settings_controller.rb 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
  1. # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
  2. class SettingsController < ApplicationController
  3. prepend_before_action { authentication_check(permission: 'admin.*') }
  4. # GET /settings
  5. def index
  6. list = []
  7. Setting.all.each do |setting|
  8. next if setting.preferences[:permission] && !current_user.permissions?(setting.preferences[:permission])
  9. list.push setting
  10. end
  11. render json: list, status: :ok
  12. end
  13. # GET /settings/1
  14. def show
  15. check_access('read')
  16. model_show_render(Setting, params)
  17. end
  18. # POST /settings
  19. def create
  20. raise Exceptions::NotAuthorized, 'Not authorized (feature not possible)'
  21. end
  22. # PUT /settings/1
  23. def update
  24. check_access('write')
  25. clean_params = keep_certain_attributes
  26. model_update_render(Setting, clean_params)
  27. end
  28. # PUT /settings/image/:id
  29. def update_image
  30. check_access('write')
  31. clean_params = keep_certain_attributes
  32. if !clean_params[:logo]
  33. render json: {
  34. result: 'invalid',
  35. message: 'Need logo param',
  36. }
  37. return
  38. end
  39. # validate image
  40. if clean_params[:logo] !~ /^data:image/i
  41. render json: {
  42. result: 'invalid',
  43. message: 'Invalid payload, need data:image in logo param',
  44. }
  45. return
  46. end
  47. # process image
  48. file = StaticAssets.data_url_attributes(clean_params[:logo])
  49. if !file[:content] || !file[:mime_type]
  50. render json: {
  51. result: 'invalid',
  52. message: 'Unable to process image upload.',
  53. }
  54. return
  55. end
  56. # store image 1:1
  57. StaticAssets.store_raw(file[:content], file[:mime_type])
  58. # store resized image 1:1
  59. setting = Setting.lookup(name: 'product_logo')
  60. if params[:logo_resize] && params[:logo_resize] =~ /^data:image/i
  61. # data:image/png;base64
  62. file = StaticAssets.data_url_attributes(params[:logo_resize])
  63. # store image 1:1
  64. setting.state = StaticAssets.store(file[:content], file[:mime_type])
  65. setting.save!
  66. end
  67. render json: {
  68. result: 'ok',
  69. settings: [setting],
  70. }
  71. end
  72. # DELETE /settings/1
  73. def destroy
  74. raise Exceptions::NotAuthorized, 'Not authorized (feature not possible)'
  75. end
  76. private
  77. def keep_certain_attributes
  78. setting = Setting.find(params[:id])
  79. %i[name area state_initial frontend options].each do |key|
  80. params.delete(key)
  81. end
  82. if params[:preferences].present?
  83. %i[online_service_disable permission render].each do |key|
  84. params[:preferences].delete(key)
  85. end
  86. params[:preferences].merge!(setting.preferences)
  87. end
  88. params
  89. end
  90. def check_access(type)
  91. setting = Setting.lookup(id: params[:id])
  92. if setting.preferences[:permission] && !current_user.permissions?(setting.preferences[:permission])
  93. raise Exceptions::NotAuthorized, "Not authorized (required #{setting.preferences[:permission].inspect})"
  94. end
  95. if type == 'write'
  96. return true if !Setting.get('system_online_service')
  97. if setting.preferences && setting.preferences[:online_service_disable]
  98. raise Exceptions::NotAuthorized, 'Not authorized (service disabled)'
  99. end
  100. end
  101. true
  102. end
  103. end