Class: Caboose::UsersController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• Caboose::UsersController

Defined in:

app/controllers/caboose/users_controller.rb

Instance Method Summary

• #add_to_role ⇒ Object

  POST /admin/users/:id/roles/:role_id.

• #admin_su ⇒ Object

  GET /admin/users/:id/su.

• #before_action ⇒ Object
• #create ⇒ Object

  POST /admin/users.

• #destroy ⇒ Object

  DELETE /admin/users/1.

• #edit ⇒ Object

  GET /admin/users/1/edit.

• #edit_password ⇒ Object

  GET /admin/users/1/edit-password.

• #import ⇒ Object

  POST /admin/users/import.

• #import_form ⇒ Object

  GET /admin/users/import.

• #index ⇒ Object

  GET /admin/users.

• #my_account ⇒ Object

  GET /my-account.

• #new ⇒ Object

  GET /admin/users/new.

• #options ⇒ Object

  GET /admin/users/options.

• #random_string(length) ⇒ Object
• #remove_from_role ⇒ Object

  DELETE /admin/users/:id/roles/:role_id.

• #update ⇒ Object

  PUT /admin/users/1.

• #update_my_account ⇒ Object

  PUT /my-account.

• #update_pic ⇒ Object

  POST /admin/users/1/update-pic.

Methods inherited from ApplicationController

#admin_add, #admin_bulk_add, #admin_bulk_delete, #admin_bulk_update, #admin_delete, #admin_edit, #admin_index, #admin_json, #admin_json_single, #admin_update, #before_before_action, #hashify_query_string, #init_cart, #logged_in?, #logged_in_user, #login_user, #logout_user, #parse_url_params, #reject_param, #user_is_allowed, #user_is_allowed_to, #validate_cookie, #validate_token, #var, #verify_logged_in

Instance Method Details

#add_to_role ⇒ Object

POST /admin/users/:id/roles/:role_id

# File 'app/controllers/caboose/users_controller.rb', line 274

def add_to_role
  return if !user_is_allowed('users', 'edit')
  if !RoleMembership.where(:user_id => params[:id], :role_id => params[:role_id]).exists?
    RoleMembership.create(:user_id => params[:id], :role_id => params[:role_id])
  end
  render :json => true
end

#admin_su ⇒ Object

GET /admin/users/:id/su

# File 'app/controllers/caboose/users_controller.rb', line 298

def admin_su
  return if !user_is_allowed('users', 'sudo')
  user = User.find(params[:id])
  
  # Log out the current user
  cookies.delete(:caboose_user_id)
  reset_session
  
  # Login the new user
  login_user(user, false)      
  redirect_to "/"      
end

#before_action ⇒ Object

# File 'app/controllers/caboose/users_controller.rb', line 7

def before_action
  @page = Page.page_with_uri(request.host_with_port, '/admin')
end

#create ⇒ Object

POST /admin/users

# File 'app/controllers/caboose/users_controller.rb', line 188

def create
  return if !user_is_allowed('users', 'add')
  
  resp = StdClass.new({
      'error' => nil,
      'redirect' => nil
  })
  
  user = User.new()
  user.email = params[:email] ? params[:email].strip.downcase : nil
  
  if user.email.length == 0
    resp.error = "Please enter a valid email address."
  elsif User.where(:email => user.email).exists?
    resp.error = "That email is already in the system."
  else
    user.save
    resp.redirect = "/admin/users/#{user.id}"
  end
  
  render :json => resp
end

#destroy ⇒ Object

DELETE /admin/users/1

# File 'app/controllers/caboose/users_controller.rb', line 262

def destroy
  return if !user_is_allowed('users', 'delete')
  user = User.find(params[:id])
  user.destroy
  
  resp = StdClass.new({
    'redirect' => '/admin/users'
  })
  render :json => resp
end

