Project initialize
This commit is contained in:
19
app/controllers/application_controller.rb
Normal file
19
app/controllers/application_controller.rb
Normal file
@@ -0,0 +1,19 @@
|
||||
class ApplicationController < ActionController::Base
|
||||
protect_from_forgery with: :exception
|
||||
|
||||
include AuthorizationConcern
|
||||
|
||||
before_action :configure_permitted_parameters, if: :devise_controller?
|
||||
before_action :set_current_user_department
|
||||
|
||||
protected
|
||||
|
||||
def configure_permitted_parameters
|
||||
devise_parameter_sanitizer.permit(:sign_up, keys: [:name, :role, :department_id])
|
||||
devise_parameter_sanitizer.permit(:account_update, keys: [:name, :role, :department_id])
|
||||
end
|
||||
|
||||
def set_current_user_department
|
||||
@current_department = current_user&.department
|
||||
end
|
||||
end
|
||||
0
app/controllers/concerns/.keep
Normal file
0
app/controllers/concerns/.keep
Normal file
56
app/controllers/concerns/authorization_concern.rb
Normal file
56
app/controllers/concerns/authorization_concern.rb
Normal file
@@ -0,0 +1,56 @@
|
||||
module AuthorizationConcern
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
included do
|
||||
before_action :authenticate_user!
|
||||
helper_method :accessible_departments, :accessible_tasks, :accessible_users if respond_to?(:helper_method)
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def require_admin!
|
||||
redirect_to root_path, alert: 'Access denied. Admin access required.' unless current_user&.admin?
|
||||
end
|
||||
|
||||
def require_manager!
|
||||
redirect_to root_path, alert: 'Access denied. Manager access required.' unless current_user&.manager? || current_user&.admin?
|
||||
end
|
||||
|
||||
def accessible_departments
|
||||
return Department.all if current_user&.admin?
|
||||
return [current_user.department].compact if current_user&.department
|
||||
Department.none
|
||||
end
|
||||
|
||||
def accessible_tasks
|
||||
return Task.all if current_user&.admin?
|
||||
return Task.by_department(current_user.department) if current_user&.manager?
|
||||
return Task.for_user(current_user) if current_user&.employee?
|
||||
Task.none
|
||||
end
|
||||
|
||||
def accessible_users
|
||||
return User.all if current_user&.admin?
|
||||
return current_user.department&.users || User.none if current_user&.manager?
|
||||
return [current_user] if current_user&.employee?
|
||||
User.none
|
||||
end
|
||||
|
||||
def authorize_task!
|
||||
# Uses @task set by set_task before_action
|
||||
return if current_user&.can_view_task?(@task)
|
||||
redirect_to tasks_path, alert: 'Access denied. You cannot view this task.'
|
||||
end
|
||||
|
||||
def authorize_task_update!
|
||||
# Uses @task set by set_task before_action
|
||||
return if @task.updateable_by?(current_user)
|
||||
redirect_to task_path(@task), alert: 'Access denied. You cannot update this task.'
|
||||
end
|
||||
|
||||
def authorize_task_assignment!
|
||||
# Uses @task set by set_task before_action
|
||||
return if @task.assign?(current_user)
|
||||
redirect_to task_path(@task), alert: 'Access denied. You cannot assign this task.'
|
||||
end
|
||||
end
|
||||
61
app/controllers/departments_controller.rb
Normal file
61
app/controllers/departments_controller.rb
Normal file
@@ -0,0 +1,61 @@
|
||||
class DepartmentsController < ApplicationController
|
||||
before_action :require_admin!, except: [:index, :show]
|
||||
before_action :set_department, only: [:show, :edit, :update, :destroy]
|
||||
before_action :authorize_department!, only: [:show, :edit, :update, :destroy]
|
||||
|
||||
def index
|
||||
@departments = accessible_departments.ordered
|
||||
@department = Department.new
|
||||
end
|
||||
|
||||
def show
|
||||
@tasks = @department.tasks.ordered.includes(:assignee, :creator)
|
||||
@users = @department.users.ordered
|
||||
end
|
||||
|
||||
def new
|
||||
@department = Department.new
|
||||
end
|
||||
|
||||
def create
|
||||
@department = Department.new(department_params)
|
||||
if @department.save
|
||||
redirect_to @department, notice: 'Department was successfully created.'
|
||||
else
|
||||
@departments = accessible_departments.ordered
|
||||
render :index
|
||||
end
|
||||
end
|
||||
|
||||
def edit
|
||||
end
|
||||
|
||||
def update
|
||||
if @department.update(department_params)
|
||||
redirect_to @department, notice: 'Department was successfully updated.'
|
||||
else
|
||||
render :edit
|
||||
end
|
||||
end
|
||||
|
||||
def destroy
|
||||
@department.destroy
|
||||
redirect_to departments_path, notice: 'Department was successfully deleted.'
