mirror of
https://github.com/openfoodfoundation/openfoodnetwork
synced 2026-01-25 20:46:48 +00:00
60 lines
1.7 KiB
Ruby
60 lines
1.7 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module Spree
|
|
module Admin
|
|
class SearchController < Spree::Admin::BaseController
|
|
# http://spreecommerce.com/blog/2010/11/02/json-hijacking-vulnerability/
|
|
before_action :check_json_authenticity, only: :index
|
|
respond_to :json
|
|
|
|
def known_users
|
|
@users = if exact_match = Spree::User.find_by(email: search_params[:q])
|
|
[exact_match]
|
|
else
|
|
spree_current_user.known_users.ransack(ransack_hash).result.limit(10)
|
|
end
|
|
|
|
render json: @users, each_serializer: ::Api::Admin::UserSerializer
|
|
end
|
|
|
|
def customers
|
|
render json: load_customers, each_serializer: ::Api::Admin::CustomerSerializer
|
|
end
|
|
|
|
private
|
|
|
|
def load_customers
|
|
return [] unless valid_enterprise_given?
|
|
|
|
Customer.ransack(
|
|
m: 'or', email_start: search_params[:q],
|
|
first_name_start: search_params[:q], last_name_start: search_params[:q]
|
|
).result.where(enterprise_id: search_params[:distributor_id].to_i)
|
|
end
|
|
|
|
def valid_enterprise_given?
|
|
return true if spree_current_user.admin?
|
|
|
|
spree_current_user.enterprises.where(
|
|
id: search_params[:distributor_id].to_i
|
|
).present?
|
|
end
|
|
|
|
def ransack_hash
|
|
{
|
|
m: 'or',
|
|
email_start: search_params[:q],
|
|
ship_address_firstname_start: search_params[:q],
|
|
ship_address_lastname_start: search_params[:q],
|
|
bill_address_firstname_start: search_params[:q],
|
|
bill_address_lastname_start: search_params[:q]
|
|
}
|
|
end
|
|
|
|
def search_params
|
|
params.permit(:q, :distributor_id).to_h.with_indifferent_access
|
|
end
|
|
end
|
|
end
|
|
end
|