Class: RailsIdentity::UsersController

Inherits:

ApplicationController

• Object
• Repia::BaseController
• ApplicationController
• RailsIdentity::UsersController

Defined in:

app/controllers/rails_identity/users_controller.rb

Overview

Users controller that performs CRUD on users.

Instance Method Summary

• #create ⇒ Object

  Creates a new user.

• #destroy ⇒ Object

  Deletes a user.

• #index ⇒ Object

  List all users (but only works for admin user).

• #show ⇒ Object

  Renders a user data.

• #update ⇒ Object

  Patches the user object.

Methods included from ApplicationHelper

#authorized?

Instance Method Details

#create ⇒ Object

Creates a new user. This action does not require any auth although it is optional.

# File 'app/controllers/rails_identity/users_controller.rb', line 31

def create
  logger.debug("Create new user")
  @user = User.new(user_params)
  if @user.save

    # Save succeeded. Render the response based on the created user.
    render json: @user,
           except: [:verification_token, :reset_token, :password_digest],
           status: 201

    # Then, issue the verification token and send the email for
    # verification.
    @user.issue_token(:verification_token)
    @user.save
    user_mailer.email_verification(@user).deliver_later
  else
    render_errors 400, @user.errors.full_messages
  end
end

#destroy ⇒ Object

Deletes a user.

# File 'app/controllers/rails_identity/users_controller.rb', line 97

def destroy
  if @user.destroy
    render body: '', status: 204
  else
    # :nocov:
    render_error 400, @user.errors.full_messages
    # :nocov:
  end
end

#index ⇒ Object

List all users (but only works for admin user).

# File 'app/controllers/rails_identity/users_controller.rb', line 22

def index
  @users = User.all
  render json: @users, except: [:password_digest]
end

#show ⇒ Object

Renders a user data.

# File 'app/controllers/rails_identity/users_controller.rb', line 54

def show
  render json: @user, except: [:password_digest]
end

#update ⇒ Object

Patches the user object. There are four notable operations:

• issue reset token

• issue verification token

• change password

• others

Issuing either reset token or verification token requires NO authentication. However, for that reason, the request does not get any meaningful response. Instead, an email is sent out for either request.

For changing password, there are two ways. One is to use old password and the other is to use reset token.

Otherwise, it’s a normal update operation.

# File 'app/controllers/rails_identity/users_controller.rb', line 75

def update
  if params[:issue_reset_token] || params[:issue_verification_token]
    # For issuing a reset token, one does not need an auth token. so do
    # not authorize the request. For consistency, we require the id to
    # be "current".
    raise Repia::Errors::Unauthorized unless params[:id] == "current"
    get_user_for_token()
    if params[:issue_reset_token]
      update_token(:reset_token)
    else
      update_token(:verification_token)
    end
  else
    get_user()
    allow_password_change? if params[:password]
    update_user(user_params)
  end
end