class UserController < ApplicationController before_filter :login_required, :

1. class UserController < ApplicationController
2. before_filter :login_required, :user_management_allowed, # ORDER IS IMPORTANT
3. :only => ['cp', 'change_password', 'contact', 'activate', 'deactivate']
4. before_filter :login_disallowed, :only => ['signup', 'login', 'forgot_password']
5.  
6. def index
7. redirect_to :action => "cp"
8. end
9.  
10. def signup
11. @user = User.new(@params[:user])
12. if request.post?
13. if @user.save
14. @user = User.authenticate(@user.username, @user.password)
15. session[:user_id] = @user.id
16. flash[:message] = "Signup successful"
17. redirect_to :action => "cp"
18. else
19. flash[:warning] = "Signup unsuccessful!"
20. end
21. end
22. end
23.  
24. def login
25. if request.post?
26. if @user = User.authenticate(params[:user][:username], params[:user][:password])
27. reset_session # just to be sure. (clear all managed_ fields)
28. session[:user_id] = @user.id
29. flash[:message] = "Login succesful. Welcome, #{@user.username}!"
30. redirect_to_stored
31. else
32. flash[:warning] = "Invalid username or password!"
33. end
34. end
35. end
36.  
37. def logout
38. username = current_user.username
39. # username has to be saved first because reset_session affects both flash and current_user
40. reset_session # to make sure everything is gone.
41. flash[:message] = "#{username.capitalize} is now logged out."
42. redirect_to :controller => "main"
43. end
44.  
45. def forgot_password
46. if request.post?
47. u = User.find_by_email(params[:user][:email])
48. if u and u.send_new_password
49. flash[:message] = "A new password has been sent by email."
50. redirect_to :action => "login"
51. else
52. flash[:warning] = "Couldn't send password!"
53. end
54. end
55. end
56.  
57. def contact
58. @user = User.find(params[:id])
59. if request.post?
60. if !current_user.may_contact?(@user)
61. flash[:warning] = "This user doesn't allow you to contact them."
62. end
63.  
64. @user.message_subject = params[:user][:message_subject]
65. @user.message_body = params[:user][:message_body]
66.  
67. if @user.valid?
68. Notifications.deliver_message(current_user, @user)
69. flash[:message] = "Message has been sent."
70. redirect_to :action => "cp"
71. end
72. end
73. end
74.  
75. def change_password
76. @user = managed_user
77. if request.post?
78. @user.update_attributes(:password => params[:user][:password],
79. :password_confirmation => params[:user][:password_confirmation])
80.  
81. if @user.save
82. flash[:message] = "Password Changed"
83. redirect_to :action => "cp"
84. end
85. end
86. end
87.  
88. def activate
89. @user = params[:id] ? User.find(params[:id]) : managed_user
90. if current_user.has_access?(@user) && @user.activate
91. flash[:message] = "User '#{@user.username}' was activated"
92. else
93. flash[:warning] = "Couldn't activate user!"
94. end
95. redirect_to :action => "cp"
96. end
97.  
98. def deactivate
99. @user = params[:id] ? User.find(params[:id]) : managed_user
100. if current_user.has_access?(@user) && @user.deactivate
101. flash[:message] = "User '#{@user.username}' was deactivated"
102. else
103. flash[:warning] = "Couldn't deactivate user!"
104. end
105. redirect_to :action => "cp"
106. end
107.  
108. def manage
109. session[:managed_user_id] = params[:id]
110. redirect_to :action => "cp"
111. end
112.  
113. def cp
114. @user = managed_user
115. @wallets = @user.wallets
116. @currencies = @user.currencies
117.  
118. @users = current_user.is_admin? ? User.find(:all) : nil
119. end
120.  
121. protected
122. def user_management_allowed
123. return true if current_user.has_access?(managed_user)
124. flash[:message] = "You are not allowed to manage this user."
125. self.managed_user = current_user
126. redirect_to :action => "cp"
127. return false
128. end
129. end