1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
#
# This is an HTML-only controller. For the JSON-only controller, see v1/users_controller.rb
#
class UsersController < UsersBaseController
before_filter :authorize, :only => [:show, :edit, :update, :destroy]
before_filter :fetch_user, :only => [:show, :edit, :update, :destroy, :deactivate, :enable]
before_filter :authorize_admin, :only => [:index, :deactivate, :enable]
respond_to :html
def index
if params[:query]
if @user = User.find_by_login(params[:query])
redirect_to user_overview_url(@user)
return
else
@users = User.by_login.startkey(params[:query]).endkey(params[:query].succ)
end
else
@users = User.by_created_at.descending
end
@users = @users.limit(100)
end
def new
@user = User.new
end
def show
end
def edit
end
## added so updating service level works, but not sure we will actually want this. also not sure that this is place to prevent user from updating own effective service level, but here as placeholder:
def update
@user.update_attributes(params[:user]) unless (!admin? and params[:user][:effective_service_level])
respond_with @user
end
def deactivate
@user.enabled = false
@user.save
respond_with @user
end
def enable
@user.enabled = true
@user.save
respond_with @user
end
def destroy
@user.account.destroy
flash[:notice] = I18n.t(:account_destroyed)
# admins can destroy other users
if @user != current_user
redirect_to users_url
else
# let's remove the invalid session
logout
redirect_to root_url
end
end
end
|