#edit ⇒ Object

GET /admin/users/1/edit

# File 'app/controllers/caboose/users_controller.rb', line 101

def edit
  return if !user_is_allowed('users', 'edit')
  @edituser = User.find(params[:id])    
  @all_roles = Role.tree
  @roles = Role.roles_with_user(@edituser.id)
end

#edit_password ⇒ Object

GET /admin/users/1/edit-password

# File 'app/controllers/caboose/users_controller.rb', line 109

def edit_password
  return if !user_is_allowed('users', 'edit')
  @edituser = User.find(params[:id])
end

#import ⇒ Object

POST /admin/users/import

# File 'app/controllers/caboose/users_controller.rb', line 125

def import
  return if !user_is_allowed('users', 'add')
  
  resp = StdClass.new
  csv_data = params[:csv_data]
  arr = []
  good_count = 0
  bad_count = 0            
  csv_data.strip.split("\n").each do |line|        
    data = CSV.parse_line(line)

    if data.count < 3
      arr << [line, true, "Too few columns"] 
      bad_count = bad_count + 1
      next
    end
    
    first_name = data[0].nil? ? nil : data[0].strip
    last_name  = data[1].nil? ? nil : data[1].strip
    email      = data[2].nil? ? nil : data[2].strip.downcase
    username   = data.count >= 4 && !data[3].nil? ? data[3].strip.downcase : nil
    password   = data.count >= 5 && !data[4].nil? ? data[4].strip : random_string(8)
    
    first_name = data[0]
    last_name  = data[1]
    email      = data[2]
    username   = data.count >= 4 ? data[3] : nil
    password   = data.count >= 5 ? data[4] : random_string(8)

    if first_name.nil? || first_name.length == 0
      arr << [line, false, "Missing first name."]
      bad_count = bad_count + 1
    elsif last_name.nil? || last_name.length == 0
      arr << [line, false, "Missing last name."]
      bad_count = bad_count + 1          
    elsif email.nil? || email.length == 0 || !email.include?('@')
      arr << [line, false, "Email is invalid."]
      bad_count = bad_count + 1          
    elsif Caboose::User.where(:email => email).exists?
      arr << [line, false, "Email already exists."]
      bad_count = bad_count + 1                    
    else                  
      Caboose::User.create(
        :first_name => first_name,
        :last_name  => last_name,
        :email      => email,
        :username   => username,          
        :password   => Digest::SHA1.hexdigest(Caboose::salt + password)
      )
      good_count = good_count + 1
    end
  end
  
  resp.success = "#{good_count} user#{good_count == 1 ? '' : 's'} were added successfully."     
  if bad_count > 0
    resp.success << "<br />#{bad_count} user#{bad_count == 1 ? '' : 's'} were skipped."
    resp.success << "<br /><br />Please check the log below for more details."
    resp.log = arr
  end      
  render :json => resp
end

#import_form ⇒ Object

GET /admin/users/import

# File 'app/controllers/caboose/users_controller.rb', line 115

def import_form
  return if !user_is_allowed('users', 'edit')      
end

#index ⇒ Object

GET /admin/users

# File 'app/controllers/caboose/users_controller.rb', line 57

def index
  return if !user_is_allowed('users', 'view')
  
  @gen = PageBarGenerator.new(params, {
		  'first_name_like' => '',
		  'last_name_like'	=> '',
		  'username_like'	  => '',
		  'email_like' 		  => '',
		},{
		  'model'          => 'Caboose::User',
	    'sort'			     => 'last_name, first_name',
		  'desc'			     => false,
		  'base_url'		   => '/admin/users',
		  'use_url_params' => false
	})
	@users = @gen.items
end

#my_account ⇒ Object

GET /my-account

# File 'app/controllers/caboose/users_controller.rb', line 16

def my_account
  return if !logged_in?
  @user = logged_in_user
  render :layout => 'caboose/modal'
end

