Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## User Controller
- class UsersController < ApplicationController
- # GET /users
- # GET /users.xml
- def index
- @company = Company.find(params[:company_id])
- @users = @company.users
- respond_to do |format|
- format.html # index.html.erb
- format.xml { render :xml => @users }
- end
- end
- # GET /users/1
- # GET /users/1.xml
- def show
- @company = Company.find(params[:company_id])
- @user = User.find(params[:id])
- respond_to do |format|
- format.html # show.html.erb
- format.xml { render :xml => @user }
- end
- end
- # GET /users/new
- # GET /users/new.xml
- def new
- @company = Company.find(params[:company_id])
- @user = User.new
- respond_to do |format|
- format.html # new.html.erb
- format.xml { render :xml => @user }
- end
- end
- # GET /users/1/edit
- def edit
- @company = Company.find(params[:company_id])
- @user = User.find(params[:id])
- end
- # POST /users
- # POST /users.xml
- def create
- @company = Company.find(params[:company_id])
- @user = User.new(params[:user])
- respond_to do |format|
- if @user.role = "Admin"
- @user.has_role! :admin
- end
- if @user.role = "Corporate"
- @user.has_role! :corporate
- end
- if @user.role = "Regional"
- @user.has_role!(:regional, @company)
- end
- if @user.save
- flash[:notice] = "User #{@user.username} was successfully created."
- format.html { redirect_to(:action =>'index') }
- format.xml { render :xml => @user, :status => :created, :location => @user }
- else
- format.html { render :action => "new" }
- format.xml { render :xml => @user.errors,
- :status => :unprocessable_entity }
- end
- end end
- # PUT /users/1
- # PUT /users/1.xml
- def update
- @company = Company.find(params[:company_id])
- @user = User.find(params[:id])
- respond_to do |format|
- if @user.update_attributes(params[:user])
- flash[:notice] = 'User #{@user.username} was successfully updated.'
- format.html { redirect_to(:action =>'index') }
- format.xml { head :ok }
- else
- format.html { render :action => "edit" }
- format.xml { render :xml => @user.errors, :status => :unprocessable_entity }
- end
- end
- end
- # DELETE /users/1
- # DELETE /users/1.xml
- def destroy
- @company = Company.find(params[:company_id])
- @user = User.find(params[:id])
- begin
- @user.destroy
- flash[:notice] = "User #{@user.username} deleted"
- rescue Exception => e
- flash[:notice] = e.message
- end
- respond_to do |format|
- format.html { redirect_to(users_url) }
- format.xml { head :ok }
- end
- end
- end
- ## Admin controller (just for logging in and out)
- class AdminController < ApplicationController
- def login
- if request.post?
- user = User.authenticate(params[:username], params[:password])
- if user
- session[:user_id] = user.id
- redirect_to(:action => "index")
- else
- flash.now[:notice] = "Invalid username/password combination"
- end
- end
- end
- def logout
- session[:user_id] = nil
- flash[:notice] = "Logged out"
- redirect_to(:action => "login")
- end
- def index
- end
- end
- ## User model
- require "digest/sha1"
- class User < ActiveRecord::Base
- acts_as_authorization_subject
- belongs_to :company
- validates_presence_of :username
- validates_uniqueness_of :username
- attr_accessor :password_confirmation
- validates_confirmation_of :password
- validate :password_non_blank
- #def has_role?(role_name, obj=nil)
- #super unless obj.class == Region or obj.class == Location
- #return company.region == obj if obj.class == Region
- #return company.location == obj if obj.class == Location
- #end
- def self.authenticate(username, password)
- user = self.find_by_username(username)
- if user
- expected_password = encrypted_password(password, user.salt)
- if user.hashed_password != expected_password
- user = nil
- end
- end
- user
- end
- def after_destroy
- if User.count.zero?
- raise "Can't delete last user"
- end
- end
- # 'password' is a virtual attribute
- def password
- @password
- end
- def password=(pwd)
- @password = pwd
- return if pwd.blank?
- create_new_salt
- self.hashed_password = User.encrypted_password(self.password, self.salt)
- end
- private
- def password_non_blank
- errors.add(:password, "Missing Password") if hashed_password.blank?
- end
- def create_new_salt
- self.salt = self.object_id.to_s + rand.to_s
- end
- def self.encrypted_password(password, salt)
- string_to_hash = password + "wibble" + salt
- Digest::SHA1.hexdigest(string_to_hash)
- end
- end
Add Comment
Please, Sign In to add comment