- if current_user.id == user.id
  .user-info
    %form{:"accept-charset" => "UTF-8", :action => "/users/#{user.id}", :method => "POST"}
      = csrf_tag
      %input{:type => 'hidden', :name => "_method", :value => "put"}
      .field
        %input{:id => "email", :name => "user[email]", :value => user.email, :type => "text"}
      .field
        %input{:id => "password", :name => "user[password]", :placeholder => "new password", :type => "password"}
      .field
        %input{:id => "password_confirmation", :name => "user[password_confirmation]", :placeholder => "confirm password", :type => "password"}
      .field
        %input.long-line{:id => "notification_url", :name => "user[notification_url]", :value => user.notification_url, :placeholder => "notification url (if you're a bot)", :type => "text"}
      .field
        %input{:class => "button", :type => "submit", :value => "update"}

  .user-api-key
    - if current_user.api_key
      %span.info.long-line= current_user.api_key
    - else
      %span.info no api key (yet)

    %form{:"accept-charset" => "UTF-8", :action => "/users/#{user.id}/key", :method => "POST"}
      = csrf_tag
      %input{:class => "button", :type => "submit", :value => "generate new api key"}
- else
  %ul.list
    %li
      %p= user.email
    - if user.notification_url
      %li
        %p= user.notification_url

  .delete-user
    %form{:"accept-charset" => "UTF-8", :action => "/users/#{user.id}", :method => "POST"}
      = csrf_tag
      %input{:type => 'hidden', :name => "_method", :value => "delete"}
      %input{:class => "button", :type => "submit", :value => "delete user"}