isolines_limit])
if user.soft_here_isolines_limit != soft_here_isolines_limit && soft_here_isolines_limit && !owner.soft_here_isolines_limit
errors.add(:soft_here_isolines_limit, "Organization owner hasn't this soft limit")
end
soft_twitter_datasource_limit = soft_param_to_boolean(params_to_update[:soft_twitter_datasource_limit])
if user.soft_twitter_datasource_limit != soft_twitter_datasource_limit && soft_twitter_datasource_limit && !owner.soft_twitter_datasource_limit
errors.add(:soft_twitter_datasource_limit, "Organization owner hasn't this soft limit")
end
soft_mapzen_routing_limit = soft_param_to_boolean(params_to_update[:soft_mapzen_routing_limit])
if user.soft_mapzen_routing_limit != soft_mapzen_routing_limit && soft_mapzen_routing_limit && !owner.soft_mapzen_routing_limit
errors.add(:soft_mapzen_routing_limit, "Organization owner hasn't this soft limit")
end
errors.empty?
end
def soft_param_to_boolean(value)
value == 'true' || value == '1' || value == true
end
def ensure_edit_permissions
unless @user.editable_by?(current_viewer)
render_jsonp({ errors: ['You do not have permissions to edit that user'] }, 401)
end
end
end