From e58fd0550b4a29fac9d52dc8a78d04333ccc8c06 Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 17 Jun 2013 01:27:55 -0700 Subject: new ui - initial user changes --- users/app/controllers/account_settings_controller.rb | 0 users/app/controllers/email_settings_controller.rb | 0 users/app/controllers/overviews_controller.rb | 9 +++++++++ users/app/controllers/users_base_controller.rb | 18 ++++++++++++++++++ 4 files changed, 27 insertions(+) create mode 100644 users/app/controllers/account_settings_controller.rb create mode 100644 users/app/controllers/email_settings_controller.rb create mode 100644 users/app/controllers/overviews_controller.rb create mode 100644 users/app/controllers/users_base_controller.rb (limited to 'users/app/controllers') diff --git a/users/app/controllers/account_settings_controller.rb b/users/app/controllers/account_settings_controller.rb new file mode 100644 index 0000000..e69de29 diff --git a/users/app/controllers/email_settings_controller.rb b/users/app/controllers/email_settings_controller.rb new file mode 100644 index 0000000..e69de29 diff --git a/users/app/controllers/overviews_controller.rb b/users/app/controllers/overviews_controller.rb new file mode 100644 index 0000000..52ce267 --- /dev/null +++ b/users/app/controllers/overviews_controller.rb @@ -0,0 +1,9 @@ +class OverviewsController < UsersBaseController + + before_filter :authorize + before_filter :fetch_user + + def show + end + +end diff --git a/users/app/controllers/users_base_controller.rb b/users/app/controllers/users_base_controller.rb new file mode 100644 index 0000000..dc2fa16 --- /dev/null +++ b/users/app/controllers/users_base_controller.rb @@ -0,0 +1,18 @@ +# +# common base class for all user related controllers +# + +class UsersBaseController < ApplicationController + + protected + + def fetch_user + @user = User.find_by_param(params[:user_id] || params[:id]) + if !@user && admin? + redirect_to users_url, :alert => t(:no_such_thing, :thing => 'user') + elsif !admin? && @user != current_user + access_denied + end + end + +end -- cgit v1.2.3 From 2e4ebdb84a464cf2ee902eb6e9bc955d77bafa73 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 19 Jun 2013 00:37:04 -0700 Subject: add commented out code of how redirect should work with Warden, although I can't get it working. --- users/app/controllers/sessions_controller.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'users/app/controllers') diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 01ecff6..d6c455b 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -22,4 +22,15 @@ class SessionsController < ApplicationController logout redirect_to root_path end + + # + # this is a bad hack, but user_overview_url(user) is not available + # also, this doesn't work because the redirect happens as a PUT. no idea why. + # + #Warden::Manager.after_authentication do |user, auth, opts| + # response = Rack::Response.new + # response.redirect "/users/#{user.id}/overview" + # throw :warden, response.finish + #end + end -- cgit v1.2.3 From e996432cbd50f4dadaae0ff62ac3f286ab125b1f Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 2 Jul 2013 23:11:23 -0700 Subject: add js to report all errors to the user, not just ones related to field validation. --- .../controllers/controller_extension/authentication.rb | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb index f0a6564..72df7a7 100644 --- a/users/app/controllers/controller_extension/authentication.rb +++ b/users/app/controllers/controller_extension/authentication.rb @@ -38,9 +38,18 @@ module ControllerExtension::Authentication end def access_denied - # TODO: should we redirect to the root_url in either case, and have the root_url include the login screen (and also ability to create unauthenticated tickets) when no user is logged in? - redirect_to login_url, :alert => "Not authorized" if !logged_in? - redirect_to root_url, :alert => "Not authorized" if logged_in? + respond_to do |format| + format.html do + if logged_in? + redirect_to root_url, :alert => t(:not_authorized) + else + redirect_to login_url, :alert => t(:not_authorized_login) + end + end + format.json do + render :json => {'error' => t(:not_authorized)}, status: :unprocessable_entity + end + end end def admin? -- cgit v1.2.3 From fa7b7425e7c53282472c1c9ce1cdc7272f55cfd4 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 2 Jul 2013 23:17:44 -0700 Subject: users engine changes - rewrite of the views, separate email settings to a separate controller, make users_controller html only and v1/users_controller json only. --- users/app/controllers/email_aliases_controller.rb | 18 ++------ users/app/controllers/email_settings_controller.rb | 34 ++++++++++++++ users/app/controllers/users_controller.rb | 54 +++++----------------- users/app/controllers/v1/users_controller.rb | 9 ++-- 4 files changed, 56 insertions(+), 59 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/email_aliases_controller.rb b/users/app/controllers/email_aliases_controller.rb index 3b0d5ac..4628a7f 100644 --- a/users/app/controllers/email_aliases_controller.rb +++ b/users/app/controllers/email_aliases_controller.rb @@ -1,20 +1,12 @@ -class EmailAliasesController < ApplicationController - +class EmailAliasesController < UsersBaseController before_filter :fetch_user - respond_to :html - def destroy @alias = @user.email_aliases.delete(params[:id]) - @user.save - flash[:notice] = t(:email_alias_destroyed_successfully, :alias => @alias) - redirect_to edit_user_path(@user, :anchor => :email) + if @user.save + flash[:notice] = t(:email_alias_destroyed_successfully, :alias => bold(@alias)) + end + redirect_to edit_user_email_settings_path(@user) end - protected - - def fetch_user - @user = User.find_by_param(params[:user_id]) - access_denied unless admin? or (@user == current_user) - end end diff --git a/users/app/controllers/email_settings_controller.rb b/users/app/controllers/email_settings_controller.rb index e69de29..0261b47 100644 --- a/users/app/controllers/email_settings_controller.rb +++ b/users/app/controllers/email_settings_controller.rb @@ -0,0 +1,34 @@ +class EmailSettingsController < UsersBaseController + + before_filter :authorize + before_filter :fetch_user + + def edit + @email_alias = LocalEmail.new + end + + def update + @user.attributes = params[:user] + if @user.changed? + if @user.save + flash[:notice] = t(:changes_saved) + redirect + else + if @user.email_aliases.last && !@user.email_aliases.last.valid? + # display bad alias in text field: + @email_alias = @user.email_aliases.pop + end + render 'email_settings/edit' + end + else + redirect + end + end + + private + + def redirect + redirect_to edit_user_email_settings_url(@user) + end + +end diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 38a69e3..0dbf641 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -1,12 +1,14 @@ -class UsersController < ApplicationController +# +# This is an HTML-only controller. For the JSON-only controller, see v1/users_controller.rb +# - before_filter :authorize, :only => [:show, :edit, :destroy, :update] +class UsersController < UsersBaseController + + before_filter :authorize, :only => [:show, :edit, :update, :destroy] before_filter :fetch_user, :only => [:show, :edit, :update, :destroy] - before_filter :authorize_self, :only => [:update] - before_filter :set_anchor, :only => [:edit, :update] before_filter :authorize_admin, :only => [:index] - respond_to :json, :html + respond_to :html def index if params[:query] @@ -14,8 +16,7 @@ class UsersController < ApplicationController else @users = User.by_created_at.descending end - @users = @users.limit(10) - respond_with @users.map(&:login).sort + @users = @users.limit(APP_CONFIG[:pagination_size]) end def new @@ -27,48 +28,15 @@ class UsersController < ApplicationController respond_with @user end - def edit - @email_alias = LocalEmail.new + def show end - def update - @user.attributes = params[:user] - if @user.changed? and @user.save - flash[:notice] = t(:user_updated_successfully) - elsif @user.email_aliases.last and !@user.email_aliases.last.valid? - @email_alias = @user.email_aliases.pop - end - respond_with @user, :location => edit_user_path(@user, :anchor => @anchor) + def edit end def destroy @user.destroy - redirect_to admin? ? users_path : root_path + redirect_to admin? ? users_path : login_path end - protected - - def fetch_user - # authorize filter has been checked first, so won't get here unless authenticated - @user = User.find_by_param(params[:id]) - if !@user and admin? - redirect_to users_path, :alert => t(:no_such_thing, :thing => 'user') - return - end - access_denied unless admin? or (@user == current_user) - end - - def authorize_self - # have already checked that authorized - access_denied unless (@user == current_user) - end - - def set_anchor - @anchor = email_settings? ? :email : :account - end - - def email_settings? - params[:user] && - params[:user].keys.detect{|key| key.index('email')} - end end diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index 617bd4b..e7516bc 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -1,8 +1,9 @@ module V1 - class UsersController < ApplicationController + class UsersController < UsersBaseController skip_before_filter :verify_authenticity_token before_filter :authorize, :only => [:update] + before_filter :fetch_user, :only => [:update] respond_to :json @@ -12,9 +13,11 @@ module V1 end def update - # For now, only allow public key to be updated via the API. Eventually we might want to store in a config what attributes can be updated via the API. @user = User.find_by_param(params[:id]) - @user.update_attributes params[:user].slice(:public_key) if params[:user].respond_to?