Class: UsersController

Inherits:
ApplicationController show all
Defined in:
app/controllers/users_controller.rb

Instance Method Summary collapse

Methods inherited from ApplicationController

#admin_login_required, #all_done_todos_for, #boolean_param, cas_enabled?, #cas_enabled?, #count_deferred_todos, #count_undone_todos, #count_undone_todos_phrase, #done_todos_for, #enable_mobile_content_negotiation, #for_autocomplete, #format_date, #format_dependencies_as_json_for_auto_complete, #handle_unverified_request, #init_data_for_sidebar, #init_not_done_counts, #init_project_hidden_todo_counts, #mobile?, #notify, openid_enabled?, #openid_enabled?, #parse_date_per_user_prefs, prefered_auth?, #prefered_auth?, #redirect_back_or_home, #render_failure, #sanitize, #set_charset, #set_group_view_by, #set_locale, #set_session_expiration, #set_time_zone, #set_zindex_counter, #todo_xml_params

Methods included from LoginSystem

#access_denied, #authorize?, #basic_auth_denied, #current_user, #get_basic_auth_data, #get_current_user, #logged_in?, #login_from_cookie, #login_optional, #login_or_feed_token_required, #login_required, #logout_user, #prefs, #protect?, #redirect_back_or_default, #redirect_to_login, #set_current_user, #store_location

Instance Method Details

#change_auth_typeObject



158
159
160
# File 'app/controllers/users_controller.rb', line 158

def change_auth_type
  @page_title = t('users.change_auth_type_title')
end

#change_passwordObject



144
145
146
# File 'app/controllers/users_controller.rb', line 144

def change_password
  @page_title = t('users.change_password_title')
end

#check_create_user_paramsObject (private)



196
197
198
199
200
201
202
203
# File 'app/controllers/users_controller.rb', line 196

def check_create_user_params
  return false unless params.has_key?(:user)
  return false unless params[:user].has_key?(:login)
  return false if params[:user][:login].empty?
  return false unless params[:user].has_key?(:password)
  return false if params[:user][:password].empty?
  return true
end

#createObject

Example usage: curl -H ‘Accept: application/xml’ -H ‘Content-Type: application/xml’ -u admin:up2n0g00d -d ‘usernameabc123’ http://our.tracks.host/users

POST /users POST /users.xml



66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# File 'app/controllers/users_controller.rb', line 66

def create
  if params['exception']
    render_failure "Expected post format is valid xml like so: <user><login>username</login><password>abc123</password></user>."
    return
  end

  respond_to do |format|
    format.html do
      unless User.no_users_yet? || (@user && @user.is_admin?) || SITE_CONFIG['open_signups']
        @page_title = t('users.no_signups_title')
        @admin_email = SITE_CONFIG['admin_email']
        render :action => "nosignup", :layout => "login"
        return
      end

      user = User.new(user_params)

      unless user.valid?
        session['new_user'] = user
        redirect_to 
        return
      end

       = true if (@user && @user.is_admin?)
      first_user_signing_up = User.no_users_yet?
      user.is_admin = true if first_user_signing_up
      if user.save
        @user = User.authenticate(user., params['user']['password'])
        @user.create_preference({:locale => I18n.locale})
        @user.save
        session['user_id'] = @user.id unless 
        notify :notice, t('users.signup_successful', :username => @user.)
        redirect_back_or_home
      end
      return
    end
    format.xml do
      unless current_user && current_user.is_admin
        render :text => "401 Unauthorized: Only admin users are allowed access to this function.", :status => 401
        return
      end
      unless check_create_user_params
        render_failure "Expected post format is valid xml like so: <user><login>username</login><password>abc123</password></user>.", 400
        return
      end
      user = User.new(user_params)
      user.password_confirmation = user_params[:password]
      saved = user.save
      unless user.new_record?
        render :text => t('users.user_created'), :status => 200
      else
        render_failure user.errors.to_xml, 409
      end
      return
    end
  end
end

