summaryrefslogtreecommitdiff
path: root/users/app/controllers
diff options
context:
space:
mode:
authorjessib <jessib@leap.se>2013-07-09 11:53:58 -0700
committerjessib <jessib@leap.se>2013-07-09 11:53:58 -0700
commit09b7f01cac6df1ae11f4129b20b781b78a3706ac (patch)
tree3921eaa5edd03d80e6b402c5c2f88dda6338ab3a /users/app/controllers
parent9979b50848ce27730f880159512933e50d5ae0e4 (diff)
parent3113f8b814417a896ad5340fda88927733f8ab22 (diff)
Merge branch 'master' into feature/authentication_generic_error
Conflicts: app/views/layouts/_messages.html.haml app/views/layouts/application.html.haml users/app/assets/javascripts/users.js.coffee
Diffstat (limited to 'users/app/controllers')
-rw-r--r--users/app/controllers/account_settings_controller.rb0
-rw-r--r--users/app/controllers/controller_extension/authentication.rb15
-rw-r--r--users/app/controllers/email_aliases_controller.rb18
-rw-r--r--users/app/controllers/email_settings_controller.rb41
-rw-r--r--users/app/controllers/overviews_controller.rb9
-rw-r--r--users/app/controllers/sessions_controller.rb11
-rw-r--r--users/app/controllers/users_base_controller.rb18
-rw-r--r--users/app/controllers/users_controller.rb64
-rw-r--r--users/app/controllers/v1/users_controller.rb20
9 files changed, 128 insertions, 68 deletions
diff --git a/users/app/controllers/account_settings_controller.rb b/users/app/controllers/account_settings_controller.rb
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/users/app/controllers/account_settings_controller.rb
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index 0dca29c..6daffdb 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -39,9 +39,18 @@ module ControllerExtension::Authentication
end
def access_denied
- # TODO: should we redirect to the root_url in either case, and have the root_url include the login screen (and also ability to create unauthenticated tickets) when no user is logged in?
- redirect_to login_url, :alert => "Not authorized" if !logged_in?
- redirect_to root_url, :alert => "Not authorized" if logged_in?
+ respond_to do |format|
+ format.html do
+ if logged_in?
+ redirect_to root_url, :alert => t(:not_authorized)
+ else
+ redirect_to login_url, :alert => t(:not_authorized_login)
+ end
+ end
+ format.json do
+ render :json => {'error' => t(:not_authorized)}, status: :unprocessable_entity
+ end
+ end
end
def admin?
diff --git a/users/app/controllers/email_aliases_controller.rb b/users/app/controllers/email_aliases_controller.rb
index 3b0d5ac..4628a7f 100644
--- a/users/app/controllers/email_aliases_controller.rb
+++ b/users/app/controllers/email_aliases_controller.rb
@@ -1,20 +1,12 @@
-class EmailAliasesController < ApplicationController
-
+class EmailAliasesController < UsersBaseController
before_filter :fetch_user
- respond_to :html
-
def destroy
@alias = @user.email_aliases.delete(params[:id])
- @user.save
- flash[:notice] = t(:email_alias_destroyed_successfully, :alias => @alias)
- redirect_to edit_user_path(@user, :anchor => :email)
+ if @user.save
+ flash[:notice] = t(:email_alias_destroyed_successfully, :alias => bold(@alias))
+ end
+ redirect_to edit_user_email_settings_path(@user)
end
- protected
-
- def fetch_user
- @user = User.find_by_param(params[:user_id])
- access_denied unless admin? or (@user == current_user)
- end
end
diff --git a/users/app/controllers/email_settings_controller.rb b/users/app/controllers/email_settings_controller.rb
new file mode 100644
index 0000000..f7d85be
--- /dev/null
+++ b/users/app/controllers/email_settings_controller.rb
@@ -0,0 +1,41 @@
+class EmailSettingsController < UsersBaseController
+
+ before_filter :authorize
+ before_filter :fetch_user
+
+ def edit
+ @email_alias = LocalEmail.new
+ end
+
+ def update
+ @user.attributes = cleanup_params(params[:user])
+ if @user.changed?
+ if @user.save
+ flash[:notice] = t(:changes_saved)
+ redirect
+ else
+ if @user.email_aliases.last && !@user.email_aliases.last.valid?
+ # display bad alias in text field:
+ @email_alias = @user.email_aliases.pop
+ end
+ render 'email_settings/edit'
+ end
+ else
+ redirect
+ end
+ end
+
+ private
+
+ def redirect
+ redirect_to edit_user_email_settings_url(@user)
+ end
+
+ def cleanup_params(user)
+ if !user['email_forward'].nil? && user['email_forward'].empty?
