Class: UsersController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• UsersController

Defined in:

app/controllers/users_controller.rb

Instance Method Summary

• #autocomplete ⇒ Object
• #batch_create ⇒ Object
• #create ⇒ Object

  POST /users.

• #destroy ⇒ Object

  DELETE /users/:id.

• #edit ⇒ Object

  GET /users/:id/edit.

• #forgot_password ⇒ Object

  GET /forgot_password.

• #index ⇒ Object

  GET /users.

• #new ⇒ Object

  GET /signup.

• #password_reset ⇒ Object

  GET /password_reset.

• #preferences ⇒ Object
• #recently_created ⇒ Object
• #recently_created_stats ⇒ Object
• #send_password_reset ⇒ Object

  POST /send_password_reset.

• #set_password ⇒ Object

  PATCH /set_password.

• #set_user ⇒ Object private
• #show ⇒ Object

  GET /users/:id.

• #update ⇒ Object

  PATCH or PUT /users/:id.

• #user_params ⇒ Object private

Methods included from RedirectHelper

#destroy_redirect

Methods included from RequestType

#json_request?

Methods included from LogRecent

#log_user_recent_route

Methods included from Cookies

#digest_cookie, #digested_cookie_exists?

Methods included from Whitelist

#whitelist_constantize

Methods included from Api::Intercept

#intercept_api

Methods included from TokenAuthentication

#intercept_project, #intercept_user, #intercept_user_or_project, #project_token_authenticate, #token_authenticate

Instance Method Details

#autocomplete ⇒ Object

# File 'app/controllers/users_controller.rb', line 133

def autocomplete
  @users = Queries::User::Autocomplete.new(params.require(:term)).autocomplete
end

#batch_create ⇒ Object

# File 'app/controllers/users_controller.rb', line 137

def batch_create
  @users = User.batch_create(
    users: params[:users],
    create_api_token: params[:create_api_token],
    is_administrator: params[:is_administrator],
    project_id: params[:project_id],
    created_by: sessions_current_user_id
  )

  render '/tasks/administrator/batch_add_users/index'
end

#create ⇒ Object

POST /users

# File 'app/controllers/users_controller.rb', line 29

def create
  @user = User.new(user_params)
  @user.is_flagged_for_password_reset = is_superuser?

  if @user.save
    flash[:success] = "User #{@user.email} successfully created."
    # TODO: Email the user their information.
    redirect_to root_path
  else
    render 'new'
  end
end

#destroy ⇒ Object

DELETE /users/:id

# File 'app/controllers/users_controller.rb', line 59

def destroy
  User.find(params[:id]).destroy
  flash[:success] = 'Account has been deleted.'
  redirect_to root_url
end

#edit ⇒ Object

GET /users/:id/edit

# File 'app/controllers/users_controller.rb', line 25

def edit
end

#forgot_password ⇒ Object

GET /forgot_password

# File 'app/controllers/users_controller.rb', line 66

def forgot_password
end

#index ⇒ Object

GET /users

# File 'app/controllers/users_controller.rb', line 11

def index
  @users = User.all.order(:name, :email)
end

#new ⇒ Object

GET /signup

# File 'app/controllers/users_controller.rb', line 16

def new
  @user = User.new
end

#password_reset ⇒ Object

GET /password_reset

# File 'app/controllers/users_controller.rb', line 97

def password_reset
  @user = User.find_by_password_reset_token(Utilities::RandomToken.digest(params[:token]))
  render 'invalid_token' unless @user && @user.password_reset_token_date > 1.day.ago
end

#preferences ⇒ Object

# File 'app/controllers/users_controller.rb', line 128

def preferences
  @user = sessions_current_user
  redirect_to hub_path and return if @user.nil?
end

#recently_created ⇒ Object

# File 'app/controllers/users_controller.rb', line 121

def recently_created
end

#recently_created_stats ⇒ Object

# File 'app/controllers/users_controller.rb', line 124

def recently_created_stats
  render json: @user.data_breakdown_for_chartkick_recent
end

#send_password_reset ⇒ Object

POST /send_password_reset

# File 'app/controllers/users_controller.rb', line 70

def send_password_reset
  if params[:email]
    user = User.find_by_email(params[:email].downcase)
  end

  if user.nil?
    redirect_to :forgot_password

    if params[:email].blank?
      flash[:alert] = 'No e-mail was given'
    else
      flash[:alert] = 'The supplied e-mail does not belong to a registered user'
    end
  else
    token = user.generate_password_reset_token
    Current.user_id = user.id
    user.save
    begin
      UserMailer.password_reset_email(user, token).deliver_now
    rescue
      redirect_to :forgot_password
      flash[:alert] = 'Failed to send e-mail. Please try again in a few minutes.'
    end
  end
end

#set_password ⇒ Object

PATCH /set_password

# File 'app/controllers/users_controller.rb', line 103

def set_password
  @user = User.find_by_password_reset_token!(Utilities::RandomToken.digest(params[:token]))

  Current.user_id = @user.id #  WHY?

  @user.require_password_presence

  @user.password_reset_token = nil
  @user.is_flagged_for_password_reset = false

  if @user.update(params.require(:user).permit([:password, :password_confirmation]))
    flash[:notice] = 'Password successfuly changed.'
    redirect_to root_path
  else
    render 'password_reset'
  end
end

#set_user ⇒ Object (private)

# File 'app/controllers/users_controller.rb', line 167

def set_user
  own_id = (params[:id].to_i == sessions_current_user_id)

  @user = User.find((is_superuser? || own_id) ? params[:id] : nil)
  @recent_object = @user
end

#show ⇒ Object

GET /users/:id

# File 'app/controllers/users_controller.rb', line 21

def show
end

#update ⇒ Object

PATCH or PUT /users/:id

# File 'app/controllers/users_controller.rb', line 43

def update
  respond_to do |format|
    if @user.update(user_params)
      format.html do
        flash[:success] = 'Changes to your account information have been saved.'
        redirect_to @user
      end
      format.json { render :show, location: @user }
    else
      format.html { render 'edit' }
      format.json { render json: @user.errors, status: :unprocessable_entity }
    end
  end
end

#user_params ⇒ Object (private)

# File 'app/controllers/users_controller.rb', line 151

def user_params
  # TODO: revisit authorization of specific field settings
  basic = [
    :name,
    :email,
    :person_id,
    :password,
    :password_confirmation,
    :set_new_api_access_token]

  basic += [:is_project_administrator, :is_flagged_for_password_reset] if is_superuser?
  basic += [:is_administrator] if is_administrator?

  params.require(:user).permit(basic, User.key_value_preferences, User.array_preferences, User.hash_preferences)
end