Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class UserController < ApplicationController
- before_filter :login_required, :user_management_allowed, # ORDER IS IMPORTANT
- :only => ['cp', 'change_password', 'contact', 'activate', 'deactivate']
- before_filter :login_disallowed, :only => ['signup', 'login', 'forgot_password']
- def index
- redirect_to :action => "cp"
- end
- def signup
- @user = User.new(@params[:user])
- if request.post?
- if @user.save
- @user = User.authenticate(@user.username, @user.password)
- session[:user_id] = @user.id
- flash[:message] = "Signup successful"
- redirect_to :action => "cp"
- else
- flash[:warning] = "Signup unsuccessful!"
- end
- end
- end
- def login
- if request.post?
- if @user = User.authenticate(params[:user][:username], params[:user][:password])
- reset_session # just to be sure. (clear all managed_ fields)
- session[:user_id] = @user.id
- flash[:message] = "Login succesful. Welcome, #{@user.username}!"
- redirect_to_stored
- else
- flash[:warning] = "Invalid username or password!"
- end
- end
- end
- def logout
- username = current_user.username
- # username has to be saved first because reset_session affects both flash and current_user
- reset_session # to make sure everything is gone.
- flash[:message] = "#{username.capitalize} is now logged out."
- redirect_to :controller => "main"
- end
- def forgot_password
- if request.post?
- u = User.find_by_email(params[:user][:email])
- if u and u.send_new_password
- flash[:message] = "A new password has been sent by email."
- redirect_to :action => "login"
- else
- flash[:warning] = "Couldn't send password!"
- end
- end
- end
- def contact
- @user = User.find(params[:id])
- if request.post?
- if !current_user.may_contact?(@user)
- flash[:warning] = "This user doesn't allow you to contact them."
- end
- @user.message_subject = params[:user][:message_subject]
- @user.message_body = params[:user][:message_body]
- if @user.valid?
- Notifications.deliver_message(current_user, @user)
- flash[:message] = "Message has been sent."
- redirect_to :action => "cp"
- end
- end
- end
- def change_password
- @user = managed_user
- if request.post?
- @user.update_attributes(:password => params[:user][:password],
- :password_confirmation => params[:user][:password_confirmation])
- if @user.save
- flash[:message] = "Password Changed"
- redirect_to :action => "cp"
- end
- end
- end
- def activate
- @user = params[:id] ? User.find(params[:id]) : managed_user
- if current_user.has_access?(@user) && @user.activate
- flash[:message] = "User '#{@user.username}' was activated"
- else
- flash[:warning] = "Couldn't activate user!"
- end
- redirect_to :action => "cp"
- end
- def deactivate
- @user = params[:id] ? User.find(params[:id]) : managed_user
- if current_user.has_access?(@user) && @user.deactivate
- flash[:message] = "User '#{@user.username}' was deactivated"
- else
- flash[:warning] = "Couldn't deactivate user!"
- end
- redirect_to :action => "cp"
- end
- def manage
- session[:managed_user_id] = params[:id]
- redirect_to :action => "cp"
- end
- def cp
- @user = managed_user
- @wallets = @user.wallets
- @currencies = @user.currencies
- @users = current_user.is_admin? ? User.find(:all) : nil
- end
- protected
- def user_management_allowed
- return true if current_user.has_access?(managed_user)
- flash[:message] = "You are not allowed to manage this user."
- self.managed_user = current_user
- redirect_to :action => "cp"
- return false
- end
- end
Add Comment
Please, Sign In to add comment