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def set_department
|
||||
@department = Department.find(params[:id])
|
||||
end
|
||||
|
||||
def authorize_department!
|
||||
return if current_user&.admin?
|
||||
return if current_user&.can_manage_department?(@department)
|
||||
redirect_to departments_path, alert: 'Access denied.'
|
||||
end
|
||||
|
||||
def department_params
|
||||
params.require(:department).permit(:name, :description)
|
||||
end
|
||||
end
|
||||
116
app/controllers/tasks_controller.rb
Normal file
116
app/controllers/tasks_controller.rb
Normal file
@@ -0,0 +1,116 @@
|
||||
class TasksController < ApplicationController
|
||||
before_action :set_task, only: [:show, :edit, :update, :destroy, :assign]
|
||||
before_action :authorize_task!, only: [:show, :edit]
|
||||
before_action :authorize_task_update!, only: [:update]
|
||||
before_action :authorize_task_assignment!, only: [:assign]
|
||||
|
||||
def index
|
||||
@tasks = accessible_tasks.includes(:assignee, :creator, :department)
|
||||
@departments = accessible_departments.ordered
|
||||
@task = Task.new(department: @current_department)
|
||||
|
||||
# Apply filters
|
||||
@tasks = @tasks.by_department(params[:department_id]) if params[:department_id].present?
|
||||
@tasks = @tasks.by_priority(params[:priority]) if params[:priority].present?
|
||||
@tasks = @tasks.by_status(params[:status]) if params[:status].present?
|
||||
end
|
||||
|
||||
def dashboard
|
||||
@user_stats = current_user.role
|
||||
case current_user.role
|
||||
when 'admin'
|
||||
@total_tasks = Task.count
|
||||
@open_tasks = Task.open.count
|
||||
@urgent_tasks = Task.urgent.count
|
||||
@departments = Department.includes(:users, :tasks)
|
||||
when 'manager'
|
||||
@dept_tasks = Task.by_department(current_user.department)
|
||||
@open_tasks = @dept_tasks.open.count
|
||||
@urgent_tasks = @dept_tasks.urgent.count
|
||||
@team_members = current_user.department.users.includes(:assigned_tasks)
|
||||
when 'employee'
|
||||
@my_tasks = Task.for_user(current_user)
|
||||
@open_tasks = @my_tasks.open.count
|
||||
@urgent_tasks = @my_tasks.urgent.count
|
||||
end
|
||||
|
||||
@recent_tasks = accessible_tasks.ordered.limit(10)
|
||||
end
|
||||
|
||||
def my_tasks
|
||||
@tasks = Task.for_user(current_user).ordered.includes(:assignee, :creator, :department)
|
||||
@task = Task.new(department: @current_department)
|
||||
render :index
|
||||
end
|
||||
|
||||
def show
|
||||
@activities = @task.task_activities.order(created_at: :desc).limit(20)
|
||||
end
|
||||
|
||||
def new
|
||||
@task = Task.new(department: @current_department)
|
||||
@departments = accessible_departments.ordered
|
||||
end
|
||||
|
||||
def edit
|
||||
authorize_task_update!(@task)
|
||||
@departments = accessible_departments.ordered
|
||||
end
|
||||
|
||||
def create
|
||||
@task = Task.new(task_params)
|
||||
@task.creator = current_user
|
||||
@task.department ||= @current_department
|
||||
|
||||
if @task.save
|
||||
redirect_to @task, notice: 'Task was successfully created.'
|
||||
else
|
||||
@tasks = accessible_tasks.ordered
|
||||
@departments = accessible_departments.ordered
|
||||
render :index
|
||||
end
|
||||
end
|
||||
|
||||
def update
|
||||
if @task.update(task_params)
|
||||
respond_to do |format|
|
||||
format.html { redirect_to @task, notice: 'Task was successfully updated.' }
|
||||
format.js
|
||||
end
|
||||
else
|
||||
respond_to do |format|
|
||||
format.html {
|
||||
@departments = accessible_departments.ordered
|
||||
render :edit
|
||||
}
|
||||
format.js
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def assign
|
||||
assignee = User.find(params[:assignee_id])
|
||||
if @task.assign?(current_user)
|
||||
@task.update(assignee: assignee, status: 'in_progress')
|
||||
redirect_to @task, notice: "Task assigned to #{assignee.name}."
|
||||
else
|
||||
redirect_to @task, alert: 'Access denied. You cannot assign this task.'
|
||||
end
|
||||
end
|
||||
|
||||
def destroy
|
||||
@task.destroy
|
||||
redirect_to tasks_path, notice: 'Task was successfully deleted.'
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def set_task
|
||||
@task = Task.find(params[:id])
|
||||
end
|
||||
|
||||
def task_params
|
||||
permitted = [:title, :description, :priority, :status, :department_id, :assignee_id]
|
||||
params.require(:task).permit(*permitted)
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user