diff options
Diffstat (limited to 'users/app/controllers/users_controller.rb')
-rw-r--r-- | users/app/controllers/users_controller.rb | 68 |
1 files changed, 28 insertions, 40 deletions
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index dff1ed5..09622b3 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -1,12 +1,15 @@ -class UsersController < ApplicationController +# +# This is an HTML-only controller. For the JSON-only controller, see v1/users_controller.rb +# - before_filter :authorize, :only => [:show, :edit, :destroy, :update] +class UsersController < UsersBaseController + + before_filter :authorize, :only => [:show, :edit, :update, :destroy] before_filter :fetch_user, :only => [:show, :edit, :update, :destroy] - before_filter :authorize_self, :only => [:update] - before_filter :set_anchor, :only => [:edit, :update] + #before_filter :authorize_self, :only => [:update] before_filter :authorize_admin, :only => [:index] - respond_to :json, :html + respond_to :json def index if params[:query] @@ -14,8 +17,8 @@ class UsersController < ApplicationController else @users = User.by_created_at.descending end - @users = @users.limit(10) - respond_with @users.map(&:login).sort + @users = @users.limit(APP_CONFIG[:pagination_size]) + #respond_with @users.map(&:login).sort end def new @@ -27,48 +30,33 @@ class UsersController < ApplicationController respond_with @user end - def edit - @email_alias = LocalEmail.new + def show end - def update - @user.attributes = params[:user] - if @user.changed? and @user.save - flash[:notice] = t(:user_updated_successfully) - elsif @user.email_aliases.last and !@user.email_aliases.last.valid? - @email_alias = @user.email_aliases.pop - end - respond_with @user, :location => edit_user_path(@user, :anchor => @anchor) + def edit end + # + # The API user update is used instead. Maybe someday we will have something for which this makes sense. + # + #def update + # @user.update_attributes(params[:user]) + # respond_with @user + #end + def destroy @user.destroy - redirect_to admin? ? users_path : login_path - end - - protected - - def fetch_user - # authorize filter has been checked first, so won't get here unless authenticated - @user = User.find_by_param(params[:id]) - if !@user and admin? - redirect_to users_path, :alert => t(:no_such_thing, :thing => 'user') - return + respond_to do |format| + format.html { redirect_to(admin? ? users_path : root_path) } + format.json { head :no_content } end - access_denied unless admin? or (@user == current_user) end - def authorize_self - # have already checked that authorized - access_denied unless (@user == current_user) - end + protected - def set_anchor - @anchor = email_settings? ? :email : :account - end + #def authorize_self + # # have already checked that authorized + # access_denied unless (@user == current_user) + #end - def email_settings? - params[:user] && - params[:user].keys.detect{|key| key.index('email')} - end end |