Class: Trainmaster::UsersController
- Inherits:
-
ApplicationController
- Object
- Repia::Controller::Base
- ApplicationController
- Trainmaster::UsersController
- Defined in:
- app/controllers/trainmaster/users_controller.rb
Overview
Users controller that performs CRUD on users.
Constant Summary
Constants included from ApplicationHelper
ApplicationHelper::UNAUTHORIZED_ERROR
Instance Method Summary collapse
-
#create ⇒ Object
Creates a new user.
-
#destroy ⇒ Object
Deletes a user.
-
#index ⇒ Object
List all users (but only works for admin user).
-
#show ⇒ Object
Renders a user data.
-
#update ⇒ Object
Patches the user object.
Methods included from ApplicationHelper
#authorize_for!, #authorized?, #authorized_for?, #has_admin_auth?
Instance Method Details
#create ⇒ Object
Creates a new user. This action does not require any auth although it is optional.
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'app/controllers/trainmaster/users_controller.rb', line 31 def create logger.debug("Create new user") @user = User.new(user_params) if @user.save # Save succeeded. Render the response based on the created user. render json: @user, except: [:verification_token, :reset_token, :password_digest], status: 201 # Then, issue the verification token and send the email for # verification. @user.issue_token(:verification_token) @user.save user_mailer.email_verification(@user).deliver_later else render_errors 400, @user.errors. end end |
#destroy ⇒ Object
Deletes a user.
97 98 99 100 101 102 103 104 105 |
# File 'app/controllers/trainmaster/users_controller.rb', line 97 def destroy if @user.destroy render body: '', status: 204 else # :nocov: render_error 400, @user.errors. # :nocov: end end |
#index ⇒ Object
List all users (but only works for admin user).
22 23 24 25 |
# File 'app/controllers/trainmaster/users_controller.rb', line 22 def index @users = User.all render json: @users, except: [:password_digest] end |
#show ⇒ Object
Renders a user data.
54 55 56 |
# File 'app/controllers/trainmaster/users_controller.rb', line 54 def show render json: @user, except: [:password_digest] end |
#update ⇒ Object
Patches the user object. There are four notable operations:
-
issue reset token
-
issue verification token
-
change password
-
others
Issuing either reset token or verification token requires NO authentication. However, for that reason, the request does not get any meaningful response. Instead, an email is sent out for either request.
For changing password, there are two ways. One is to use old password and the other is to use reset token.
Otherwise, it’s a normal update operation.
75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 |
# File 'app/controllers/trainmaster/users_controller.rb', line 75 def update if params[:issue_reset_token] || params[:issue_verification_token] # For issuing a reset token, one does not need an auth token. so do # not authorize the request. For consistency, we require the id to # be "current". raise ApplicationController::UNAUTHORIZED_ERROR unless params[:id] == "current" get_user_for_token() if params[:issue_reset_token] update_token(:reset_token) else update_token(:verification_token) end else get_user() allow_password_change? if params[:password] update_user(user_params) end end |