Class: UsersController

Inherits:
ApplicationController show all
Defined in:
app/controllers/users_controller.rb

Constant Summary

Constants included from ProjectsHelper

ProjectsHelper::CLASSIFIER, ProjectsHelper::CLASSIFIER_ANNOTATION

Instance Method Summary collapse

Methods included from RedirectHelper

#destroy_redirect

Methods included from RequestType

#json_request?

Methods included from LogRecent

#log_user_recent_route

Methods included from Cookies

#digest_cookie, #digested_cookie_exists?

Methods included from Whitelist

#whitelist_constantize

Methods included from ProjectsHelper

#cumulative_gb_per_year, #cumulative_projects_created_per_year, #document_cumulative_gb_per_year, #document_gb_per_year, #gb_per_year, #image_cumulative_gb_per_year, #image_gb_per_year, #invalid_object, #project_classification, #project_initials, #project_link, #project_login_link, #project_matches, #project_tag, #projects_list, #projects_search_form, #sound_cumulative_gb_per_year, #sound_gb_per_year, #taxonworks_classification, #week_in_review_graphs

Methods included from Api::Intercept

#intercept_api

Methods included from TokenAuthentication

#intercept_project, #intercept_user, #intercept_user_or_project, #project_token_authenticate, #token_authenticate

Instance Method Details

#autocompleteObject 



179
180
181
 
# File 'app/controllers/users_controller.rb', line 179

def autocomplete
  @users = Queries::User::Autocomplete.new(params.require(:term)).autocomplete
end

#batch_createObject 



183
184
185
186
187
188
189
190
191
192
193
 
# File 'app/controllers/users_controller.rb', line 183

def batch_create
  @users = User.batch_create(
    users: params[:users],
    create_api_token: params[:create_api_token],
    is_administrator: params[:is_administrator],
    project_id: params[:project_id],
    created_by: sessions_current_user_id
  )

  render '/tasks/administrator/batch_add_users/index'
end

#createObject

POST /users



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# File 'app/controllers/users_controller.rb', line 30

def create
  @user = User.new(user_params)
  @user.is_flagged_for_password_reset = is_superuser?

  if @user.save
    # Handle project memberships
    allowed_projects = is_administrator? ?
      Project.all.pluck(:id).map(&:to_s) :
      sessions_current_user&.administered_projects&.pluck(:id)&.map(&:to_s) || []
    project_member_errors = []
    if params[:user][:project_ids].present?
      params[:user][:project_ids].each do |project_id|
        next unless allowed_projects.include?(project_id)

        project_member = @user.project_members.create(
          project_id:,
          is_project_administrator: params[:user][:project_admin_ids]&.include?(project_id)
        )

        unless project_member.persisted?
          project_name = Project.find_by(id: project_id)&.name || "Project #{project_id}"
          project_member_errors << "#{project_name}: #{project_member.errors.full_messages.join(', ')}"
        end
      end
    end

    if project_member_errors.empty?
      flash[:success] = "User #{@user.email} successfully created."
      # TODO: Email the user their information.
    else
      flash[:alert] = "User #{@user.email} created, but some project memberships failed: #{project_member_errors.join('; ')}"
    end

    if is_administrator?
      redirect_to user_path(@user)
    else
      redirect_back fallback_location: root_path
    end
  else
    set_available_projects
    render 'new'
  end
end

#dataObject 



195
196
197
198
199
 
# File 'app/controllers/users_controller.rb', line 195

def data
  weeks_ago = params[:weeks_ago]
  @weeks_ago = weeks_ago =~ (/\A\d+\z/) ? weeks_ago : nil
  @target = params[:target]&.to_sym || :created
end

#destroyObject

DELETE /users/:id



91
92
93
94
95
 
# File 'app/controllers/users_controller.rb', line 91

def destroy
  User.find(params[:id]).destroy
  flash[:success] = 'Account has been deleted.'
  redirect_to root_url
end

#editObject

GET /users/:id/edit



26
27
 
# File 'app/controllers/users_controller.rb', line 26

def edit
end

#forgot_passwordObject

GET /forgot_password



98
99
 
# File 'app/controllers/users_controller.rb', line 98

def forgot_password
end

#indexObject

GET /users



11
12
13
 
# File 'app/controllers/users_controller.rb', line 11

def index
  @users = User.all.order(:name, :email)
end

#newObject

GET /signup



16
17
18
19
 
# File 'app/controllers/users_controller.rb', line 16

def new
  @user = User.new
  set_available_projects
end

#password_resetObject

GET /password_reset



129
130
131
132
 
# File 'app/controllers/users_controller.rb', line 129

def password_reset
  @user = User.find_by_password_reset_token(Utilities::RandomToken.digest(params[:token]))
  render 'invalid_token' unless @user && @user.password_reset_token_date > 1.day.ago
end