(:slice) + @user.update_attributes params[:user] + if @user.valid? + flash[:notice] = t(:user_updated_successfully) + end respond_with @user end -- cgit v1.2.3 From 89ad6bd802f9e57c687e8cdb8593c3984e2fbd1b Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 01:33:09 -0700 Subject: fix user typeahead --- users/app/controllers/v1/users_controller.rb | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index e7516bc..e117fc7 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -2,11 +2,21 @@ module V1 class UsersController < UsersBaseController skip_before_filter :verify_authenticity_token - before_filter :authorize, :only => [:update] before_filter :fetch_user, :only => [:update] + before_filter :authorize, :only => [:update] + before_filter :authorize_admin, :only => [:index] respond_to :json + def index + if params[:query] + @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ) + respond_with @users.map(&:login).sort + else + render :json => {'error' => 'query required', 'status' => :unprocessable_entity} + end + end + def create @user = User.create(params[:user]) respond_with @user # return ID instead? -- cgit v1.2.3 From 03fc85ad20e91964267dfcdaab9e3036c5702689 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 01:34:06 -0700 Subject: users - make a nice overview page (well, nice enough) and better users index/search. --- users/app/controllers/users_controller.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 0dbf641..81336be 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -12,11 +12,16 @@ class UsersController < UsersBaseController def index if params[:query] - @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ) + if @user = User.find_by_login(params[:query]) + redirect_to user_overview_url(@user) + return + else + @users = User.by_login.startkey(params[:query]).endkey(params[:query].succ) + end else @users = User.by_created_at.descending end - @users = @users.limit(APP_CONFIG[:pagination_size]) + @users = @users.limit(100) end def new -- cgit v1.2.3 From 290d367ddb064c0aea4e0447441776fd69e29f6c Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 01:45:41 -0700 Subject: allow forms with blank email forward. --- users/app/controllers/email_settings_controller.rb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/email_settings_controller.rb b/users/app/controllers/email_settings_controller.rb index 0261b47..f7d85be 100644 --- a/users/app/controllers/email_settings_controller.rb +++ b/users/app/controllers/email_settings_controller.rb @@ -8,7 +8,7 @@ class EmailSettingsController < UsersBaseController end def update - @user.attributes = params[:user] + @user.attributes = cleanup_params(params[:user]) if @user.changed? if @user.save flash[:notice] = t(:changes_saved) @@ -31,4 +31,11 @@ class EmailSettingsController < UsersBaseController redirect_to edit_user_email_settings_url(@user) end + def cleanup_params(user) + if !user['email_forward'].nil? && user['email_forward'].empty? + user.delete('email_forward') # don't allow "" as an email forward + end + user + end + end -- cgit v1.2.3 From 64bacc45ea1a023b154b07ec0790f762a79d20d5 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 02:44:11 -0700 Subject: user tests -- user update has been moved entirely to api controller, so fix tests to reflect this. --- users/app/controllers/users_controller.rb | 5 ----- users/app/controllers/v1/users_controller.rb | 1 - 2 files changed, 6 deletions(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 81336be..5d45db5 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -28,11 +28,6 @@ class UsersController < UsersBaseController @user = User.new end - def create - @user = User.create(params[:user]) - respond_with @user - end - def show end diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index e117fc7..fda56f2 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -23,7 +23,6 @@ module V1 end def update - @user = User.find_by_param(params[:id]) @user.update_attributes params[:user] if @user.valid? flash[:notice] = t(:user_updated_successfully) -- cgit v1.2.3 From 0d95d40616a6b23d848d1fe69d68a14c69280674 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 04:26:31 -0700 Subject: redirect to root after user destroy --- users/app/controllers/users_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'users/app/controllers') diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 5d45db5..4ce970b 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -36,7 +36,7 @@ class UsersController < UsersBaseController def destroy @user.destroy - redirect_to admin? ? users_path : login_path + redirect_to admin? ? users_url : root_url end end -- cgit v1.2.3