class UsersController < ApplicationController include KeyUtilities skip_be

1. class UsersController < ApplicationController
2. include KeyUtilities
3. skip_before_filter :verify_authenticity_token, :only => [:api_login]
4. before_filter :require_user, :only => [:show, :edit, :update, :edit_profile]
5.  
6. # delete account
7. def destroy
8. user = current_user
9. user.delete
10. flash[:notice] = t(:account_deleted)
11. redirect_to root_path
12. end
13.  
14. # allow login via api
15. def api_login
16. # get the user by login or email
17. user = User.find_by_login_or_email(params[:login])
18.  
19. # exit if no user or invalid password
20. respond_with_error(:error_auth_required) and return if user.blank? || !user.valid_password?(params[:password])
21.  
22. # save new authentication token
23. if user.authentication_token.blank?
24. user.authentication_token = Devise.friendly_token
25. user.save
26. end
27.  
28. # output the user with token
29. respond_to do |format|
30. format.json { render :json => user.as_json(User.private_options_plus(:authentication_token)) }
31. format.xml { render :xml => user.to_xml(User.private_options_plus(:authentication_token)) }
32. format.any { render :text => user.authentication_token }
33. end
34. end
35.  
36. # generates a new api key
37. def new_api_key
38. current_user.set_new_api_key!
39. redirect_to account_path
40. end
41.  
42. # edit public profile
43. def edit_profile
44. @user = current_user
45. end
46.  
47. # update public profile
48. def update_profile
49. @user = current_user # makes our views "cleaner" and more consistent
50. # update
51. @user.update_attributes(user_params)
52. redirect_to account_path
53. end
54.  
55. # public profile for a user
56. def profile
57. # set params and request.format correctly
58. set_request_details!(params)
59.  
60. @user = User.find_by_login(params[:id])
61.  
62. # output error if user not found
63. render :text => t(:user_not_found) and return if @user.nil?
64.  
65. # set page title
66. @title = @user.login || nil
67.  
68. # if a json or xml request
69. if request.format == :json || request.format == :xml
70. # authenticate the user if the user is logged in (can be via token) or api key matches the target user
71. authenticated = (current_user == @user) || (User.find_by_api_key(get_apikey) == @user)
72. # set options correctly
73. options = authenticated ? User.private_options : User.public_options(@user)
74. end
75.  
76. # if html request
77. if request.format == :html
78. @channels = @user.channels.public_viewable.paginate :page => params[:page], :order => 'last_entry_id DESC'
79. end
80.  
81. respond_to do |format|
82. format.html
83. format.json { render :json => @user.as_json(options) }
84. format.xml { render :xml => @user.to_xml(options) }
85. end
86. end
87.  
88. # list all public channels for a user
89. def list_channels
90. @user = User.find_by_login(params[:id])
91.  
92. # output error if user not found
93. render :text => t(:user_not_found) and return if @user.nil?
94.  
95. # if html request
96. if request.format == :html
97. @title = "Internet of Things - Public Channels for #{@user.login}"
98. @channels = @user.channels.public_viewable.paginate :page => params[:page], :order => 'last_entry_id DESC'
99. # if a json or xml request
100. elsif request.format == :json || request.format == :xml
101. # authenticate the user if api key matches the target user
102. authenticated = (User.find_by_api_key(get_apikey) == @user)
103. # get all channels if authenticated, otherwise only public ones
104. channels = authenticated ? @user.channels : @user.channels.public_viewable
105. # set channels correctly
106. @channels = { channels: channels.as_json(Channel.public_options) }
107. end
108.  
109. respond_to do |format|
110. format.html
111. format.json { render :json => @channels }
112. format.xml { render :xml => @channels.to_xml(:root => 'response') }
113. end
114. end
115.  
116. def show
117. @menu = 'account'
118. @user = @current_user
119. end
120.  
121. def edit
122. @menu = 'account'
123. @user = @current_user
124. end
125.  
126. def update
127. @menu = 'account'
128. @user = @current_user # makes our views "cleaner" and more consistent
129.  
130. # delete password and confirmation from params if not present
131. params[:user].delete(:password) if params[:user][:password].blank?
132.  
133. # check current password and update
134. if @user.valid_password?(params[:user][:password_current]) && @user.update_attributes(user_params)
135. # sign the user back in, since devise will log the user out on update
136. sign_in(current_user, :bypass => true)
137. flash[:notice] = t('devise.registrations.updated')
138. redirect_to account_path
139. else
140. @user.errors.add(:base, t(:password_incorrect))
141. render :action => :edit
142. end
143. end
144.  
145. private
146.  
147. # only allow these params
148. def user_params
149. params.require(:user).permit(:email, :login, :time_zone, :public_flag, :bio, :website, :password, :password_confirmation)
150. end
151.  
152. # set params[:id] and request.format correctly
153. def set_request_details!(params)
154. # set format
155. new_format = 'html' if params[:glob].end_with?('.html')
156. new_format = 'json' if params[:glob].end_with?('.json')
157. new_format = 'xml' if params[:glob].end_with?('.xml')
158.  
159. # remove the format from the end of the glob
160. params[:id] = params[:glob].chomp(".#{new_format}")
161.  
162. # set the new format if it exists
163. request.format = new_format.to_sym if new_format.present?
164. end
165.  
166. end