class UsersController < ApplicationController include KeyUtilities skip_be

1. class UsersController < ApplicationController
2.   include KeyUtilities
3.   skip_before_filter :verify_authenticity_token, :only => [:api_login]
4.   before_filter :require_user, :only => [:show, :edit, :update, :edit_profile]
5.  
6.   # delete account
7.   def destroy
8.     user = current_user
9.     user.delete
10.     flash[:notice] = t(:account_deleted)
11.     redirect_to root_path
12.   end
13.  
14.   # allow login via api
15.   def api_login
16.     # get the user by login or email
17.     user = User.find_by_login_or_email(params[:login])
18.  
19.     # exit if no user or invalid password
20.     respond_with_error(:error_auth_required) and return if user.blank? || !user.valid_password?(params[:password])
21.  
22.     # save new authentication token
23.     if user.authentication_token.blank?
24.       user.authentication_token = Devise.friendly_token
25.       user.save
26.     end
27.  
28.     # output the user with token
29.     respond_to do |format|
30.       format.json { render :json => user.as_json(User.private_options_plus(:authentication_token)) }
31.       format.xml { render :xml => user.to_xml(User.private_options_plus(:authentication_token)) }
32.       format.any { render :text => user.authentication_token }
33.     end
34.   end
35.  
36.   # generates a new api key
37.   def new_api_key
38.     current_user.set_new_api_key!
39.     redirect_to account_path
40.   end
41.  
42.   # edit public profile
43.   def edit_profile
44.     @user = current_user
45.   end
46.  
47.   # update public profile
48.   def update_profile
49.     @user = current_user # makes our views "cleaner" and more consistent
50.     # update
51.     @user.update_attributes(user_params)
52.     redirect_to account_path
53.   end
54.  
55.   # public profile for a user
56.   def profile
57.     # set params and request.format correctly
58.     set_request_details!(params)
59.  
60.     @user = User.find_by_login(params[:id])
61.  
62.     # output error if user not found
63.     render :text => t(:user_not_found) and return if @user.nil?
64.  
65.     # set page title
66.     @title = @user.login || nil
67.  
68.     # if a json or xml request
69.     if request.format == :json || request.format == :xml
70.       # authenticate the user if the user is logged in (can be via token) or api key matches the target user
71.       authenticated = (current_user == @user) || (User.find_by_api_key(get_apikey) == @user)
72.       # set options correctly
73.       options = authenticated ? User.private_options : User.public_options(@user)
74.     end
75.  
76.     # if html request
77.     if request.format == :html
78.       @channels = @user.channels.public_viewable.paginate :page => params[:page], :order => 'last_entry_id DESC'
79.     end
80.  
81.     respond_to do |format|
82.       format.html
83.       format.json { render :json => @user.as_json(options) }
84.       format.xml { render :xml => @user.to_xml(options) }
85.     end
86.   end
87.  
88.   # list all public channels for a user
89.   def list_channels
90.     @user = User.find_by_login(params[:id])
91.  
92.     # output error if user not found
93.     render :text => t(:user_not_found) and return if @user.nil?
94.  
95.     # if html request
96.     if request.format == :html
97.       @title = "Internet of Things - Public Channels for #{@user.login}"
98.       @channels = @user.channels.public_viewable.paginate :page => params[:page], :order => 'last_entry_id DESC'
99.     # if a json or xml request
100.     elsif request.format == :json || request.format == :xml
101.       # authenticate the user if api key matches the target user
102.       authenticated = (User.find_by_api_key(get_apikey) == @user)
103.       # get all channels if authenticated, otherwise only public ones
104.       channels = authenticated ? @user.channels : @user.channels.public_viewable
105.       # set channels correctly
106.       @channels = { channels: channels.as_json(Channel.public_options) }
107.     end
108.  
109.     respond_to do |format|
110.       format.html
111.       format.json { render :json => @channels }
112.       format.xml { render :xml => @channels.to_xml(:root => 'response') }
113.     end
114.   end
115.  
116.   def show
117.     @menu = 'account'
118.     @user = @current_user
119.   end
120.  
121.   def edit
122.     @menu = 'account'
123.     @user = @current_user
124.   end
125.  
126.   def update
127.     @menu = 'account'
128.     @user = @current_user # makes our views "cleaner" and more consistent
129.  
130.     # delete password and confirmation from params if not present
131.     params[:user].delete(:password) if params[:user][:password].blank?
132.  
133.     # check current password and update
134.     if @user.valid_password?(params[:user][:password_current]) && @user.update_attributes(user_params)
135.       # sign the user back in, since devise will log the user out on update
136.       sign_in(current_user, :bypass => true)
137.       flash[:notice] = t('devise.registrations.updated')
138.       redirect_to account_path
139.     else
140.       @user.errors.add(:base, t(:password_incorrect))
141.       render :action => :edit
142.     end
143.   end
144.  
145.   private
146.  
147.     # only allow these params
148.     def user_params
149.       params.require(:user).permit(:email, :login, :time_zone, :public_flag, :bio, :website, :password, :password_confirmation)
150.     end
151.  
152.     # set params[:id] and request.format correctly
153.     def set_request_details!(params)
154.       # set format
155.       new_format = 'html' if params[:glob].end_with?('.html')
156.       new_format = 'json' if params[:glob].end_with?('.json')
157.        new_format = 'xml' if params[:glob].end_with?('.xml')
158.  
159.       # remove the format from the end of the glob
160.       params[:id] = params[:glob].chomp(".#{new_format}")
161.  
162.       # set the new format if it exists
163.       request.format = new_format.to_sym if new_format.present?
164.     end
165.  
166. end