#new ⇒ Object

GET /admin/users/new

# File 'app/controllers/caboose/users_controller.rb', line 95

def new
  return if !user_is_allowed('users', 'add')
  @newuser = User.new
end

#options ⇒ Object

GET /admin/users/options

# File 'app/controllers/caboose/users_controller.rb', line 290

def options
  return if !user_is_allowed('users', 'view')
  @users = User.where('id <> 2').reorder('last_name, first_name').all
  options = @users.collect { |u| { 'value' => u.id, 'text' => "#{u.first_name} #{u.last_name} (#{u.email})"}}
  render json: options
end

#random_string(length) ⇒ Object

# File 'app/controllers/caboose/users_controller.rb', line 119

def random_string(length)
  o = [('a'..'z'),('A'..'Z'),('0'..'9')].map { |i| i.to_a }.flatten
  return (0...length).map { o[rand(o.length)] }.join
end

#remove_from_role ⇒ Object

DELETE /admin/users/:id/roles/:role_id

# File 'app/controllers/caboose/users_controller.rb', line 283

def remove_from_role
  return if !user_is_allowed('users', 'edit')
  RoleMembership.where(:user_id => params[:id], :role_id => params[:role_id]).destroy_all        
  render :json => true
end

#update ⇒ Object

PUT /admin/users/1

# File 'app/controllers/caboose/users_controller.rb', line 212

def update
  return if !user_is_allowed('users', 'edit')

  resp = StdClass.new     
  user = User.find(params[:id])

  save = true
  params.each do |name,value|
    case name
      when 'first_name'           then user.first_name          = value     
      when 'last_name'            then user.last_name           = value 
      when 'username'             then user.username            = value 
      when 'email'                then user.email               = value         
      when 'address'              then user.address             = value
      when 'address2'             then user.address2            = value
      when 'city'                 then user.city                = value
      when 'state'                then user.state               = value
      when 'zip'                  then user.zip                 = value
      when 'phone'                then user.phone               = value
      when 'fax'                  then user.fax                 = value
      when 'utc_offset'           then user.utc_offset          = value.to_f        
	  	when "password"			  
	  	  confirm = params[:password2]
	  		if (value != confirm)			
	  		  resp.error = "Passwords do not match.";
	  		  save = false
	  		elsif (value.length < 8)
	  		  resp.error = "Passwords must be at least 8 characters.";
	  		  save = false
	  		else
	  		  user.password = Digest::SHA1.hexdigest(Caboose::salt + value)
	  		end
	  	when "roles"
	  	  user.roles = [];
	  	  value.each { |rid| user.roles << Role.find(rid) } unless value.nil?
	  	  resp.attribute = { 'text' => user.roles.collect{ |r| r.name }.join(', ') }    		  
	  end
	end
	
	resp.success = save && user.save
	render json: resp
end

#update_my_account ⇒ Object

PUT /my-account

# File 'app/controllers/caboose/users_controller.rb', line 23

def update_my_account  
  return if !logged_in?
  
  resp = StdClass.new     
  user = logged_in_user

  save = true
  params.each do |name,value|
    case name
	  	when "first_name", "last_name", "username", "email", "phone"
	  	  user[name.to_sym] = value
	  	when "password"			  
	  	  confirm = params[:confirm]
	  		if (value != confirm)			
	  		  resp.error = "Passwords do not match.";
	  		  save = false
	  		elsif (value.length < 8)
	  		  resp.error = "Passwords must be at least 8 characters.";
	  		  save = false
	  		else
	  		  user.password = Digest::SHA1.hexdigest(Caboose::salt + value)
	  		end    	  	    		  
	  end
	end
	
	resp.success = save && user.save
	render json: resp
end

#update_pic ⇒ Object

POST /admin/users/1/update-pic

# File 'app/controllers/caboose/users_controller.rb', line 256

def update_pic
  @edituser = User.find(params[:id])
  @new_value = "Testing"
end