From dd88c7f84cb3c497c6327c364b3c08993c51a08f Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 28 Oct 2013 12:47:46 +0100 Subject: notify user their account was successfully deleted (refs #4216) Also fixes a cornercase when admins deleted their own account. So far they would be redirected to the users list - which then refused access. Now they'll be redirected to the home landing page as well. --- users/app/controllers/users_controller.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index f66277d..de21983 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -48,7 +48,15 @@ class UsersController < UsersBaseController def destroy @user.destroy - redirect_to admin? ? users_url : root_url + flash[:notice] = I18n.t(:account_destroyed) + # admins can destroy other users + if @user != current_user + redirect_to users_url + else + # let's remove the invalid session + logout + redirect_to root_url + end end end -- cgit v1.2.3 From ded302ebc6a9e145775f7847c5e89f91d683c777 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 6 Nov 2013 11:55:43 +0100 Subject: use the account lifecycle from UsersController#destroy --- users/app/controllers/users_controller.rb | 2 +- users/app/controllers/v1/users_controller.rb | 8 +------- 2 files changed, 2 insertions(+), 8 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index de21983..3cbb6dc 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -47,7 +47,7 @@ class UsersController < UsersBaseController end def destroy - @user.destroy + @user.account.destroy flash[:notice] = I18n.t(:account_destroyed) # admins can destroy other users if @user != current_user diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index 03a5a62..0903888 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -24,15 +24,9 @@ module V1 end def update - account.update params[:user] + @user.account.update params[:user] respond_with @user end - protected - - def account - @user.account - end - end end -- cgit v1.2.3 From 8e9b65b01bbd9d44d4077d94f2dc4ac375cf8e85 Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 18 Nov 2013 15:44:54 -0800 Subject: Start of service level code, which will be tweaked * stores desired & effective service level * whenever desired level is changed, effective level will be updated * allows user to set their desired service level * allow admin to update desired & effective service level --- users/app/controllers/users_controller.rb | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'users/app/controllers') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 3cbb6dc..8b4715c 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -34,6 +34,12 @@ class UsersController < UsersBaseController def edit end + ## added so updating service level works, but not sure we will actually want this. also not sure that this is place to prevent user from updating own effective service level, but here as placeholder: + def update + @user.update_attributes(params[:user]) unless (!admin? and params[:user][:effective_service_level]) + respond_with @user + end + def deactivate @user.enabled = false @user.save -- cgit v1.2.3 From f1bc68c73e7183a0ad30c6aefc6cc4cbbf1bc1f0 Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 18 Nov 2013 16:18:33 -0800 Subject: Need to cleanup some, but start to show public key for /key/username --- users/app/controllers/users_controller.rb | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'users/app/controllers') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 3cbb6dc..3f4daeb 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -59,4 +59,10 @@ class UsersController < UsersBaseController end end + def get_public_key + @show_navigation = false + user = User.find_by_login(params[:login]) + @public_key = user.public_key if user + end + end -- cgit v1.2.3 From d82ea5da2aa705bcfa74f2a8b42a197883b694e3 Mon Sep 17 00:00:00 2001 From: jessib Date: Thu, 21 Nov 2013 12:15:03 -0800 Subject: Refactoring of code, and tests. --- users/app/controllers/keys_controller.rb | 10 ++++++++++ users/app/controllers/users_controller.rb | 6 ------ 2 files changed, 10 insertions(+), 6 deletions(-) create mode 100644 users/app/controllers/keys_controller.rb (limited to 'users/app/controllers') diff --git a/users/app/controllers/keys_controller.rb b/users/app/controllers/keys_controller.rb new file mode 100644 index 0000000..9a39fc4 --- /dev/null +++ b/users/app/controllers/keys_controller.rb @@ -0,0 +1,10 @@ +class KeysController < ApplicationController + + def show + user = User.find_by_login(params[:login]) + # layout won't be included if we render text + # we will show blank page if user doesn't have key or user doesn't exist + render text: user ? user.public_key : '' + end + +end diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 3f4daeb..3cbb6dc 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -59,10 +59,4 @@ class UsersController < UsersBaseController end end - def get_public_key - @show_navigation = false - user = User.find_by_login(params[:login]) - @public_key = user.public_key if user - end - end -- cgit v1.2.3 From 299dfdf4164ee10de63aa2543935eeed65437b3f Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 25 Nov 2013 11:31:33 -0800 Subject: Give 404 error if one goes to /key/user for non-existing user. --- users/app/controllers/keys_controller.