#destroyObject

DELETE /users/id DELETE /users/id.xml



125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# File 'app/controllers/users_controller.rb', line 125

def destroy
  @deleted_user = User.find(params[:id])
  @saved = @deleted_user.destroy
  @total_users = User.count

  respond_to do |format|
    format.html do
      if @saved
        notify :notice, t('users.successfully_deleted_user', :username => @deleted_user.)
      else
        notify :error, t('users.failed_to_delete_user', :username => @deleted_user.)
      end
      redirect_to users_url
    end
    format.js
    format.xml { head :ok }
  end
end

#get_new_userObject (private)



186
187
188
189
190
191
192
193
194
# File 'app/controllers/users_controller.rb', line 186

def get_new_user
  if session['new_user']
    user = session['new_user']
    session['new_user'] = nil
  else
    user = User.new
  end
  user
end

#indexObject

GET /users GET /users.xml



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# File 'app/controllers/users_controller.rb', line 10

def index
  respond_to do |format|
    format.html do
      @page_title = "TRACKS::Manage Users"
      @users = User.order('login ASC').paginate :page => params[:page]
      @total_users = User.count
      # When we call users/signup from the admin page we store the URL so that
      # we get returned here when signup is successful
      store_location
    end
    format.xml do
      @users  = User.order('login')
      render :xml => @users.to_xml(:except => [ :password ])
    end
  end
end

#newObject

GET /users/new



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# File 'app/controllers/users_controller.rb', line 34

def new
  @auth_types = []
  unless session[:cas_user]
    Tracks::Config.auth_schemes.each {|auth| @auth_types << [auth,auth]}
  else
    @auth_types << ['cas','cas']
  end

  if User.no_users_yet?
    @page_title = t('users.first_user_title')
    @heading = t('users.first_user_heading')
    @user = get_new_user
  elsif (@user && @user.is_admin?) || SITE_CONFIG['open_signups']
    @page_title = t('users.new_user_title')
    @heading = t('users.new_user_heading')
    @user = get_new_user
  else # all other situations (i.e. a non-admin is logged in, or no one is logged in, but we have some users)
    @page_title = t('users.no_signups_title')
    @admin_email = SITE_CONFIG['admin_email']
    render :action => "nosignup", :layout => "login"
    return
  end
  render :layout => "login"
end

#refresh_tokenObject



173
174
175
176
177
178
# File 'app/controllers/users_controller.rb', line 173

def refresh_token
  current_user.generate_token
  current_user.save!
  notify :notice, t('users.new_token_generated')
  redirect_to preferences_path
end

#showObject

GET /users/id GET /users/id.xml



28
29
30
31
# File 'app/controllers/users_controller.rb', line 28

def show
  @user = User.find(params[:id])
  render :xml => @user.to_xml(:except => [ :password ])
end

#update_auth_typeObject



162
163
164
165
166
167
168
169
170
171
# File 'app/controllers/users_controller.rb', line 162

def update_auth_type
  current_user.auth_type = user_params[:auth_type]
  if current_user.save
    notify :notice, t('users.auth_type_updated')
    redirect_to preferences_path
  else
    notify :warning, t('users.auth_type_update_error', :error_messages => current_user.errors.full_messages.join(', '))
    redirect_to change_auth_type_user_path(current_user)
  end
end

#update_passwordObject



148
149
150
151
152
153
154
155
156
# File 'app/controllers/users_controller.rb', line 148

def update_password
  # is used for focing password change after sha->bcrypt upgrade
  current_user.change_password(user_params[:password], user_params[:password_confirmation])
  notify :notice, t('users.password_updated')
  redirect_to preferences_path
rescue Exception => error
  notify :error, error.message
  redirect_to change_password_user_path(current_user)
end

#user_paramsObject (private)



182
183
184
# File 'app/controllers/users_controller.rb', line 182

def user_params
  params.require(:user).permit(:login, :first_name, :last_name, :password_confirmation, :password, :auth_type, :open_id_url)
end