summaryrefslogtreecommitdiff
path: root/users/app/controllers/users_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'users/app/controllers/users_controller.rb')
-rw-r--r--users/app/controllers/users_controller.rb42
1 files changed, 36 insertions, 6 deletions
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb
index 82d2eac..cffc8c6 100644
--- a/users/app/controllers/users_controller.rb
+++ b/users/app/controllers/users_controller.rb
@@ -1,18 +1,48 @@
class UsersController < ApplicationController
- skip_before_filter :verify_authenticity_token
+ skip_before_filter :verify_authenticity_token, :only => [:create]
+
+ before_filter :fetch_user, :only => [:edit, :update, :destroy]
+ before_filter :authorize_admin, :only => [:index]
respond_to :json, :html
+ def index
+ if params[:query]
+ @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ)
+ else
+ @users = User.by_created_at.descending
+ end
+ @users = @users.limit(10)
+ respond_with @users.map(&:login).sort
+ end
+
def new
@user = User.new
end
def create
- @user = User.create!(params[:user])
- respond_with(@user, :location => root_url, :notice => "Signed up!")
- rescue VALIDATION_FAILED => e
- @user = e.document
- respond_with(@user, :location => new_user_path)
+ @user = User.create(params[:user])
+ respond_with @user
+ end
+
+ def edit
+ end
+
+ def update
+ @user.update_attributes(params[:user])
+ respond_with @user
+ end
+
+ def destroy
+ @user.destroy
+ redirect_to admin? ? users_path : login_path
+ end
+
+ protected
+
+ def fetch_user
+ @user = User.find_by_param(params[:id])
+ access_denied unless admin? or (@user == current_user)
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-29 11:21:22 +0000