editor-api/app/controllers/api/feedback_controller.rb at 707bb0a544617adc1873ca7bfb72c55ecb8053c9 · RaspberryPiFoundation/editor-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# frozen_string_literal: true

module Api
  class FeedbackController < ApiController
    before_action :authorize_user
    load_and_authorize_resource :feedback

    def index
      if project.blank? || project.school_project.blank?
        render json: { error: 'School project not found' }, status: :not_found
        return
      end

      # Checks that the user is authorised to read the feedback so that if not we can return a 403 rather than an empty array
      project_feedback.each do |feedback|
        authorize! :read, feedback
      end
      @feedback = project_feedback.accessible_by(current_ability).order(created_at: :asc)
      render :index, formats: [:json], status: :ok
    end

    def create
      result = Feedback::Create.call(feedback_params: feedback_create_params)

      if result.success?
        @feedback = result[:feedback]
        track_project_event('Project - Feedback given', project)
        render :show, formats: [:json], status: :created
      else
        render json: { error: result[:error] }, status: :unprocessable_content
      end
    end

    def set_read
      feedback = Feedback.find(params.expect(:id))
      result = Feedback::SetRead.call(feedback: feedback)

      if result.success?
        @feedback = result[:feedback]
        render :show, formats: [:json], status: :ok
      else
        render json: { error: result[:error] }, status: :unprocessable_content
      end
    end

    def destroy
      result = Feedback::Delete.call(feedback_id: params[:id])

      if result.success?
        head :no_content
      else
        render json: { error: result[:error] }, status: :unprocessable_content
      end
    end

    private

    def project
      return @project if defined?(@project)

      @project = Project.find_by(identifier: url_params[:identifier])
    end

    def project_feedback
      return @project_feedback if defined?(@project_feedback)

      @project_feedback = if project.blank? || project.school_project.blank?
                            Feedback.none
                          else
                            Feedback.where(school_project_id: project.school_project.id)
                          end

      @project_feedback
    end

    # These params are used to authorize the resource with CanCanCan. The project identifier is sent in the URL,
    # but these params need to match the shape of the feedback object whiich is attached to the SchoolProject,
    # not the Project.
    def feedback_params
      school_project = project&.school_project
      feedback_create_params.except(:identifier).merge(
        school_project_id: school_project&.id
      )
    end

    # These params are used to create the feedback in the Feedback::Create operation. The project_id parameter,
    # which is automatically named by Rails based on the route structure, is renamed to identifier for readability,
    # as it is actually the human-readable project_identifier, not the project_id.
    def feedback_create_params
      base_params.merge(user_id: current_user.id)
    end

    def url_params
      permitted_params = params.permit(:project_id, :id)
      { identifier: permitted_params[:project_id], id: permitted_params[:id] }
    end

    def base_params
      params.fetch(:feedback, {}).permit(
        :content
      ).merge(url_params)
    end
  end
end