diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/account_controller.rb | 17 | ||||
-rw-r--r-- | app/controllers/api/users_controller.rb | 7 | ||||
-rw-r--r-- | app/controllers/users_controller.rb | 28 |
3 files changed, 29 insertions, 23 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb new file mode 100644 index 0000000..ee7cca4 --- /dev/null +++ b/app/controllers/account_controller.rb @@ -0,0 +1,17 @@ +class AccountController < ApplicationController + + before_filter :require_registration_allowed + before_filter :redirect_if_logged_in + + def new + @user = User.new + end + + protected + + def require_registration_allowed + unless APP_CONFIG[:allow_registration] + redirect_to home_path + end + end +end diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index e64d21f..c79a729 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -50,8 +50,7 @@ module Api end def destroy - destroy_identity = current_user.is_monitor? || params[:identities] == "destroy" - @user.account.destroy(destroy_identity) + @user.account.destroy(release_handles) if @user == current_user logout end @@ -60,6 +59,10 @@ module Api private + def release_handles + current_user.is_monitor? || params[:identities] == "destroy" + end + # tester auth can only create test users. def create_test_account if User::is_test?(params[:user][:login]) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 1404b0e..4d198b9 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -5,11 +5,9 @@ class UsersController < ApplicationController include ControllerExtension::FetchUser - before_filter :require_login, :except => [:new] - before_filter :redirect_if_logged_in, :only => [:new] + before_filter :require_login before_filter :require_admin, :only => [:index, :deactivate, :enable] - before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable] - before_filter :require_registration_allowed, only: :new + before_filter :fetch_user, :only => [:show, :edit, :destroy, :deactivate, :enable] respond_to :html @@ -27,25 +25,12 @@ class UsersController < ApplicationController @users = @users.limit(100) end - def new - @user = User.new - end - def show end def edit end - ## added so updating service level works, but not sure we will actually want this. also not sure that this is place to prevent user from updating own effective service level, but here as placeholder: - def update - @user.update_attributes(params[:user]) unless (!admin? and params[:user][:effective_service_level]) - if @user.valid? - flash[:notice] = I18n.t(:changes_saved) - end - respond_with @user, :location => edit_user_path(@user) - end - def deactivate @user.account.disable flash[:notice] = I18n.t("actions.user_disabled_message", username: @user.username) @@ -73,10 +58,11 @@ class UsersController < ApplicationController protected - def require_registration_allowed - unless APP_CONFIG[:allow_registration] - redirect_to home_path + def user_params + if admin? + params.require(:user).permit(:effective_service_level) + else + params.require(:user).permit(:password, :password_confirmation) end end - end |