From 33c124aa67788d5c64906f7b3e21ad383577b2a8 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 22 Nov 2012 17:31:18 +0100 Subject: basic user edit form and actions --- users/app/controllers/users_controller.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'users/app/controllers/users_controller.rb') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 82d2eac..46ecc32 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -15,4 +15,14 @@ class UsersController < ApplicationController @user = e.document respond_with(@user, :location => new_user_path) end + + def edit + @user = current_user + end + + def update + @user = current_user + @user.update!(params[:user]) + respond_with(@user, :location => edit_user_path(@user)) + end end -- cgit v1.2.3 From 3ce5a25afef3b938c2bbbe8ce481f2af9e0c24dc Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 23 Nov 2012 10:24:46 +0100 Subject: test editing user settings --- users/app/controllers/users_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers/users_controller.rb') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 46ecc32..ecab53b 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -22,7 +22,7 @@ class UsersController < ApplicationController def update @user = current_user - @user.update!(params[:user]) + @user.update(params[:user]) respond_with(@user, :location => edit_user_path(@user)) end end -- cgit v1.2.3 From ee3c9146e4bbe93ec1f00ee45386a82ec4363c4d Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 23 Nov 2012 12:11:11 +0100 Subject: identify user by id so rerendering the form does not use new invalid login --- users/app/controllers/users_controller.rb | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'users/app/controllers/users_controller.rb') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index ecab53b..3913d0d 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -1,6 +1,8 @@ class UsersController < ApplicationController - skip_before_filter :verify_authenticity_token + skip_before_filter :verify_authenticity_token, :only => [:create] + + before_filter :fetch_user, :only => [:edit, :update] respond_to :json, :html @@ -17,12 +19,17 @@ class UsersController < ApplicationController end def edit - @user = current_user end def update - @user = current_user - @user.update(params[:user]) + @user.update_attributes(params[:user]) respond_with(@user, :location => edit_user_path(@user)) end + + protected + + def fetch_user + @user = User.find_by_param(params[:id]) + access_denied unless @user == current_user + end end -- cgit v1.2.3 From 595518684b9c4364f96c97a84cc481b5ae0da981 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Nov 2012 11:54:11 +0100 Subject: simplified controller and adjusted tests Also added #assert_json_error to tests. --- users/app/controllers/users_controller.rb | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'users/app/controllers/users_controller.rb') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 3913d0d..5be1fa9 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -11,11 +11,8 @@ class UsersController < ApplicationController end def create - @user = User.create!(params[:user]) - respond_with(@user, :location => root_url, :notice => "Signed up!") - rescue VALIDATION_FAILED => e - @user = e.document - respond_with(@user, :location => new_user_path) + @user = User.create(params[:user]) + respond_with @user end def edit @@ -23,7 +20,7 @@ class UsersController < ApplicationController def update @user.update_attributes(params[:user]) - respond_with(@user, :location => edit_user_path(@user)) + respond_with @user end protected -- cgit v1.2.3 From bf74255d1530fe5852dc6e6c27ef975ce9aa8d3c Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Nov 2012 14:32:50 +0100 Subject: added admin menu and user index action --- users/app/controllers/users_controller.rb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'users/app/controllers/users_controller.rb') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 5be1fa9..4912ac8 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -3,9 +3,14 @@ class UsersController < ApplicationController skip_before_filter :verify_authenticity_token, :only => [:create] before_filter :fetch_user, :only => [:edit, :update] + before_filter :authorize_admin, :only => [:index] respond_to :json, :html + def index + @users = User.all + end + def new @user = User.new end -- cgit v1.2.3 From 51ba799f98113b7112f2968fc80e4d291924b3bf Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Nov 2012 16:34:46 +0100 Subject: basic users index with typeahead search --- users/app/controllers/users_controller.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'users/app/controllers/users_controller.rb') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 4912ac8..09199f0 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -8,7 +8,13 @@ class UsersController < ApplicationController respond_to :json, :html def index - @users = User.all + if params[:query] + @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ) + else + @users = User.by_created_at.descending + end + @users = @users.limit(5) + respond_with @users.map(&:login).sort end def new -- cgit v1.2.3 From a941c89293bcbb067c6152b63765ead38a484b81 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Nov 2012 18:06:21 +0100 Subject: basic typeahead and user querying working --- users/app/controllers/users_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers/users_controller.rb') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 09199f0..925b584 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -13,7 +13,7 @@ class UsersController < ApplicationController else @users = User.by_created_at.descending end - @users = @users.limit(5) + @users = @users.limit(10) respond_with @users.map(&:login).sort end -- cgit v1.2.3 From 277b9f98bfbe2ef0217dfd17c8d9d6597369b903 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 28 Nov 2012 15:13:47 +0100 Subject: admins can destroy users I changed the permissions a little to be more consistent. Now: * admins can edit users * users can destroy themselves. There's no ui for either of them but theoretically they could. Not sure this is what we want though. --- users/app/controllers/users_controller.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'users/app/controllers/users_controller.rb') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 925b584..3407191 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -2,7 +2,7 @@ class UsersController < ApplicationController skip_before_filter :verify_authenticity_token, :only => [:create] - before_filter :fetch_user, :only => [:edit, :update] + before_filter :fetch_user, :only => [:edit, :update, :destroy] before_filter :authorize_admin, :only => [:index] respond_to :json, :html @@ -34,10 +34,15 @@ class UsersController < ApplicationController respond_with @user end + def destroy + @user.destroy + redirect_to users_path + end + protected def fetch_user @user = User.find_by_param(params[:id]) - access_denied unless @user == current_user + access_denied unless admin? or (@user == current_user) end end -- cgit v1.2.3 From 2a928455f9dcefa465b80b79768ba1d1a423e6e9 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 3 Dec 2012 10:52:01 +0100 Subject: enable users to cancel their account --- users/app/controllers/users_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers/users_controller.rb') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 3407191..cffc8c6 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -36,7 +36,7 @@ class UsersController < ApplicationController def destroy @user.destroy - redirect_to users_path + redirect_to admin? ? users_path : login_path end protected -- cgit v1.2.3