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/keys_controller.rb b/users/app/controllers/keys_controller.rb index 9a39fc4..949f2c0 100644 --- a/users/app/controllers/keys_controller.rb +++ b/users/app/controllers/keys_controller.rb @@ -3,8 +3,10 @@ class KeysController < ApplicationController def show user = User.find_by_login(params[:login]) # layout won't be included if we render text - # we will show blank page if user doesn't have key or user doesn't exist - render text: user ? user.public_key : '' + # we will show blank page if user doesn't have key (which shouldn't generally occur) + # and a 404 error if user doesn't exist + user ? (render text: user.public_key) : (raise ActionController::RoutingError.new('Not Found')) + end end -- cgit v1.2.3 From a013b03b0b715ec1209d2812da52ff5f0831c833 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 6 Dec 2013 15:45:02 -0800 Subject: make sure key responses are plain text --- users/app/controllers/keys_controller.rb | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/keys_controller.rb b/users/app/controllers/keys_controller.rb index 949f2c0..fb28901 100644 --- a/users/app/controllers/keys_controller.rb +++ b/users/app/controllers/keys_controller.rb @@ -1,12 +1,18 @@ class KeysController < ApplicationController + # + # Render the user's key as plain text, without a layout. + # + # We will show blank page if user doesn't have key (which shouldn't generally occur) + # and a 404 error if user doesn't exist + # def show user = User.find_by_login(params[:login]) - # layout won't be included if we render text - # we will show blank page if user doesn't have key (which shouldn't generally occur) - # and a 404 error if user doesn't exist - user ? (render text: user.public_key) : (raise ActionController::RoutingError.new('Not Found')) - + if user + render text: user.public_key, content_type: 'text/text' + else + raise ActionController::RoutingError.new('Not Found') + end end end -- cgit v1.2.3 From 496817bd512fe43c4cb80cc49a19dae3ed3eb165 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 13 Dec 2013 14:27:15 +0100 Subject: refactor: remove Overview controller - we can use Users#show we were only using Users#show to redirect to the edit action. So I replaced that with the overview and we have no more use for the extra controller. This also simplifies linking to the users in question a lot. --- users/app/controllers/overviews_controller.rb | 9 --------- users/app/controllers/sessions_controller.rb | 4 ++-- users/app/controllers/users_controller.rb | 2 +- 3 files changed, 3 insertions(+), 12 deletions(-) delete mode 100644 users/app/controllers/overviews_controller.rb (limited to 'users/app/controllers') diff --git a/users/app/controllers/overviews_controller.rb b/users/app/controllers/overviews_controller.rb deleted file mode 100644 index 52ce267..0000000 --- a/users/app/controllers/overviews_controller.rb +++ /dev/null @@ -1,9 +0,0 @@ -class OverviewsController < UsersBaseController - - before_filter :authorize - before_filter :fetch_user - - def show - end - -end diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 0494b51..85a022e 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -14,12 +14,12 @@ class SessionsController < ApplicationController end # - # this is a bad hack, but user_overview_url(user) is not available + # this is a bad hack, but user_url(user) is not available # also, this doesn't work because the redirect happens as a PUT. no idea why. # #Warden::Manager.after_authentication do |user, auth, opts| # response = Rack::Response.new - # response.redirect "/users/#{user.id}/overview" + # response.redirect "/users/#{user.id}" # throw :warden, response.finish #end diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 8b4715c..0b32ec7 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -13,7 +13,7 @@ class UsersController < UsersBaseController def index if params[:query] if @user = User.find_by_login(params[:query]) - redirect_to user_overview_url(@user) + redirect_to @user return else @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ) -- cgit v1.2.3 From 6012b588911dac3d47bbdb53e11dcb70ba8be6df Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 16 Dec 2013 11:37:05 -0800 Subject: Fix issue 4756: /login should not crash if one goes there when logged in. --- users/app/controllers/sessions_controller.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'users/app/controllers') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 85a022e..ca228c2 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -1,6 +1,7 @@ class SessionsController < ApplicationController def new + redirect_to root_path if logged_in? @session = Session.new if authentication_errors @errors = authentication_errors -- cgit v1.2.3