organizations_controller.rb 8.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365
  1. # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
  2. class OrganizationsController < ApplicationController
  3. prepend_before_action :authentication_check
  4. =begin
  5. Format:
  6. JSON
  7. Example:
  8. {
  9. "id":1,
  10. "name":"Znuny GmbH",
  11. "note":"",
  12. "active":true,
  13. "shared":true,
  14. "updated_at":"2012-09-14T17:51:53Z",
  15. "created_at":"2012-09-14T17:51:53Z",
  16. "created_by_id":2,
  17. }
  18. =end
  19. =begin
  20. Resource:
  21. GET /api/v1/organizations
  22. Response:
  23. [
  24. {
  25. "id": 1,
  26. "name": "some_name1",
  27. ...
  28. },
  29. {
  30. "id": 2,
  31. "name": "some_name2",
  32. ...
  33. }
  34. ]
  35. Test:
  36. curl http://localhost/api/v1/organizations -v -u #{login}:#{password}
  37. =end
  38. def index
  39. offset = 0
  40. per_page = 500
  41. if params[:page] && params[:per_page]
  42. offset = (params[:page].to_i - 1) * params[:per_page].to_i
  43. per_page = params[:per_page].to_i
  44. end
  45. if per_page > 500
  46. per_page = 500
  47. end
  48. # only allow customer to fetch his own organization
  49. organizations = []
  50. if !current_user.permissions?(['admin.organization', 'ticket.agent'])
  51. if current_user.organization_id
  52. organizations = Organization.where(id: current_user.organization_id).order(id: 'ASC').offset(offset).limit(per_page)
  53. end
  54. else
  55. organizations = Organization.all.order(id: 'ASC').offset(offset).limit(per_page)
  56. end
  57. if response_expand?
  58. list = []
  59. organizations.each do |organization|
  60. list.push organization.attributes_with_association_names
  61. end
  62. render json: list, status: :ok
  63. return
  64. end
  65. if response_full?
  66. assets = {}
  67. item_ids = []
  68. organizations.each do |item|
  69. item_ids.push item.id
  70. assets = item.assets(assets)
  71. end
  72. render json: {
  73. record_ids: item_ids,
  74. assets: assets,
  75. }, status: :ok
  76. return
  77. end
  78. list = []
  79. organizations.each do |organization|
  80. list.push organization.attributes_with_association_ids
  81. end
  82. render json: list
  83. end
  84. =begin
  85. Resource:
  86. GET /api/v1/organizations/#{id}
  87. Response:
  88. {
  89. "id": 1,
  90. "name": "name_1",
  91. ...
  92. }
  93. Test:
  94. curl http://localhost/api/v1/organizations/#{id} -v -u #{login}:#{password}
  95. =end
  96. def show
  97. # only allow customer to fetch his own organization
  98. if !current_user.permissions?(['admin.organization', 'ticket.agent'])
  99. if !current_user.organization_id
  100. render json: {}
  101. return
  102. end
  103. raise Exceptions::NotAuthorized if params[:id].to_i != current_user.organization_id
  104. end
  105. if response_expand?
  106. organization = Organization.find(params[:id]).attributes_with_association_names
  107. render json: organization, status: :ok
  108. return
  109. end
  110. if response_full?
  111. full = Organization.full(params[:id])
  112. render json: full, status: :ok
  113. return
  114. end
  115. model_show_render(Organization, params)
  116. end
  117. =begin
  118. Resource:
  119. POST /api/v1/organizations
  120. Payload:
  121. {
  122. "name": "some_name",
  123. "active": true,
  124. "note": "some note",
  125. "shared": true
  126. }
  127. Response:
  128. {
  129. "id": 1,
  130. "name": "some_name",
  131. ...
  132. }
  133. Test:
  134. curl http://localhost/api/v1/organizations -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"name": "some_name","active": true,"shared": true,"note": "some note"}'
  135. =end
  136. def create
  137. permission_check(['admin.organization', 'ticket.agent'])
  138. model_create_render(Organization, params)
  139. end
  140. =begin
  141. Resource:
  142. PUT /api/v1/organizations/{id}
  143. Payload:
  144. {
  145. "id": 1
  146. "name": "some_name",
  147. "active": true,
  148. "note": "some note",
  149. "shared": true
  150. }
  151. Response:
  152. {
  153. "id": 1,
  154. "name": "some_name",
  155. ...
