settings_controller.rb 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. class SettingsController < ApplicationController
  3. prepend_before_action :authenticate_and_authorize!
  4. # GET /settings
  5. def index
  6. list = []
  7. Setting.all.each do |setting|
  8. next if !authorized?(setting, :show?)
  9. list.push setting
  10. end
  11. render json: list, status: :ok
  12. end
  13. # GET /settings/1
  14. def show
  15. model_show_render(Setting, params)
  16. end
  17. # POST /settings
  18. def create
  19. raise Exceptions::Forbidden, __('Not authorized (feature not possible)')
  20. end
  21. # PUT /settings/1
  22. def update
  23. model_update_render(Setting, keep_certain_attributes)
  24. end
  25. # PUT /settings/image/:id
  26. def update_image
  27. logo_content = %i[logo logo_resize].each_with_object({}) do |key, memo|
  28. data = params[key]
  29. next if !data&.match? %r{^data:image}i
  30. file = ImageHelper.data_url_attributes(data)
  31. memo[key] = file[:content] if file
  32. end
  33. logo_timestamp = Service::SystemAssets::ProductLogo.store(logo_content[:logo], logo_content[:logo_resize])
  34. if !logo_timestamp
  35. render json: {
  36. result: 'invalid',
  37. message: __('The uploaded image could not be processed. Need data:image in logo or logo_resize param.'),
  38. }
  39. return
  40. end
  41. setting = Setting.lookup(name: 'product_logo')
  42. setting.state = logo_timestamp
  43. setting.save!
  44. render json: {
  45. result: 'ok',
  46. settings: [setting],
  47. }
  48. end
  49. # DELETE /settings/1
  50. def destroy
  51. raise Exceptions::Forbidden, __('Not authorized (feature not possible)')
  52. end
  53. # POST /settings/reset/1
  54. def reset
  55. setting = Setting.find(params[:id])
  56. Setting.reset(setting.name)
  57. setting.reload
  58. if response_expand?
  59. render json: setting.attributes_with_association_names, status: :ok
  60. return
  61. end
  62. if response_full?
  63. render json: setting.class.full(setting.id), status: :ok
  64. return
  65. end
  66. render json: setting.attributes_with_association_ids, status: :ok
  67. end
  68. private
  69. def keep_certain_attributes
  70. setting = Setting.find(params[:id])
  71. %i[name area state_initial frontend options].each do |key|
  72. params.delete(key)
  73. end
  74. if params[:preferences].present?
  75. %i[online_service_disable permission render].each do |key|
  76. params[:preferences].delete(key)
  77. end
  78. params[:preferences].merge!(setting.preferences)
  79. end
  80. params
  81. end
  82. end