API tools faq
paste
Guest User

Untitled

a guest
Jul 16th, 2018
161
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.90 KB | None | 0 0
raw download clone embed print report
  1. ## User Controller
  2.  
  3. class UsersController < ApplicationController
  4. # GET /users
  5. # GET /users.xml
  6. def index
  7. @company = Company.find(params[:company_id])
  8. @users = @company.users
  9.  
  10. respond_to do |format|
  11. format.html # index.html.erb
  12. format.xml { render :xml => @users }
  13. end
  14. end
  15.  
  16.  
  17. # GET /users/1
  18. # GET /users/1.xml
  19. def show
  20. @company = Company.find(params[:company_id])
  21. @user = User.find(params[:id])
  22.  
  23. respond_to do |format|
  24. format.html # show.html.erb
  25. format.xml { render :xml => @user }
  26. end
  27. end
  28.  
  29. # GET /users/new
  30. # GET /users/new.xml
  31. def new
  32. @company = Company.find(params[:company_id])
  33. @user = User.new
  34.  
  35. respond_to do |format|
  36. format.html # new.html.erb
  37. format.xml { render :xml => @user }
  38. end
  39. end
  40.  
  41. # GET /users/1/edit
  42. def edit
  43. @company = Company.find(params[:company_id])
  44. @user = User.find(params[:id])
  45. end
  46.  
  47. # POST /users
  48. # POST /users.xml
  49. def create
  50. @company = Company.find(params[:company_id])
  51. @user = User.new(params[:user])
  52.  
  53. respond_to do |format|
  54.  
  55. if @user.role = "Admin"
  56. @user.has_role! :admin
  57. end
  58.  
  59. if @user.role = "Corporate"
  60. @user.has_role! :corporate
  61. end
  62.  
  63. if @user.role = "Regional"
  64. @user.has_role!(:regional, @company)
  65. end
  66.  
  67. if @user.save
  68. flash[:notice] = "User #{@user.username} was successfully created."
  69. format.html { redirect_to(:action =>'index') }
  70. format.xml { render :xml => @user, :status => :created, :location => @user }
  71. else
  72. format.html { render :action => "new" }
  73. format.xml { render :xml => @user.errors,
  74. :status => :unprocessable_entity }
  75. end
  76. end end
  77.  
  78. # PUT /users/1
  79. # PUT /users/1.xml
  80. def update
  81. @company = Company.find(params[:company_id])
  82. @user = User.find(params[:id])
  83.  
  84. respond_to do |format|
  85. if @user.update_attributes(params[:user])
  86. flash[:notice] = 'User #{@user.username} was successfully updated.'
  87. format.html { redirect_to(:action =>'index') }
  88. format.xml { head :ok }
  89. else
  90. format.html { render :action => "edit" }
  91. format.xml { render :xml => @user.errors, :status => :unprocessable_entity }
  92. end
  93. end
  94. end
  95.  
  96. # DELETE /users/1
  97. # DELETE /users/1.xml
  98. def destroy
  99. @company = Company.find(params[:company_id])
  100. @user = User.find(params[:id])
  101. begin
  102. @user.destroy
  103. flash[:notice] = "User #{@user.username} deleted"
  104. rescue Exception => e
  105. flash[:notice] = e.message
  106. end
  107.  
  108. respond_to do |format|
  109. format.html { redirect_to(users_url) }
  110. format.xml { head :ok }
  111. end
  112. end
  113. end
  114.  
  115.  
  116. ## Admin controller (just for logging in and out)
  117.  
  118. class AdminController < ApplicationController
  119. def login
  120. if request.post?
  121. user = User.authenticate(params[:username], params[:password])
  122. if user
  123. session[:user_id] = user.id
  124. redirect_to(:action => "index")
  125. else
  126. flash.now[:notice] = "Invalid username/password combination"
  127. end
  128. end
  129. end
  130.  
  131. def logout
  132. session[:user_id] = nil
  133. flash[:notice] = "Logged out"
  134. redirect_to(:action => "login")
  135. end
  136.  
  137. def index
  138. end
  139.  
  140. end
  141.  
  142.  
  143. ## User model
  144.  
  145.  
  146. require "digest/sha1"
  147.  
  148. class User < ActiveRecord::Base
  149. acts_as_authorization_subject
  150.  
  151. belongs_to :company
  152.  
  153. validates_presence_of :username
  154. validates_uniqueness_of :username
  155.  
  156. attr_accessor :password_confirmation
  157. validates_confirmation_of :password
  158.  
  159. validate :password_non_blank
  160.  
  161. #def has_role?(role_name, obj=nil)
  162. #super unless obj.class == Region or obj.class == Location
  163. #return company.region == obj if obj.class == Region
  164. #return company.location == obj if obj.class == Location
  165. #end
  166.  
  167.  
  168. def self.authenticate(username, password)
  169. user = self.find_by_username(username)
  170. if user
  171. expected_password = encrypted_password(password, user.salt)
  172. if user.hashed_password != expected_password
  173. user = nil
  174. end
  175. end
  176. user
  177. end
  178.  
  179. def after_destroy
  180. if User.count.zero?
  181. raise "Can't delete last user"
  182. end
  183. end
  184.  
  185. # 'password' is a virtual attribute
  186. def password
  187. @password
  188. end
  189.  
  190. def password=(pwd)
  191. @password = pwd
  192. return if pwd.blank?
  193. create_new_salt
  194. self.hashed_password = User.encrypted_password(self.password, self.salt)
  195. end
  196.  
  197. private
  198.  
  199. def password_non_blank
  200. errors.add(:password, "Missing Password") if hashed_password.blank?
  201. end
  202.  
  203. def create_new_salt
  204. self.salt = self.object_id.to_s + rand.to_s
  205. end
  206.  
  207. def self.encrypted_password(password, salt)
  208. string_to_hash = password + "wibble" + salt
  209. Digest::SHA1.hexdigest(string_to_hash)
  210. end
  211. end
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!