  156. }
  157. Test:
  158. curl http://localhost/api/v1/organizations -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"id": 1,"name": "some_name","active": true,"shared": true,"note": "some note"}'
  159. =end
  160. def update
  161. permission_check(['admin.organization', 'ticket.agent'])
  162. model_update_render(Organization, params)
  163. end
  164. =begin
  165. Resource:
  166. DELETE /api/v1/organization/{id}
  167. Response:
  168. {}
  169. Test:
  170. curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Content-Type: application/json" -X DELETE -d '{}'
  171. =end
  172. def destroy
  173. permission_check(['admin.organization', 'ticket.agent'])
  174. model_references_check(Organization, params)
  175. model_destroy_render(Organization, params)
  176. end
  177. # GET /api/v1/organizations/search
  178. def search
  179. if !current_user.permissions?(['admin.organization', 'ticket.agent'])
  180. raise Exceptions::NotAuthorized
  181. end
  182. # set limit for pagination if needed
  183. if params[:page] && params[:per_page]
  184. params[:limit] = params[:page].to_i * params[:per_page].to_i
  185. end
  186. if params[:limit] && params[:limit].to_i > 500
  187. params[:limit] = 500
  188. end
  189. query = params[:query]
  190. if query.respond_to?(:permit!)
  191. query = query.permit!.to_h
  192. end
  193. query_params = {
  194. query: query,
  195. limit: params[:limit],
  196. current_user: current_user,
  197. }
  198. if params[:role_ids].present?
  199. query_params[:role_ids] = params[:role_ids]
  200. end
  201. # do query
  202. organization_all = Organization.search(query_params)
  203. # do pagination if needed
  204. if params[:page] && params[:per_page]
  205. offset = (params[:page].to_i - 1) * params[:per_page].to_i
  206. organization_all = organization_all[offset, params[:per_page].to_i] || []
  207. end
  208. if response_expand?
  209. list = []
  210. organization_all.each do |organization|
  211. list.push organization.attributes_with_association_names
  212. end
  213. render json: list, status: :ok
  214. return
  215. end
  216. # build result list
  217. if params[:label]
  218. organizations = []
  219. organization_all.each do |organization|
  220. a = { id: organization.id, label: organization.name, value: organization.name }
  221. organizations.push a
  222. end
  223. # return result
  224. render json: organizations
  225. return
  226. end
  227. if response_full?
  228. organization_ids = []
  229. assets = {}
  230. organization_all.each do |organization|
  231. assets = organization.assets(assets)
  232. organization_ids.push organization.id
  233. end
  234. # return result
  235. render json: {
  236. assets: assets,
  237. organization_ids: organization_ids.uniq,
  238. }
  239. return
  240. end
  241. list = []
  242. organization_all.each do |organization|
  243. list.push organization.attributes_with_association_ids
  244. end
  245. render json: list, status: :ok
  246. end
  247. # GET /api/v1/organizations/history/1
  248. def history
  249. # permission check
  250. if !current_user.permissions?(['admin.organization', 'ticket.agent'])
  251. raise Exceptions::NotAuthorized
  252. end
  253. # get organization data
  254. organization = Organization.find(params[:id])
  255. # get history of organization
  256. history = organization.history_get(true)
  257. # return result
  258. render json: history
  259. end
  260. # @path [GET] /organizations/import_example
  261. #
  262. # @summary Download of example CSV file.
  263. # @notes The requester have 'admin.organization' permissions to be able to download it.
  264. # @example curl -u 'me@example.com:test' http://localhost:3000/api/v1/organizations/import_example
  265. #
  266. # @response_message 200 File download.
  267. # @response_message 401 Invalid session.
  268. def import_example
  269. permission_check('admin.organization')
  270. send_data(
  271. Organization.csv_example,
  272. filename: 'organization-example.csv',
  273. type: 'text/csv',
  274. disposition: 'attachment'
  275. )
  276. end
  277. # @path [POST] /organizations/import
  278. #
  279. # @summary Starts import.
  280. # @notes The requester have 'admin.text_module' permissions to be create a new import.
  281. # @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/organizations.csv' 'https://your.zammad/api/v1/organizations/import?try=true'
  282. # @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/organizations.csv' 'https://your.zammad/api/v1/organizations/import'
  283. #
  284. # @response_message 201 Import started.
  285. # @response_message 401 Invalid session.
  286. def import_start
  287. permission_check('admin.user')
  288. result = Organization.csv_import(
  289. string: params[:file].read.force_encoding('utf-8'),
  290. parse_params: {
  291. col_sep: ';',
  292. },
  293. try: params[:try],
  294. )
  295. render json: result, status: :ok
  296. end
  297. end