diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/admin/dashboard_controller.rb | 13 | ||||
| -rw-r--r-- | app/controllers/admin/scores_controller.rb | 14 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 5 | ||||
| -rw-r--r-- | app/controllers/code_of_honor_controller.rb | 12 | ||||
| -rw-r--r-- | app/controllers/concerns/.keep | 0 | ||||
| -rw-r--r-- | app/controllers/concerns/authentication.rb | 52 | ||||
| -rw-r--r-- | app/controllers/home_controller.rb | 7 | ||||
| -rw-r--r-- | app/controllers/passwords_controller.rb | 33 | ||||
| -rw-r--r-- | app/controllers/registrations_controller.rb | 21 | ||||
| -rw-r--r-- | app/controllers/scores_controller.rb | 49 | ||||
| -rw-r--r-- | app/controllers/sessions_controller.rb | 21 | ||||
| -rw-r--r-- | app/controllers/tartiflettes_controller.rb | 26 |
12 files changed, 253 insertions, 0 deletions
diff --git a/app/controllers/admin/dashboard_controller.rb b/app/controllers/admin/dashboard_controller.rb new file mode 100644 index 0000000..695c2ca --- /dev/null +++ b/app/controllers/admin/dashboard_controller.rb @@ -0,0 +1,13 @@ +class Admin::DashboardController < ApplicationController + def index + @tartiflettes = Tartiflette.includes(:scores) + end + + private + + def require_admin + unless logged_in? && current_user.admin? + redirect_to root_path, alert: "Access denied." + end + end +end diff --git a/app/controllers/admin/scores_controller.rb b/app/controllers/admin/scores_controller.rb new file mode 100644 index 0000000..b4755e9 --- /dev/null +++ b/app/controllers/admin/scores_controller.rb @@ -0,0 +1,14 @@ +class Admin::ScoresController < ApplicationController + def export + csv_data = TartifletteScoreExportService.generate_csv + send_data csv_data, filename: "scores-#{Date.today}.csv" + end + + private + + def require_admin + unless logged_in? && current_user.admin? + redirect_to root_path, alert: "Access denied." + end + end +end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb new file mode 100644 index 0000000..94e7183 --- /dev/null +++ b/app/controllers/application_controller.rb @@ -0,0 +1,5 @@ +class ApplicationController < ActionController::Base + include Authentication + # Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has. + allow_browser versions: :modern +end diff --git a/app/controllers/code_of_honor_controller.rb b/app/controllers/code_of_honor_controller.rb new file mode 100644 index 0000000..d0d9044 --- /dev/null +++ b/app/controllers/code_of_honor_controller.rb @@ -0,0 +1,12 @@ +class CodeOfHonorController < ApplicationController + allow_unauthenticated_access + + def toggle + session[:agreed_to_code_of_honor] = !session[:agreed_to_code_of_honor] + if session[:agreed_to_code_of_honor] + redirect_to root_path, notice: "Vous acceptez le code d'honneur." + else + redirect_to root_path, alert: "Vous n'acceptez pas le code d'honneur." + end + end +end diff --git a/app/controllers/concerns/.keep b/app/controllers/concerns/.keep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/app/controllers/concerns/.keep diff --git a/app/controllers/concerns/authentication.rb b/app/controllers/concerns/authentication.rb new file mode 100644 index 0000000..3538f48 --- /dev/null +++ b/app/controllers/concerns/authentication.rb @@ -0,0 +1,52 @@ +module Authentication + extend ActiveSupport::Concern + + included do + before_action :require_authentication + helper_method :authenticated? + end + + class_methods do + def allow_unauthenticated_access(**options) + skip_before_action :require_authentication, **options + end + end + + private + def authenticated? + resume_session + end + + def require_authentication + resume_session || request_authentication + end + + def resume_session + Current.session ||= find_session_by_cookie + end + + def find_session_by_cookie + Session.find_by(id: cookies.signed[:session_id]) if cookies.signed[:session_id] + end + + def request_authentication + session[:return_to_after_authenticating] = request.url + redirect_to new_session_path + end + + def after_authentication_url + session.delete(:return_to_after_authenticating) || root_url + end + + def start_new_session_for(user) + user.sessions.create!