#preferencesObject 



158
159
160
161
 
# File 'app/controllers/users_controller.rb', line 158

def preferences
  @user = sessions_current_user
  redirect_to hub_path and return if @user.nil?
end

#recently_createdObject 



153
154
 
# File 'app/controllers/users_controller.rb', line 153

def recently_created
end

#reset_hub_favoritesObject 



171
172
173
174
175
176
177
 
# File 'app/controllers/users_controller.rb', line 171

def reset_hub_favorites
  @user = sessions_current_user
  redirect_to hub_path and return if @user.nil?
  @user.reset_hub_favorites(sessions_current_project_id)
  @user.save!
  redirect_to user_path(@user)
end

#reset_preferencesObject 



163
164
165
166
167
168
169
 
# File 'app/controllers/users_controller.rb', line 163

def reset_preferences
  @user = sessions_current_user
  redirect_to hub_path and return if @user.nil?
  @user.reset_preferences
  @user.save!
  redirect_to user_path(@user)
end

#send_password_resetObject

POST /send_password_reset



102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'app/controllers/users_controller.rb', line 102

def send_password_reset
  if params[:email]
    user = User.find_by_email(params[:email].downcase)
  end

  if user.nil?
    redirect_to :forgot_password

    if params[:email].blank?
      flash[:alert] = 'No e-mail was given'
    else
      flash[:alert] = 'The supplied e-mail does not belong to a registered user'
    end
  else
    token = user.generate_password_reset_token
    Current.user_id = user.id
    user.save
    begin
      UserMailer.password_reset_email(user, token).deliver_now
    rescue
      redirect_to :forgot_password
      flash[:alert] = 'Failed to send e-mail. Please try again in a few minutes.'
    end
  end
end

#set_available_projectsObject (private) 



203
204
205
206
207
208
209
210
211
 
# File 'app/controllers/users_controller.rb', line 203

def set_available_projects
  # Administrators can add users to ANY project
  # Project administrators can only add users to projects they administer
  @available_projects = if is_administrator?
    Project.order(:name)
  else
    sessions_current_user&.administered_projects&.order(:name) || []
  end
end

#set_passwordObject

PATCH /set_password



135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
 
# File 'app/controllers/users_controller.rb', line 135

def set_password
  @user = User.find_by_password_reset_token!(Utilities::RandomToken.digest(params[:token]))

  Current.user_id = @user.id #  WHY?

  @user.require_password_presence

  @user.password_reset_token = nil
  @user.is_flagged_for_password_reset = false

  if @user.update(params.require(:user).permit([:password, :password_confirmation]))
    flash[:notice] = 'Password successfuly changed.'
    redirect_to root_path
  else
    render 'password_reset'
  end
end

#set_userObject (private) 



229
230
231
232
233
234
235
236
 
# File 'app/controllers/users_controller.rb', line 229

def set_user
  own_id = (params[:id].to_i == sessions_current_user_id)

  # The RecordNotFound error raised in the nil case is tranformed into a
  # 404 by the rescue_from handlers.
  @user = User.find((is_administrator? || own_id) ? params[:id] : nil)
  @recent_object = @user
end

#showObject

GET /users/:id



22
23
 
# File 'app/controllers/users_controller.rb', line 22

def show
end

#updateObject

PATCH or PUT /users/:id



75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'app/controllers/users_controller.rb', line 75

def update
  respond_to do |format|
    if @user.update(user_params)
      format.html do
        flash[:success] = 'Changes to your account information have been saved.'
        redirect_to @user
      end
      format.json { render :show, location: @user }
    else
      format.html { render 'edit' }
      format.json { render json: @user.errors, status: :unprocessable_content }
    end
  end
end

#user_paramsObject (private) 



213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
 
# File 'app/controllers/users_controller.rb', line 213

def user_params
  # TODO: revisit authorization of specific field settings
  basic = [
    :name,
    :email,
    :person_id,
    :password,
    :password_confirmation,
    :set_new_api_access_token]

  basic += [:is_project_administrator, :is_flagged_for_password_reset] if is_superuser?
  basic += [:is_administrator] if is_administrator?

  params.require(:user).permit(basic, User.key_value_preferences, User.array_preferences, User.hash_preferences)
end