mirror of
https://github.com/we-promise/sure.git
synced 2026-04-09 15:24:48 +00:00
560c9fbff3
* Initial account sharing changes * Update schema.rb * Update schema.rb * Change sharing UI to modal * UX fixes and sharing controls * Scope include in finances better * Update totals.rb * Update totals.rb * Scope reports to finance account scope * Update impersonation_sessions_controller_test.rb * Review fixes * Update schema.rb * Update show.html.erb * FIX db validation * Refine edit permissions * Review items * Review * Review * Add application level helper * Critical review * Address remaining review items * Fix modals * more scoping * linter * small UI fix * Fix: Sync broadcasts push unscoped balance sheet to all users * Update sync_complete_event.rb The fix removes the sidebar broadcasts (which rendered unscoped account groups using family.balance_sheet without user context) along with the now-unused sidebar_targets, account_group, and family_balance_sheet private methods. The sidebar will still update correctly — when the sync completes, Family::SyncCompleteEvent#broadcast fires family.broadcast_refresh, which triggers a morph-based page refresh for each user with their own authenticated session, rendering properly scoped sidebar content.
119 lines
4.9 KiB
Ruby
119 lines
4.9 KiB
Ruby
class TransactionAttachmentsController < ApplicationController
|
|
before_action :set_transaction
|
|
before_action :set_attachment, only: [ :show, :destroy ]
|
|
before_action :set_permissions, only: [ :create, :destroy ]
|
|
|
|
def show
|
|
disposition = params[:disposition] == "attachment" ? "attachment" : "inline"
|
|
redirect_to rails_blob_url(@attachment, disposition: disposition)
|
|
end
|
|
|
|
def create
|
|
unless @can_upload
|
|
redirect_back_or_to transaction_path(@transaction), alert: t("accounts.not_authorized")
|
|
return
|
|
end
|
|
|
|
attachments = attachment_params
|
|
|
|
if attachments.present?
|
|
@transaction.with_lock do
|
|
# Check attachment count limit before attaching
|
|
current_count = @transaction.attachments.count
|
|
new_count = attachments.is_a?(Array) ? attachments.length : 1
|
|
|
|
if current_count + new_count > Transaction::MAX_ATTACHMENTS_PER_TRANSACTION
|
|
respond_to do |format|
|
|
format.html { redirect_back_or_to transaction_path(@transaction), alert: t("transactions.attachments.cannot_exceed", count: Transaction::MAX_ATTACHMENTS_PER_TRANSACTION) }
|
|
format.turbo_stream { flash.now[:alert] = t("transactions.attachments.cannot_exceed", count: Transaction::MAX_ATTACHMENTS_PER_TRANSACTION) }
|
|
end
|
|
return
|
|
end
|
|
|
|
existing_ids = @transaction.attachments.pluck(:id)
|
|
attachment_proxy = @transaction.attachments.attach(attachments)
|
|
|
|
if @transaction.valid?
|
|
count = new_count
|
|
message = count == 1 ? t("transactions.attachments.uploaded_one") : t("transactions.attachments.uploaded_many", count: count)
|
|
respond_to do |format|
|
|
format.html { redirect_back_or_to transaction_path(@transaction), notice: message }
|
|
format.turbo_stream { flash.now[:notice] = message }
|
|
end
|
|
else
|
|
# Remove invalid attachments
|
|
newly_added = Array(attachment_proxy).reject { |a| existing_ids.include?(a.id) }
|
|
newly_added.each(&:purge)
|
|
error_messages = @transaction.errors.full_messages_for(:attachments).join(", ")
|
|
respond_to do |format|
|
|
format.html { redirect_back_or_to transaction_path(@transaction), alert: t("transactions.attachments.failed_upload", error: error_messages) }
|
|
format.turbo_stream { flash.now[:alert] = t("transactions.attachments.failed_upload", error: error_messages) }
|
|
end
|
|
end
|
|
end
|
|
else
|
|
respond_to do |format|
|
|
format.html { redirect_back_or_to transaction_path(@transaction), alert: t("transactions.attachments.no_files_selected") }
|
|
format.turbo_stream { flash.now[:alert] = t("transactions.attachments.no_files_selected") }
|
|
end
|
|
end
|
|
rescue => e
|
|
logger.error "#{e.class}: #{e.message}\n#{e.backtrace.join("\n")}"
|
|
respond_to do |format|
|
|
format.html { redirect_back_or_to transaction_path(@transaction), alert: t("transactions.attachments.upload_failed") }
|
|
format.turbo_stream { flash.now[:alert] = t("transactions.attachments.upload_failed") }
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
unless @can_delete
|
|
redirect_back_or_to transaction_path(@transaction), alert: t("accounts.not_authorized")
|
|
return
|
|
end
|
|
|
|
@attachment.purge
|
|
message = t("transactions.attachments.attachment_deleted")
|
|
respond_to do |format|
|
|
format.html { redirect_back_or_to transaction_path(@transaction), notice: message }
|
|
format.turbo_stream { flash.now[:notice] = message }
|
|
end
|
|
rescue => e
|
|
logger.error "#{e.class}: #{e.message}\n#{e.backtrace.join("\n")}"
|
|
respond_to do |format|
|
|
format.html { redirect_back_or_to transaction_path(@transaction), alert: t("transactions.attachments.delete_failed") }
|
|
format.turbo_stream { flash.now[:alert] = t("transactions.attachments.delete_failed") }
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def set_transaction
|
|
@transaction = Current.family.transactions
|
|
.joins(entry: :account)
|
|
.merge(Account.accessible_by(Current.user))
|
|
.find(params[:transaction_id])
|
|
end
|
|
|
|
def set_attachment
|
|
@attachment = @transaction.attachments.find(params[:id])
|
|
end
|
|
|
|
def set_permissions
|
|
permission = @transaction.entry.account.permission_for(Current.user)
|
|
@can_upload = permission.in?([ :owner, :full_control, :read_write ])
|
|
@can_delete = permission.in?([ :owner, :full_control ])
|
|
end
|
|
|
|
def attachment_params
|
|
if params.has_key?(:attachments)
|
|
Array(params.fetch(:attachments, [])).reject(&:blank?).map do |param|
|
|
param.respond_to?(:permit) ? param.permit(:file, :filename, :content_type, :description, :metadata) : param
|
|
end
|
|
elsif params.has_key?(:attachment)
|
|
param = params[:attachment]
|
|
return nil if param.blank?
|
|
param.respond_to?(:permit) ? param.permit(:file, :filename, :content_type, :description, :metadata) : param
|
|
end
|
|
end
|
|
end
|