summaryrefslogtreecommitdiff
path: root/app/controllers/users_controller.rb
blob: 225584f486dcfe03a597b1f1c1df26fe55b35eaf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#
# This is an HTML-only controller. For the JSON-only controller, see v1/users_controller.rb
#

class UsersController < ApplicationController
  include ControllerExtension::FetchUser

  before_filter :require_login, :except => [:new]
  before_filter :redirect_if_logged_in, :only => [:new]
  before_filter :require_admin, :only => [:index, :deactivate, :enable]
  before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable]
  before_filter :require_registration_allowed, only: :new

  respond_to :html

  def index
    if params[:query].present?
      if @user = User.find_by_login(params[:query])
        redirect_to @user
        return
      else
        @users = User.login_starts_with(params[:query])
      end
    else
      @users = User.by_created_at.descending
    end
    @users = @users.limit(100)
  end

  def new
    @user = User.new
  end

  def show
  end

  def edit
  end

  ## added so updating service level works, but not sure we will actually want this. also not sure that this is place to prevent user from updating own effective service level, but here as placeholder:
  def update
    @user.update_attributes(user_params)
    if @user.valid?
      flash[:notice] = I18n.t(:changes_saved)
    end
    respond_with @user, :location => edit_user_path(@user)
  end

  def deactivate
    @user.account.disable
    flash[:notice] = I18n.t("actions.user_disabled_message", username: @user.username)
    redirect_to :back
  end

  def enable
    @user.account.enable
    flash[:notice] = I18n.t("actions.user_enabled_message", username: @user.username)
    redirect_to :back
  end

  def destroy
    @user.account.destroy
    flash[:notice] = I18n.t(:account_destroyed)
    # admins can destroy other users
    if @user != current_user
      redirect_to users_url
    else
      # let's remove the invalid session
      logout
      redirect_to bye_url
    end
  end

  protected

  def require_registration_allowed
    unless APP_CONFIG[:allow_registration]
      redirect_to home_path
    end
  end

  def user_params
    if admin?
      params.require(:user).permit(:effective_service_level)
    else
      params.require(:user).permit(:password, :password_confirmation)
    end
  end
end