flextensions/app/controllers/user_to_courses_controller.rb at 6bec2750cc218d584b5bb4fa678fbf4f8385bdcb · berkeley-cdss/flextensions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
class UserToCoursesController < ApplicationController
  before_action :authenticate_user!
  before_action :set_course
  before_action :set_enrollment
  before_action :authorize_instructor!

  def toggle_allow_extended_requests
    if @enrollment.update(allow_extended_requests: params[:allow_extended_requests])
      render json: { success: true }, status: :ok
    else
      render json: {
        success: false,
        errors: @enrollment.errors.full_messages,
        redirect_to: courses_path
      }, status: :unprocessable_content
    end
  end

  def update_notes
    if @enrollment.update(notes: params[:notes])
      render json: { success: true, notes: @enrollment.notes }, status: :ok
    else
      render json: { success: false, error: @enrollment.errors.full_messages.to_sentence }, status: :unprocessable_content
    end
  end

  private

  def authenticate_user!
    user_id = session[:user_id]
    @current_user = User.find_by(canvas_uid: user_id) if user_id
    redirect_to root_path unless @current_user
  end

  def set_course
    @course = Course.find_by(id: params[:course_id])
    unless @course
      flash[:alert] = 'Course not found.'
      redirect_to courses_path
    end
  end

  def set_enrollment
    @enrollment = @course.user_to_courses.find(params[:id])
  end

  def authorize_instructor!
    user_to_course = UserToCourse.find_by(user: @current_user, course: @course)
    unless user_to_course&.course_admin?
      render json: {
        success: false,
        error: 'Forbidden',
        redirect_to: courses_path
      }, status: :forbidden
    end
  end
end