Sha256: 5c35dfc4ebe9e0cb4f9da9f212461c0d563ed1bb8cf533efd0afc75042c41474
Contents?: true
Size: 1.1 KB
Versions: 26
Compression:
Stored size: 1.1 KB
Contents
class WcmsComponents::PeopleController < ApplicationController
skip_after_action :verify_authorized
skip_after_action :verify_policy_scoped
def index
if can_search_people?
if params[:q].present?
@people = permitted_people.custom_search(params[:q]).asc(:first_name, :last_name).limit(10)
else
# If no query string is present, return all faculty for pre-cached data.
@people = []
end
render json: @people.map{|p| {id: p.id.to_s, name: p.name, email: p.biola_email, affiliations: p.affiliations.to_a.join(', '), image: p.profile_photo_url} }.to_json
else
user_not_authorized
end
end
private
def permitted_people
# Return all people who are either employees, faculty, or not private.
Person.where({'$or' => [{affiliations: 'employee'}, {affiliations: 'faculty'}, {privacy: { '$ne' => true }}] })
end
def can_search_people?
# For security reasons, this should only be available to employees and student workers
current_user.admin? || current_user.has_role?(:employee) || current_user.has_role?(:student_worker)
end
end
Version data entries
26 entries across 26 versions & 1 rubygems