(user_agent: request.user_agent, ip_address: request.remote_ip).tap do |session| + Current.session = session + cookies.signed.permanent[:session_id] = { value: session.id, httponly: true, same_site: :lax } + end + end + + def terminate_session + Current.session.destroy + cookies.delete(:session_id) + end +end diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb new file mode 100644 index 0000000..cd27f53 --- /dev/null +++ b/app/controllers/home_controller.rb @@ -0,0 +1,7 @@ +class HomeController < ApplicationController + allow_unauthenticated_access + + def index + @tartiflettes = Tartiflette.all + end +end diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb new file mode 100644 index 0000000..0c4b4a8 --- /dev/null +++ b/app/controllers/passwords_controller.rb @@ -0,0 +1,33 @@ +class PasswordsController < ApplicationController + allow_unauthenticated_access + before_action :set_user_by_token, only: %i[ edit update ] + + def new + end + + def create + if user = User.find_by(email_address: params[:email_address]) + PasswordsMailer.reset(user).deliver_later + end + + redirect_to new_session_path, notice: "Password reset instructions sent (if user with that email address exists)." + end + + def edit + end + + def update + if @user.update(params.permit(:password, :password_confirmation)) + redirect_to new_session_path, notice: "Password has been reset." + else + redirect_to edit_password_path(params[:token]), alert: "Passwords did not match." + end + end + + private + def set_user_by_token + @user = User.find_by_password_reset_token!(params[:token]) + rescue ActiveSupport::MessageVerifier::InvalidSignature + redirect_to new_password_path, alert: "Password reset link is invalid or has expired." + end +end diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb new file mode 100644 index 0000000..d2a6822 --- /dev/null +++ b/app/controllers/registrations_controller.rb @@ -0,0 +1,21 @@ +class RegistrationsController < ApplicationController + def new + @user = User.new + end + + def create + @user = User.new(user_params) + if @user.save + start_new_session_for @user + redirect_to root_path, notice: "Successfully signed up!" + else + render :new + end + end + + private + + def user_params + params.require(:user).permit(:email_address, :password, :password_confirmation) + end +end diff --git a/app/controllers/scores_controller.rb b/app/controllers/scores_controller.rb new file mode 100644 index 0000000..650c4e6 --- /dev/null +++ b/app/controllers/scores_controller.rb @@ -0,0 +1,49 @@ +class ScoresController < ApplicationController + allow_unauthenticated_access + before_action :set_tartiflette, only: [ :new, :create, :edit_all, :update_all ] + before_action :scores_params, only: [ :create, :update_all ] + + def new + end + + def create + if TartifletteScoringService.scored?(@tartiflette, session) + redirect_to root_path, alert: "Vous avez déja noté cette tartiflette." + return + end + + TartifletteScoringService.submit_scores(@tartiflette, scores_params, session) + redirect_to root_path, + notice: "Vos scores pour la tartiflette #{@tartiflette.scoring_id} ont été enregistrés." + rescue StandardError => e + redirect_to root_path, + status: :unprocessable_entity, + alert: "Erreur lors de l'enregistrement de vos scores : #{e.message}" + end + + def edit_all + @scores = @tartiflette.scores + end + + def update_all + scores_params.each do |score_id, score_params| + score = @tartiflette.scores.find(score_id) + score.update!(value: score_params[:value]) + end + redirect_to root_path, + notice: "Vos scores pour la tartiflette #{@tartiflette.scoring_id} ont été mis à jour." + rescue StandardError => e + redirect_to edit_tartiflette_scores_path(@tartiflette), + alert: "Erreur lors de l'enregistrement de vos scores : #{e.message}" + end + + private + + def set_tartiflette + @tartiflette = Tartiflette.find(params[:tartiflette_id]) + end + + def scores_params + params.require(:scores).permit!.to_h + end +end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb new file mode 100644 index 0000000..9785c92 --- /dev/null +++ b/app/controllers/sessions_controller.rb @@ -0,0 +1,21 @@ +class SessionsController < ApplicationController + allow_unauthenticated_access only: %i[ new create ] + rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_url, alert: "Try again later." } + + def new + end + + def create + if user = User.authenticate_by(params.permit(:email_address, :password)) + start_new_session_for user + redirect_to after_authentication_url + else + redirect_to new_session_path, alert: "Try another email address or password." + end + end + + def destroy + terminate_session + redirect_to new_session_path + end +end diff --git a/app/controllers/tartiflettes_controller.rb b/app/controllers/tartiflettes_controller.rb new file mode 100644 index 0000000..cbea402 --- /dev/null +++ b/app/controllers/tartiflettes_controller.rb @@ -0,0 +1,26 @@ +class TartiflettesController < ApplicationController + before_action :set_tartiflette, only: [ :show ] + + def index + @tartiflettes = Tartiflette.all + end + + def show + end + + def new + @tartiflette = Tartiflette.new + end + + private + + def tartiflette_params + params.require(:tartiflette) + end + + def set_tartiflette + @tartiflette = Tartiflette.find(params[:id]) + rescue ActiveRecord::RecordNotFound + redirect_to root_path, alert: "Tartiflette introuvable." + end +end |