Project initialize

This commit is contained in:
Zin Bo Thit
2026-01-28 09:53:14 +06:30
commit e8380c6e23
139 changed files with 4599 additions and 0 deletions

View File

@@ -0,0 +1,19 @@
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
include AuthorizationConcern
before_action :configure_permitted_parameters, if: :devise_controller?
before_action :set_current_user_department
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:name, :role, :department_id])
devise_parameter_sanitizer.permit(:account_update, keys: [:name, :role, :department_id])
end
def set_current_user_department
@current_department = current_user&.department
end
end

View File

View File

@@ -0,0 +1,56 @@
module AuthorizationConcern
extend ActiveSupport::Concern
included do
before_action :authenticate_user!
helper_method :accessible_departments, :accessible_tasks, :accessible_users if respond_to?(:helper_method)
end
protected
def require_admin!
redirect_to root_path, alert: 'Access denied. Admin access required.' unless current_user&.admin?
end
def require_manager!
redirect_to root_path, alert: 'Access denied. Manager access required.' unless current_user&.manager? || current_user&.admin?
end
def accessible_departments
return Department.all if current_user&.admin?
return [current_user.department].compact if current_user&.department
Department.none
end
def accessible_tasks
return Task.all if current_user&.admin?
return Task.by_department(current_user.department) if current_user&.manager?
return Task.for_user(current_user) if current_user&.employee?
Task.none
end
def accessible_users
return User.all if current_user&.admin?
return current_user.department&.users || User.none if current_user&.manager?
return [current_user] if current_user&.employee?
User.none
end
def authorize_task!
# Uses @task set by set_task before_action
return if current_user&.can_view_task?(@task)
redirect_to tasks_path, alert: 'Access denied. You cannot view this task.'
end
def authorize_task_update!
# Uses @task set by set_task before_action
return if @task.updateable_by?(current_user)
redirect_to task_path(@task), alert: 'Access denied. You cannot update this task.'
end
def authorize_task_assignment!
# Uses @task set by set_task before_action
return if @task.assign?(current_user)
redirect_to task_path(@task), alert: 'Access denied. You cannot assign this task.'
end
end

View File

@@ -0,0 +1,61 @@
class DepartmentsController < ApplicationController
before_action :require_admin!, except: [:index, :show]
before_action :set_department, only: [:show, :edit, :update, :destroy]
before_action :authorize_department!, only: [:show, :edit, :update, :destroy]
def index
@departments = accessible_departments.ordered
@department = Department.new
end
def show
@tasks = @department.tasks.ordered.includes(:assignee, :creator)
@users = @department.users.ordered
end
def new
@department = Department.new
end
def create
@department = Department.new(department_params)
if @department.save
redirect_to @department, notice: 'Department was successfully created.'
else
@departments = accessible_departments.ordered
render :index
end
end
def edit
end
def update
if @department.update(department_params)
redirect_to @department, notice: 'Department was successfully updated.'
else
render :edit
end
end
def destroy
@department.destroy
redirect_to departments_path, notice: 'Department was successfully deleted.'
end
private
def set_department
@department = Department.find(params[:id])
end
def authorize_department!
return if current_user&.admin?
return if current_user&.can_manage_department?(@department)
redirect_to departments_path, alert: 'Access denied.'
end
def department_params
params.require(:department).permit(:name, :description)
end
end

View File

@@ -0,0 +1,116 @@
class TasksController < ApplicationController
before_action :set_task, only: [:show, :edit, :update, :destroy, :assign]
before_action :authorize_task!, only: [:show, :edit]
before_action :authorize_task_update!, only: [:update]
before_action :authorize_task_assignment!, only: [:assign]
def index
@tasks = accessible_tasks.includes(:assignee, :creator, :department)
@departments = accessible_departments.ordered
@task = Task.new(department: @current_department)
# Apply filters
@tasks = @tasks.by_department(params[:department_id]) if params[:department_id].present?
@tasks = @tasks.by_priority(params[:priority]) if params[:priority].present?
@tasks = @tasks.by_status(params[:status]) if params[:status].present?
end
def dashboard
@user_stats = current_user.role
case current_user.role
when 'admin'
@total_tasks = Task.count
@open_tasks = Task.open.count
@urgent_tasks = Task.urgent.count
@departments = Department.includes(:users, :tasks)
when 'manager'
@dept_tasks = Task.by_department(current_user.department)
@open_tasks = @dept_tasks.open.count
@urgent_tasks = @dept_tasks.urgent.count
@team_members = current_user.department.users.includes(:assigned_tasks)
when 'employee'
@my_tasks = Task.for_user(current_user)
@open_tasks = @my_tasks.open.count
@urgent_tasks = @my_tasks.urgent.count
end
@recent_tasks = accessible_tasks.ordered.limit(10)
end
def my_tasks
@tasks = Task.for_user(current_user).ordered.includes(:assignee, :creator, :department)
@task = Task.new(department: @current_department)
render :index
end
def show
@activities = @task.task_activities.order(created_at: :desc).limit(20)
end
def new
@task = Task.new(department: @current_department)
@departments = accessible_departments.ordered
end
def edit
authorize_task_update!(@task)
@departments = accessible_departments.ordered
end
def create
@task = Task.new(task_params)
@task.creator = current_user
@task.department ||= @current_department
if @task.save
redirect_to @task, notice: 'Task was successfully created.'
else
@tasks = accessible_tasks.ordered
@departments = accessible_departments.ordered
render :index
end
end
def update
if @task.update(task_params)
respond_to do |format|
format.html { redirect_to @task, notice: 'Task was successfully updated.' }
format.js
end
else
respond_to do |format|
format.html {
@departments = accessible_departments.ordered
render :edit
}
format.js
end
end
end
def assign
assignee = User.find(params[:assignee_id])
if @task.assign?(current_user)
@task.update(assignee: assignee, status: 'in_progress')
redirect_to @task, notice: "Task assigned to #{assignee.name}."
else
redirect_to @task, alert: 'Access denied. You cannot assign this task.'
end
end
def destroy
@task.destroy
redirect_to tasks_path, notice: 'Task was successfully deleted.'
end
private
def set_task
@task = Task.find(params[:id])
end
def task_params
permitted = [:title, :description, :priority, :status, :department_id, :assignee_id]
params.require(:task).permit(*permitted)
end
end