mirror of
https://github.com/we-promise/sure.git
synced 2026-04-12 16:47:22 +00:00
560c9fbff3
* Initial account sharing changes * Update schema.rb * Update schema.rb * Change sharing UI to modal * UX fixes and sharing controls * Scope include in finances better * Update totals.rb * Update totals.rb * Scope reports to finance account scope * Update impersonation_sessions_controller_test.rb * Review fixes * Update schema.rb * Update show.html.erb * FIX db validation * Refine edit permissions * Review items * Review * Review * Add application level helper * Critical review * Address remaining review items * Fix modals * more scoping * linter * small UI fix * Fix: Sync broadcasts push unscoped balance sheet to all users * Update sync_complete_event.rb The fix removes the sidebar broadcasts (which rendered unscoped account groups using family.balance_sheet without user context) along with the now-unused sidebar_targets, account_group, and family_balance_sheet private methods. The sidebar will still update correctly — when the sync completes, Family::SyncCompleteEvent#broadcast fires family.broadcast_refresh, which triggers a morph-based page refresh for each user with their own authenticated session, rendering properly scoped sidebar content.
31 lines
1.2 KiB
Ruby
31 lines
1.2 KiB
Ruby
class Transactions::BulkDeletionsController < ApplicationController
|
|
def create
|
|
# Exclude split children from bulk delete - they must be deleted via unsplit on parent
|
|
# Only allow deletion from accounts where user has owner or full_control permission
|
|
writable_account_ids = writable_accounts.pluck(:id)
|
|
entries_scope = Current.family.entries
|
|
.where(account_id: writable_account_ids)
|
|
.where(parent_entry_id: nil)
|
|
destroyed = entries_scope.destroy_by(id: bulk_delete_params[:entry_ids])
|
|
destroyed.map(&:account).uniq.each(&:sync_later)
|
|
redirect_back_or_to transactions_url, notice: "#{destroyed.count} transaction#{destroyed.count == 1 ? "" : "s"} deleted"
|
|
end
|
|
|
|
private
|
|
def bulk_delete_params
|
|
params.require(:bulk_delete).permit(entry_ids: [])
|
|
end
|
|
|
|
# Accounts where the user can delete entries (owner or full_control)
|
|
def writable_accounts
|
|
Current.family.accounts
|
|
.left_joins(:account_shares)
|
|
.where(
|
|
"accounts.owner_id = :uid OR (account_shares.user_id = :uid AND account_shares.permission = :perm)",
|
|
uid: Current.user.id,
|
|
perm: "full_control"
|
|
)
|
|
.distinct
|
|
end
|
|
end
|