Make read-only

Gemfile

@@ -55,7 +55,6 @@ group :deploy do
   gem 'capistrano-bundler', require: false
   gem 'capistrano-rails'
   gem 'capistrano-rvm', require: false
-  gem 'whenever'
   gem 'httparty'
 end
 

Gemfile.lock

@@ -412,8 +412,6 @@ GEM
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
-    whenever (1.0.0)
-      chronic (>= 0.6.3)
     wirble (0.1.3)
     xpath (3.2.0)
       nokogiri (~> 1.8)
@@ -485,7 +483,6 @@ DEPENDENCIES
   timecop
   uglifier
   uuidtools
-  whenever
   wirble
   zeitwerk (< 2.6.4)
 

app/assets/stylesheets/application.scss

@@ -8,7 +8,6 @@
  *= require predictions
  *= require footer
  *= require facebox
- *= require credence
 */
 
 /* General Page Structure

app/controllers/api/prediction_groups_controller.rb

@@ -5,20 +5,8 @@ class PredictionGroupsController < AuthorisedController
     MAXIMUM_PREDICTION_GROUPS_LIMIT = 1000
     DEFAULT_PREDICTION_GROUPS_LIMIT = 100
 
-    before_action :find_prediction_group, only: %i[show update]
+    before_action :find_prediction_group, only: %i[show]
     before_action :authorize_to_see_prediction_group, only: [:show]
-    before_action :authorize_to_update_prediction_group, only: [:update]
-
-    def create
-      prediction_group = UpdatedPredictionGroup.new(PredictionGroup.new,
-                                                    @user,
-                                                    prediction_group_params).prediction_group
-      if prediction_group.save
-        render json: prediction_group
-      else
-        render json: prediction_group.errors, status: :unprocessable_entity
-      end
-    end
 
     def index
       render json: build_prediction_groups
@@ -28,17 +16,6 @@ def show
       render json: find_prediction_group
     end
 
-    def update
-      prediction_group = UpdatedPredictionGroup.new(find_prediction_group,
-                                                    @user,
-                                                    prediction_group_params).prediction_group
-      if prediction_group.save
-        render json: prediction_group
-      else
-        render json: prediction_group.errors, status: :unprocessable_entity
-      end
-    end
-
     protected
 
     def find_prediction_group
@@ -55,13 +32,6 @@ def authorize_to_see_prediction_group
                                         @user.authorized_for?(prediction))
     end
 
-    def authorize_to_update_prediction_group
-      prediction_group = find_prediction_group
-      prediction = prediction_group.try(:predictions).try(:first)
-      return if prediction.nil?
-      raise UnauthorizedRequest unless @user.authorized_for?(prediction)
-    end
-
     def build_prediction_groups
       limit = params[:limit].to_i
       out_of_range = (1..MAXIMUM_PREDICTION_GROUPS_LIMIT).cover?(limit)
@@ -74,9 +44,5 @@ def build_prediction_groups
         .order(id: :desc)
         .limit(limit)
     end
-
-    def prediction_group_params
-      params.require(:prediction_group).permit!
-    end
   end
 end

app/controllers/api/predictions_controller.rb

@@ -6,18 +6,8 @@ class PredictionsController < AuthorisedController
     DEFAULT_PREDICTIONS_LIMIT = 100
 
     before_action :build_predictions, only: [:index]
-    before_action :build_new_prediction, only: [:create]
-    before_action :find_prediction, only: %i[show update]
+    before_action :find_prediction, only: %i[show]
     before_action :authorize_to_see_prediction, only: [:show]
-    before_action :authorize_to_update_prediction, only: [:update]
-
-    def create
-      if @prediction.save
-        render json: @prediction
-      else
-        render json: @prediction.errors, status: :unprocessable_entity
-      end
-    end
 
     def index
       render json: @predictions
@@ -27,31 +17,13 @@ def show
       render json: @prediction
     end
 
-    def update
-      if @prediction.update(prediction_params)
-        render json: @prediction
-      else
-        render json: @prediction.errors, status: :unprocessable_entity
-      end
-    end
-
     private
 
     def authorize_to_see_prediction
       raise UnauthorizedRequest unless @prediction.visible_to_everyone? ||
                                        @user.authorized_for?(@prediction)
     end
 
-    def authorize_to_update_prediction
-      raise UnauthorizedRequest unless @user.authorized_for?(@prediction)
-    end
-
-    def build_new_prediction
-      permitted_params = prediction_params
-      permitted_params[:visibility] ||= @user.try(:visibility_default)
-      @prediction = Prediction.new(permitted_params.merge(creator: @user))
-    end
-
     def build_predictions
       limit = params[:limit].to_i
       limit = DEFAULT_PREDICTIONS_LIMIT unless (1..MAXIMUM_PREDICTIONS_LIMIT).cover?(limit)
@@ -72,15 +44,5 @@ def build_predictions
     def find_prediction
       @prediction = Prediction.find(params[:id])
     end
-
-    def prediction_params
-      permitted_params = params.require(:prediction).permit!
-      # Handle previous version of the API that uses a private flag instead of visibility
-      if permitted_params[:private].present?
-        private_value = permitted_params.delete(:private)
-        permitted_params[:visibility] = 'visible_to_creator' if private_value
-      end
-      permitted_params
-    end
   end
 end

app/controllers/application_controller.rb

@@ -12,16 +12,11 @@ class UnauthorizedRequest < StandardError
 
   before_action :set_timezone, :clear_return_to, :login_via_token
   before_action :configure_permitted_parameters, if: :devise_controller?
-  before_action :force_change_password
 
   protect_from_forgery with: :exception, prepend: true
 
   protected
 
-  def handle_unauthorised_request
-    render json: unauthorized_user_message, status: :unauthorized
-  end
-
   def configure_permitted_parameters
     added_attrs = %i[login email password password_confirmation remember_me]
     devise_parameter_sanitizer.permit :sign_up, keys: added_attrs
@@ -30,21 +25,6 @@ def configure_permitted_parameters
 
   private
 
-  def force_change_password
-    return unless current_user.present? && request.format.html?
-
-    notice = 'PredictionBook has recently undergone a major upgrade. As part of the upgrade, our ' \
-             'authentication system has changed. We are currently transitioning users across to ' \
-             'use the new authentication system. You will need to change your password and ' \
-             'provide an email address if you have not already.'
-    force_pwd_change = !current_user.devise_password_specified?
-    redirecting = request.path == edit_user_registration_path
-    updating_password = request.path == '/users' && params['_method'] == 'put'
-    logging_out = request.path == destroy_user_session_path
-    redirect_to(edit_user_registration_path, notice: notice) if force_pwd_change && !redirecting &&
-                                                                !updating_password && !logging_out
-  end
-
   def set_timezone
     user_timezone = current_user.try(:timezone)
     Time.zone = user_timezone.presence || 'UTC'
@@ -62,11 +42,4 @@ def login_via_token
       redirect_to # get rid of token in url so if it is copied and pasted it's not propagated
     end
   end
-
-  def unauthorized_user_message
-    {
-      error: 'user is unauthorized to view/edit this private prediction',
-      status: :unauthorized
-    }
-  end
 end