organizations_controller.rb 8.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369
  1. # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
  2. class OrganizationsController < ApplicationController
  3. prepend_before_action :authentication_check
  4. =begin
  5. Format:
  6. JSON
  7. Example:
  8. {
  9. "id":1,
  10. "name":"Znuny GmbH",
  11. "note":"",
  12. "active":true,
  13. "shared":true,
  14. "updated_at":"2012-09-14T17:51:53Z",
  15. "created_at":"2012-09-14T17:51:53Z",
  16. "created_by_id":2,
  17. }
  18. =end
  19. =begin
  20. Resource:
  21. GET /api/v1/organizations
  22. Response:
  23. [
  24. {
  25. "id": 1,
  26. "name": "some_name1",
  27. ...
  28. },
  29. {
  30. "id": 2,
  31. "name": "some_name2",
  32. ...
  33. }
  34. ]
  35. Test:
  36. curl http://localhost/api/v1/organizations -v -u #{login}:#{password}
  37. =end
  38. def index
  39. offset = 0
  40. per_page = 500
  41. if params[:page] && params[:per_page]
  42. offset = (params[:page].to_i - 1) * params[:per_page].to_i
  43. per_page = params[:per_page].to_i
  44. end
  45. if per_page > 500
  46. per_page = 500
  47. end
  48. # only allow customer to fetch his own organization
  49. organizations = []
  50. if !current_user.permissions?(['admin.organization', 'ticket.agent'])
  51. if current_user.organization_id
  52. organizations = Organization.where(id: current_user.organization_id).order(id: 'ASC').offset(offset).limit(per_page)
  53. end
  54. else
  55. organizations = Organization.all.order(id: 'ASC').offset(offset).limit(per_page)
  56. end
  57. if response_expand?
  58. list = []
  59. organizations.each do |organization|
  60. list.push organization.attributes_with_association_names
  61. end
  62. render json: list, status: :ok
  63. return
  64. end
  65. if response_full?
  66. assets = {}
  67. item_ids = []
  68. organizations.each do |item|
  69. item_ids.push item.id
  70. assets = item.assets(assets)
  71. end
  72. render json: {
  73. record_ids: item_ids,
  74. assets: assets,
  75. }, status: :ok
  76. return
  77. end
  78. list = []
  79. organizations.each do |organization|
  80. list.push organization.attributes_with_association_ids
  81. end
  82. render json: list
  83. end
  84. =begin
  85. Resource:
  86. GET /api/v1/organizations/#{id}
  87. Response:
  88. {
  89. "id": 1,
  90. "name": "name_1",
  91. ...
  92. }
  93. Test:
  94. curl http://localhost/api/v1/organizations/#{id} -v -u #{login}:#{password}
  95. =end
  96. def show
  97. # only allow customer to fetch his own organization
  98. if !current_user.permissions?(['admin.organization', 'ticket.agent'])
  99. if !current_user.organization_id
  100. render json: {}
  101. return
  102. end
  103. raise Exceptions::NotAuthorized if params[:id].to_i != current_user.organization_id
  104. end
  105. if response_expand?
  106. organization = Organization.find(params[:id]).attributes_with_association_names
  107. render json: organization, status: :ok
  108. return
  109. end
  110. if response_full?
  111. full = Organization.full(params[:id])
  112. render json: full, status: :ok
  113. return
  114. end
  115. model_show_render(Organization, params)
  116. end
  117. =begin
  118. Resource:
  119. POST /api/v1/organizations
  120. Payload:
  121. {
  122. "name": "some_name",
  123. "active": true,
  124. "note": "some note",
  125. "shared": true
  126. }
  127. Response:
  128. {
  129. "id": 1,
  130. "name": "some_name",
  131. ...
  132. }
  133. Test:
  134. curl http://localhost/api/v1/organizations -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"name": "some_name","active": true,"shared": true,"note": "some note"}'
  135. =end
  136. def create
  137. permission_check(['admin.organization', 'ticket.agent'])
  138. model_create_render(Organization, params)
  139. end
  140. =begin
  141. Resource:
  142. PUT /api/v1/organizations/{id}
  143. Payload:
  144. {
  145. "id": 1
  146. "name": "some_name",
  147. "active": true,
  148. "note": "some note",
  149. "shared": true
  150. }
  151. Response:
  152. {
  153. "id": 1,
  154. "name": "some_name",
  155. ...
