Class UsersController
In: app/controllers/users_controller.rb
Parent: ApplicationController
File:users_controller.rb
(C):Hipposoft 2008, 2009
Purpose:Manage User objects. See models/user.rb for more.

          03-Jan-2008 (ADH): Created.

Methods

cancel   create   delete   delete_confirm   edit   home   index   new   show   update  

Public Instance methods

Cancel a sign in account edit request.

[Source]

     # File app/controllers/users_controller.rb, line 166
166:   def cancel
167:     id    = params[ :id ]
168:     @user = User.find( id )
169: 
170:     # We must have found a user in the database matching the ID.
171:     # The ID must be provided. There must be a currently logged in
172:     # user and their ID must match that of the cancellation request.
173:     # The user must not have a name yet - if they do, it implies a
174:     # created, active account.
175: 
176:     if ( @user.nil? or id.nil? or @current_user.nil? or ( id.to_i() != @current_user.id ) or @user.name )
177:       flash[ :error ] = "Cancellation request not understood."
178:     else
179:       @user.destroy()
180:       flash[ :error ] = 'Sign in cancelled.'
181:     end
182: 
183:     redirect_to( signout_path() )
184:   end

Create a new User account.

[Source]

     # File app/controllers/users_controller.rb, line 100
100:   def create
101:     return appctrl_not_permitted() unless @current_user.admin?
102: 
103:     @record = @user = User.new
104:     @control_panel = @user.control_panel = ControlPanel.new
105: 
106:     update_and_save_user( 'New account created', 'new' )
107:   end

Users should not normally be destroyed. Only administrators can do this.

[Source]

     # File app/controllers/users_controller.rb, line 189
189:   def delete
190:     appctrl_delete( 'User' )
191:   end

Show an "Are you sure?" prompt.

[Source]

     # File app/controllers/users_controller.rb, line 195
195:   def delete_confirm
196:     return appctrl_not_permitted() unless ( @current_user.admin? )
197: 
198:     # Nobody can delete admin accounts. You must assign the admin
199:     # privilege to someone else, then, since you can't revoke your
200:     # own admin privileges either, have the new admin change your
201:     # account type and delete the user record. This is a good way
202:     # of ensuring that there is always at least one admin.
203: 
204:     @record = User.find( params[ :id ] )
205:     return appctrl_not_permitted() if ( @record.admin? )
206: 
207:     @record.destroy()
208: 
209:     flash[ :notice ] = 'User and all associated data deleted'
210:     redirect_to( users_path() )
211:   end

Prepare for the ‘edit’ view, allowing a user to update their account details. Restricted users can only edit their own account.

[Source]

     # File app/controllers/users_controller.rb, line 112
112:   def edit
113:     id = params[ :id ]
114: 
115:     if ( @current_user.restricted? and @current_user.id != id.to_i )
116:       return appctrl_not_permitted()
117:     end
118: 
119:     @user          = User.find( id )
120:     @control_panel = @user.control_panel
121:   end

Home page - only show if logged in.

[Source]

    # File app/controllers/users_controller.rb, line 34
34:   def home
35:     redirect_to signin_path() and return if ( @current_user.nil? )
36:   end

List users - not allowed for restricted users

[Source]

    # File app/controllers/users_controller.rb, line 40
40:   def index
41:     return appctrl_not_permitted() if ( @current_user.restricted? )
42: 
43:     # Set up the column data; see the index helper functions in
44:     # application_helper.rb for details.
45: 
46:     @columns = [
47:       { :header_text => 'Name',           :value_method   => 'name',         :value_in_place => true                  },
48:       { :header_text => 'Code',           :value_method   => 'code',         :value_in_place => true                  },
49:       { :header_text => 'Account type',   :value_method   => 'user_type'                                              },
50:       { :header_text => 'E-mail address', :value_method   => 'email',        :value_helper => 'userhelp_email'        },
51:       { :header_text => 'Identity URL',   :value_method   => 'identity_url', :value_helper => 'userhelp_identity_url' },
52:     ]
53: 
54:     # Get the basic options hash from ApplicationController, then work out
55:     # the conditions on objects being fetched, including handling the search
56:     # form data.
57: 
58:     options             =  appctrl_index_assist( User )
59:     active_conditions   = { :active => true  }
60:     inactive_conditions = { :active => false }
61: 
62:     unless ( params[ :search ].nil? )
63:       if ( params[ :search ].empty? or params[ :search_cancel ] )
64:         params.delete( :search )
65:       else
66:         search = "%#{ params[ :search ] }%" # SQL wildcards either side of the search string
67:         str    = '( name ILIKE :search OR email ILIKE :search OR identity_url ILIKE :search ) AND active = :active'
68:         active_conditions   = [ str, { :search => search, :active => true  } ]
69:         inactive_conditions = [ str, { :search => search, :active => false } ]
70:       end
71:     end
72: 
73:     # Finally, compile the collections for the view.
74: 
75:     @active_users   = User.paginate( options.merge( { :conditions => active_conditions   } ) )
76:     @inactive_users = User.paginate( options.merge( { :conditions => inactive_conditions } ) )
77:   end

Administrators can (carefully) create User accounts up-front.

[Source]

    # File app/controllers/users_controller.rb, line 93
93:   def new
94:     return appctrl_not_permitted() unless @current_user.admin?
95:     return appctrl_new( 'User' )
96:   end

Show user details.

[Source]

    # File app/controllers/users_controller.rb, line 81
81:   def show
82:     @user = User.find( params[ :id ] )
83:     return appctrl_not_permitted() unless ( @user and ( @current_user.privileged? or @user == @current_user ) )
84:   end

Update a User following submission of an ‘edit’ view form. Restricted users can only edit their own account.

[Source]

     # File app/controllers/users_controller.rb, line 126
126:   def update
127:     id = params[ :id ]
128: 
129:     if ( @current_user.restricted? and @current_user.id != id.to_i )
130:       return appctrl_not_permitted()
131:     end
132: 
133:     @user = User.find( id )
134: 
135:     if ( @current_user.admin? and params[ :notify_user ] )
136:       EmailNotifier.deliver_admin_update_notification( @user )
137:     end
138: 
139:     # New user just set up a previously uninitialised account (no
140:     # e-mail yet stored - update_and_save_user will take that from
141:     # the params hash) or a normal account edit?
142: 
143:     if ( @user.nil? or @user.name.empty? )
144:       if ( User.count == 1 )
145:         message = 'New administrator account created. You can now set up whatever ' <<
146:                   'initial customers, projects and tasks you need.'
147:       else
148:         message = 'New account created. Before you can use the service fully, the '   <<
149:                   'administrator will have to configure some account settings. You '  <<
150:                   'will be notified by e-mail when this process is complete. Please ' <<
151:                   "direct queries to the administrator at '#{ EMAIL_ADMIN }'."
152:       end
153: 
154:       update_and_save_user(
155:         message,
156:         'edit',
157:         true
158:       )
159:     else
160:       update_and_save_user( 'User details updated.', 'edit' )
161:     end
162:   end

[Validate]