+ user.delete('email_forward') # don't allow "" as an email forward
+ end
+ user
+ end
+
+end
diff --git a/users/app/controllers/overviews_controller.rb b/users/app/controllers/overviews_controller.rb
new file mode 100644
index 0000000..52ce267
--- /dev/null
+++ b/users/app/controllers/overviews_controller.rb
@@ -0,0 +1,9 @@
+class OverviewsController < UsersBaseController
+
+ before_filter :authorize
+ before_filter :fetch_user
+
+ def show
+ end
+
+end
diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb
index 01ecff6..d6c455b 100644
--- a/users/app/controllers/sessions_controller.rb
+++ b/users/app/controllers/sessions_controller.rb
@@ -22,4 +22,15 @@ class SessionsController < ApplicationController
logout
redirect_to root_path
end
+
+ #
+ # this is a bad hack, but user_overview_url(user) is not available
+ # also, this doesn't work because the redirect happens as a PUT. no idea why.
+ #
+ #Warden::Manager.after_authentication do |user, auth, opts|
+ # response = Rack::Response.new
+ # response.redirect "/users/#{user.id}/overview"
+ # throw :warden, response.finish
+ #end
+
end
diff --git a/users/app/controllers/users_base_controller.rb b/users/app/controllers/users_base_controller.rb
new file mode 100644
index 0000000..dc2fa16
--- /dev/null
+++ b/users/app/controllers/users_base_controller.rb
@@ -0,0 +1,18 @@
+#
+# common base class for all user related controllers
+#
+
+class UsersBaseController < ApplicationController
+
+ protected
+
+ def fetch_user
+ @user = User.find_by_param(params[:user_id] || params[:id])
+ if !@user && admin?
+ redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user')
+ elsif !admin? && @user != current_user
+ access_denied
+ end
+ end
+
+end
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb
index dff1ed5..4ce970b 100644
--- a/users/app/controllers/users_controller.rb
+++ b/users/app/controllers/users_controller.rb
@@ -1,74 +1,42 @@
-class UsersController < ApplicationController
+#
+# This is an HTML-only controller. For the JSON-only controller, see v1/users_controller.rb
+#
- before_filter :authorize, :only => [:show, :edit, :destroy, :update]
+class UsersController < UsersBaseController
+
+ before_filter :authorize, :only => [:show, :edit, :update, :destroy]
before_filter :fetch_user, :only => [:show, :edit, :update, :destroy]
- before_filter :authorize_self, :only => [:update]
- before_filter :set_anchor, :only => [:edit, :update]
before_filter :authorize_admin, :only => [:index]
- respond_to :json, :html
+ respond_to :html
def index
if params[:query]
- @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ)
+ if @user = User.find_by_login(params[:query])
+ redirect_to user_overview_url(@user)
+ return
+ else
+ @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ)
+ end
else
@users = User.by_created_at.descending
end
- @users = @users.limit(10)
- respond_with @users.map(&:login).sort
+ @users = @users.limit(100)
end
def new
@user = User.new
end
- def create
- @user = User.create(params[:user])
- respond_with @user
+ def show
end
def edit
- @email_alias = LocalEmail.new
- end
-
- def update
- @user.attributes = params[:user]
- if @user.changed? and @user.save
- flash[:notice] = t(:user_updated_successfully)
- elsif @user.email_aliases.last and !@user.email_aliases.last.valid?
- @email_alias = @user.email_aliases.pop
- end
- respond_with @user, :location => edit_user_path(@user, :anchor => @anchor)
end
def destroy
@user.destroy
- redirect_to admin? ? users_path : login_path
+ redirect_to admin? ? users_url : root_url
end
- protected
-
- def fetch_user
- # authorize filter has been checked first, so won't get here unless authenticated
- @user = User.find_by_param(params[:id])
- if !@user and admin?
- redirect_to users_path, :alert => t(:no_such_thing, :thing => 'user')
- return
- end
- access_denied unless admin? or (@user == current_user)
- end
-
- def authorize_self
- # have already checked that authorized
- access_denied unless (@user == current_user)
- end
-
- def set_anchor
- @anchor = email_settings? ? :email : :account
- end
-
- def email_settings?
- params[:user] &&
- params[:user].keys.detect{|key| key.index('email')}
- end
end
diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb
index 617bd4b..fda56f2 100644
--- a/users/app/controllers/v1/users_controller.rb
+++ b/users/app/controllers/v1/users_controller.rb
@@ -1,20 +1,32 @@
module V1
- class UsersController < ApplicationController
+ class UsersController < UsersBaseController
skip_before_filter :verify_authenticity_token
+ before_filter :fetch_user, :only => [:update]
before_filter :authorize, :only => [:update]
+ before_filter :authorize_admin, :only => [:index]
respond_to :json
+ def index
+ if params[:query]
+ @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ)
+ respond_with @users.map(&:login).sort
+ else
+ render :json => {'error' => 'query required', 'status' => :unprocessable_entity}
+ end
+ end
+
def create
@user = User.create(params[:user])
respond_with @user # return ID instead?
end
def update
- # For now, only allow public key to be updated via the API. Eventually we might want to store in a config what attributes can be updated via the API.
- @user = User.find_by_param(params[:id])
- @user.update_attributes params[:user].slice(:public_key) if params[:user].respond_to?(:slice)
+ @user.update_attributes params[:user]
+ if @user.valid?
+ flash[:notice] = t(:user_updated_successfully)
+ end
respond_with @user
end