  156. }
  157. Test:
  158. curl http://localhost/api/v1/organizations -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"id": 1,"name": "some_name","active": true,"shared": true,"note": "some note"}'
  159. =end
  160. def update
  161. permission_check(['admin.organization', 'ticket.agent'])
  162. model_update_render(Organization, params)
  163. end
  164. =begin
  165. Resource:
  166. DELETE /api/v1/organization/{id}
  167. Response:
  168. {}
  169. Test:
  170. curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Content-Type: application/json" -X DELETE -d '{}'
  171. =end
  172. def destroy
  173. permission_check(['admin.organization', 'ticket.agent'])
  174. model_references_check(Organization, params)
  175. model_destroy_render(Organization, params)
  176. end
  177. # GET /api/v1/organizations/search
  178. def search
  179. if !current_user.permissions?(['admin.organization', 'ticket.agent'])
  180. raise Exceptions::NotAuthorized
  181. end
  182. per_page = params[:per_page] || params[:limit] || 100
  183. per_page = per_page.to_i
  184. if per_page > 500
  185. per_page = 500
  186. end
  187. page = params[:page] || 1
  188. page = page.to_i
  189. offset = (page - 1) * per_page
  190. query = params[:query]
  191. if query.respond_to?(:permit!)
  192. query = query.permit!.to_h
  193. end
  194. query_params = {
  195. query: query,
  196. limit: per_page,
  197. offset: offset,
  198. sort_by: params[:sort_by],
  199. order_by: params[:order_by],
  200. current_user: current_user,
  201. }
  202. if params[:role_ids].present?
  203. query_params[:role_ids] = params[:role_ids]
  204. end
  205. # do query
  206. organization_all = Organization.search(query_params)
  207. if response_expand?
  208. list = []
  209. organization_all.each do |organization|
  210. list.push organization.attributes_with_association_names
  211. end
  212. render json: list, status: :ok
  213. return
  214. end
  215. # build result list
  216. if params[:label]
  217. organizations = []
  218. organization_all.each do |organization|
  219. a = { id: organization.id, label: organization.name, value: organization.name }
  220. organizations.push a
  221. end
  222. # return result
  223. render json: organizations
  224. return
  225. end
  226. if response_full?
  227. organization_ids = []
  228. assets = {}
  229. organization_all.each do |organization|
  230. assets = organization.assets(assets)
  231. organization_ids.push organization.id
  232. end
  233. # return result
  234. render json: {
  235. assets: assets,
  236. organization_ids: organization_ids.uniq,
  237. }
  238. return
  239. end
  240. list = []
  241. organization_all.each do |organization|
  242. list.push organization.attributes_with_association_ids
  243. end
  244. render json: list, status: :ok
  245. end
  246. # GET /api/v1/organizations/history/1
  247. def history
  248. # permission check
  249. if !current_user.permissions?(['admin.organization', 'ticket.agent'])
  250. raise Exceptions::NotAuthorized
  251. end
  252. # get organization data
  253. organization = Organization.find(params[:id])
  254. # get history of organization
  255. history = organization.history_get(true)
  256. # return result
  257. render json: history
  258. end
  259. # @path [GET] /organizations/import_example
  260. #
  261. # @summary Download of example CSV file.
  262. # @notes The requester have 'admin.organization' permissions to be able to download it.
  263. # @example curl -u 'me@example.com:test' http://localhost:3000/api/v1/organizations/import_example
  264. #
  265. # @response_message 200 File download.
  266. # @response_message 401 Invalid session.
  267. def import_example
  268. permission_check('admin.organization')
  269. send_data(
  270. Organization.csv_example,
  271. filename: 'organization-example.csv',
  272. type: 'text/csv',
  273. disposition: 'attachment'
  274. )
  275. end
  276. # @path [POST] /organizations/import
  277. #
  278. # @summary Starts import.
  279. # @notes The requester have 'admin.text_module' permissions to be create a new import.
  280. # @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/organizations.csv' 'https://your.zammad/api/v1/organizations/import?try=true'
  281. # @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/organizations.csv' 'https://your.zammad/api/v1/organizations/import'
  282. #
  283. # @response_message 201 Import started.
  284. # @response_message 401 Invalid session.
  285. def import_start
  286. permission_check('admin.user')
  287. string = params[:data]
  288. if string.blank? && params[:file].present?
  289. string = params[:file].read.force_encoding('utf-8')
  290. end
  291. raise Exceptions::UnprocessableEntity, 'No source data submitted!' if string.blank?
  292. result = Organization.csv_import(
  293. string: string,
  294. parse_params: {
  295. col_sep: params[:col_sep] || ',',
  296. },
  297. try: params[:try],
  298. delete: params[:delete],
  299. )
  300. render json: result, status: :ok
  301. end
  302. end