mirror of
https://github.com/we-promise/sure.git
synced 2026-04-11 00:04:47 +00:00
560c9fbff3
* Initial account sharing changes * Update schema.rb * Update schema.rb * Change sharing UI to modal * UX fixes and sharing controls * Scope include in finances better * Update totals.rb * Update totals.rb * Scope reports to finance account scope * Update impersonation_sessions_controller_test.rb * Review fixes * Update schema.rb * Update show.html.erb * FIX db validation * Refine edit permissions * Review items * Review * Review * Add application level helper * Critical review * Address remaining review items * Fix modals * more scoping * linter * small UI fix * Fix: Sync broadcasts push unscoped balance sheet to all users * Update sync_complete_event.rb The fix removes the sidebar broadcasts (which rendered unscoped account groups using family.balance_sheet without user context) along with the now-unused sidebar_targets, account_group, and family_balance_sheet private methods. The sidebar will still update correctly — when the sync completes, Family::SyncCompleteEvent#broadcast fires family.broadcast_refresh, which triggers a morph-based page refresh for each user with their own authenticated session, rendering properly scoped sidebar content.
72 lines
1.8 KiB
Ruby
72 lines
1.8 KiB
Ruby
module EntryableResource
|
|
extend ActiveSupport::Concern
|
|
|
|
included do
|
|
include StreamExtensions, ActionView::RecordIdentifier
|
|
|
|
before_action :set_entry, only: %i[show update destroy]
|
|
|
|
helper_method :can_edit_entry?, :can_annotate_entry?
|
|
end
|
|
|
|
def show
|
|
end
|
|
|
|
def new
|
|
account = accessible_accounts.find_by(id: params[:account_id])
|
|
|
|
@entry = Current.family.entries.new(
|
|
account: account,
|
|
currency: account ? account.currency : Current.family.currency,
|
|
entryable: entryable
|
|
)
|
|
end
|
|
|
|
def create
|
|
raise NotImplementedError, "Entryable resources must implement #create"
|
|
end
|
|
|
|
def update
|
|
raise NotImplementedError, "Entryable resources must implement #update"
|
|
end
|
|
|
|
def destroy
|
|
unless can_edit_entry?
|
|
respond_to do |format|
|
|
format.html { redirect_back_or_to account_path(@entry.account), alert: t("accounts.not_authorized") }
|
|
format.turbo_stream { stream_redirect_back_or_to(account_path(@entry.account), alert: t("accounts.not_authorized")) }
|
|
end
|
|
return
|
|
end
|
|
|
|
@entry.destroy!
|
|
@entry.sync_account_later
|
|
|
|
redirect_back_or_to account_path(@entry.account), notice: t("account.entries.destroy.success")
|
|
end
|
|
|
|
private
|
|
def entryable
|
|
controller_name.classify.constantize.new
|
|
end
|
|
|
|
def set_entry
|
|
@entry = Current.family.entries
|
|
.joins(:account)
|
|
.merge(Account.accessible_by(Current.user))
|
|
.find(params[:id])
|
|
end
|
|
|
|
def entry_permission
|
|
@entry_permission ||= @entry&.account&.permission_for(Current.user)
|
|
end
|
|
|
|
def can_edit_entry?
|
|
entry_permission.in?([ :owner, :full_control ])
|
|
end
|
|
|
|
def can_annotate_entry?
|
|
entry_permission.in?([ :owner, :full_control, :read_write ])
|
|
end
|
|
end
|