Class: MembershipsController

Inherits:
ApplicationController show all
Defined in:
app/controllers/memberships_controller.rb

Overview

Manages CRUD operations for adding/removing users from an Organization

See Also:

Instance Method Summary collapse

Instance Method Details

#destroyObject

Note:

will not allow an organization owner to delete their membership, if there are no remaining owners



36
37
38
39
40
41
42
43
44
45
46
47
# File 'app/controllers/memberships_controller.rb', line 36

def destroy
  if membership.last_owner?
    logger.warn "#{current_user} attempted to remove him- or herself from #{current_organization}, but the actionw was prevented since there are no other owners of that organization"
    err_msg = "We cannot let you remove yourself as the last owner of the '#{current_organization.title}' organization. Please choose another user to be an owner, or delete the organization itself."

    redirect_back fallback_location: organization_memberships_url, alert: err_msg
    return :redirect_after_preventing_destruction # avoid leaking nil
  end

  membership.update_attribute(:active, false)
  redirect_back fallback_location: organization_memberships_url, notice: "#{membership.user} has been removed from #{current_organization.title}"
end

#editObject



13
14
# File 'app/controllers/memberships_controller.rb', line 13

def edit
end

#indexObject



10
11
# File 'app/controllers/memberships_controller.rb', line 10

def index
end

#updateObject

Raises:

  • (Coyote::SecurityError)

    if the user with a certain rank attempts to promote another user above that rank



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# File 'app/controllers/memberships_controller.rb', line 17

def update
  new_role = membership_params[:role]

  if Coyote::Membership.role_rank(new_role) > organization_user.role_rank
    err_msg = "#{organization_user} attempted to promote #{membership.user} to role '#{new_role}', but is not allowed to promote any roles higher than his or her own ('#{organization_user.role}')"
    logger.error err_msg
    raise Coyote::SecurityError, err_msg
  end

  if membership.update(membership_params)
    flash[:notice] = "Membership of #{membership.user} was successfully updated."
    redirect_back fallback_location: organization_memberships_url
  else
    logger.warn "Unable to update #{membership}: '#{membership.errors.full_messages.to_sentence}'"
    render :edit
  end
end