Class | UsersController |
In: |
app/controllers/users_controller.rb
|
Parent: | ApplicationController |
File: | users_controller.rb |
(C): | Hipposoft 2008, 2009 |
Purpose: | Manage User objects. See models/user.rb for more. |
03-Jan-2008 (ADH): Created.
Cancel a sign in account edit request.
# File app/controllers/users_controller.rb, line 166 166: def cancel 167: id = params[ :id ] 168: @user = User.find( id ) 169: 170: # We must have found a user in the database matching the ID. 171: # The ID must be provided. There must be a currently logged in 172: # user and their ID must match that of the cancellation request. 173: # The user must not have a name yet - if they do, it implies a 174: # created, active account. 175: 176: if ( @user.nil? or id.nil? or @current_user.nil? or ( id.to_i() != @current_user.id ) or @user.name ) 177: flash[ :error ] = "Cancellation request not understood." 178: else 179: @user.destroy() 180: flash[ :error ] = 'Sign in cancelled.' 181: end 182: 183: redirect_to( signout_path() ) 184: end
# File app/controllers/users_controller.rb, line 100 100: def create 101: return appctrl_not_permitted() unless @current_user.admin? 102: 103: @record = @user = User.new 104: @control_panel = @user.control_panel = ControlPanel.new 105: 106: update_and_save_user( 'New account created', 'new' ) 107: end
Users should not normally be destroyed. Only administrators can do this.
# File app/controllers/users_controller.rb, line 189 189: def delete 190: appctrl_delete( 'User' ) 191: end
Show an "Are you sure?" prompt.
# File app/controllers/users_controller.rb, line 195 195: def delete_confirm 196: return appctrl_not_permitted() unless ( @current_user.admin? ) 197: 198: # Nobody can delete admin accounts. You must assign the admin 199: # privilege to someone else, then, since you can't revoke your 200: # own admin privileges either, have the new admin change your 201: # account type and delete the user record. This is a good way 202: # of ensuring that there is always at least one admin. 203: 204: @record = User.find( params[ :id ] ) 205: return appctrl_not_permitted() if ( @record.admin? ) 206: 207: @record.destroy() 208: 209: flash[ :notice ] = 'User and all associated data deleted' 210: redirect_to( users_path() ) 211: end
Prepare for the ‘edit’ view, allowing a user to update their account details. Restricted users can only edit their own account.
# File app/controllers/users_controller.rb, line 112 112: def edit 113: id = params[ :id ] 114: 115: if ( @current_user.restricted? and @current_user.id != id.to_i ) 116: return appctrl_not_permitted() 117: end 118: 119: @user = User.find( id ) 120: @control_panel = @user.control_panel 121: end
List users - not allowed for restricted users
# File app/controllers/users_controller.rb, line 40 40: def index 41: return appctrl_not_permitted() if ( @current_user.restricted? ) 42: 43: # Set up the column data; see the index helper functions in 44: # application_helper.rb for details. 45: 46: @columns = [ 47: { :header_text => 'Name', :value_method => 'name', :value_in_place => true }, 48: { :header_text => 'Code', :value_method => 'code', :value_in_place => true }, 49: { :header_text => 'Account type', :value_method => 'user_type' }, 50: { :header_text => 'E-mail address', :value_method => 'email', :value_helper => 'userhelp_email' }, 51: { :header_text => 'Identity URL', :value_method => 'identity_url', :value_helper => 'userhelp_identity_url' }, 52: ] 53: 54: # Get the basic options hash from ApplicationController, then work out 55: # the conditions on objects being fetched, including handling the search 56: # form data. 57: 58: options = appctrl_index_assist( User ) 59: active_conditions = { :active => true } 60: inactive_conditions = { :active => false } 61: 62: unless ( params[ :search ].nil? ) 63: if ( params[ :search ].empty? or params[ :search_cancel ] ) 64: params.delete( :search ) 65: else 66: search = "%#{ params[ :search ] }%" # SQL wildcards either side of the search string 67: str = '( name ILIKE :search OR email ILIKE :search OR identity_url ILIKE :search ) AND active = :active' 68: active_conditions = [ str, { :search => search, :active => true } ] 69: inactive_conditions = [ str, { :search => search, :active => false } ] 70: end 71: end 72: 73: # Finally, compile the collections for the view. 74: 75: @active_users = User.paginate( options.merge( { :conditions => active_conditions } ) ) 76: @inactive_users = User.paginate( options.merge( { :conditions => inactive_conditions } ) ) 77: end
Show user details.
# File app/controllers/users_controller.rb, line 81 81: def show 82: @user = User.find( params[ :id ] ) 83: return appctrl_not_permitted() unless ( @user and ( @current_user.privileged? or @user == @current_user ) ) 84: end
Update a User following submission of an ‘edit’ view form. Restricted users can only edit their own account.
# File app/controllers/users_controller.rb, line 126 126: def update 127: id = params[ :id ] 128: 129: if ( @current_user.restricted? and @current_user.id != id.to_i ) 130: return appctrl_not_permitted() 131: end 132: 133: @user = User.find( id ) 134: 135: if ( @current_user.admin? and params[ :notify_user ] ) 136: EmailNotifier.deliver_admin_update_notification( @user ) 137: end 138: 139: # New user just set up a previously uninitialised account (no 140: # e-mail yet stored - update_and_save_user will take that from 141: # the params hash) or a normal account edit? 142: 143: if ( @user.nil? or @user.name.empty? ) 144: if ( User.count == 1 ) 145: message = 'New administrator account created. You can now set up whatever ' << 146: 'initial customers, projects and tasks you need.' 147: else 148: message = 'New account created. Before you can use the service fully, the ' << 149: 'administrator will have to configure some account settings. You ' << 150: 'will be notified by e-mail when this process is complete. Please ' << 151: "direct queries to the administrator at '#{ EMAIL_ADMIN }'." 152: end 153: 154: update_and_save_user( 155: message, 156: 'edit', 157: true 158: ) 159: else 160: update_and_save_user( 'User details updated.', 'edit' ) 161: end 162: end