# -*- coding: utf-8 -*-
class UsersController < ApplicationController
respond_to :html, :json, :js
before_filter :find_user, only: [:show, :update, :forgot_password]
authorize_resource except: [:forgot_password]
def index
begin
redirect_to group_path(Group.everyone)
rescue
raise "No basic groups are present, yet. Try `rake bootstrap:all`."
end
end
def show
if current_user == @user
current_user.update_last_seen_activity("sieht sich sein eigenes Profil an", @user)
else
current_user.try(:update_last_seen_activity, "sieht sich das Profil von #{@user.title} an", @user)
end
respond_to do |format|
format.html # show.html.erb
#format.json { render json: @profile.sections } # TODO
end
metric_logger.log_event @user.attributes.merge({name: @user.name, title: @user.title}), type: :show_user
end
def new
@user = User.new
@parent_group = Group.find(params[:parent_id]) if params[:parent_type] == 'Group'
@user.add_to_group = @parent_group.try(:id)
@user.female = false
@user.alias = params[:alias]
end
def create
@user_params = user_params
@basic_user_params = @user_params.select { |key, value| key.to_s.in? ['first_name', 'last_name', 'email', 'female', 'create_account'] }
@basic_user_params[:first_name] ||= I18n.t(:first_name)
@basic_user_params[:last_name] ||= I18n.t(:last_name)
@user = User.create(@basic_user_params)
if @user_params[:add_to_group]
Group.find(@user_params[:add_to_group]).assign_user @user
@user_params.except! :add_to_group
end
@user.update_attributes(@user_params)
@user.fill_in_template_profile_information
@user.send_welcome_email if @user.account
redirect_to @user
end
def update
@user.update_attributes(user_params)
respond_with @user
end
def autocomplete_title
query = params[:term] if params[ :term ]
query ||= params[ :query ] if params[ :query ]
query ||= ""
@users = User.where("CONCAT(first_name, ' ', last_name) LIKE ?", "%#{query}%")
# render json: json_for_autocomplete(@users, :title)
# render json: @users.to_json( :methods => [ :title ] )
render json: @users.map(&:title)
end
def forgot_password
authorize! :update, @user.account
@user.account.send_new_password
flash[:notice] = I18n.t(:new_password_has_been_sent_to, user_name: @user.title)
redirect_to :back
end
private
# This method returns the request parameters and their values as long as the user
# is permitted to change them.
#
# This mechanism protects from mass assignment hacking and replaces the old
# attr_accessible mechanism.
#
# For more information, have a look at these resources:
# https://github.com/rails/strong_parameters/
# http://railscasts.com/episodes/371-strong-parameters
#
def user_params
permitted_keys = []
if @user
permitted_keys += [:first_name] if can? :change_first_name, @user
permitted_keys += [:alias] if can? :change_alias, @user
permitted_keys += [:email, :date_of_birth, :localized_date_of_birth] if can? :update, @user
permitted_keys += [:avatar, :remove_avatar] if can? :update, @user
permitted_keys += [:last_name, :name] if can? :change_last_name, @user
permitted_keys += [:corporation_name] if can? :manage, @user
permitted_keys += [:create_account, :female, :add_to_group, :add_to_corporation, :hidden, :wingolfsblaetter_abo] if can? :manage, @user
else # user creation
permitted_keys += [:first_name, :last_name, :female, :date_of_birth, :add_to_group, :add_to_corporation, :aktivmeldungsdatum, :study_address, :home_address, :work_address, :email, :phone, :mobile, :create_account] if can? :create, :aktivmeldung
end
params.require(:user).permit(*permitted_keys)
end
def find_user
if not handle_mystery_user
@user = User.find(params[:id]) if params[:id].present?
@user ||= User.find_by_alias(params[:alias]) if params[:alias].present?
@user ||= User.new
@title = @user.title
@navable = @user
end
end
def handle_mystery_user
if (params[:id].to_i == 1) and (not User.where(id: 1).present?)
redirect_to group_path(Group.everyone), :notice => "I bring order to chaos. I am the beginning, the end, the one who is many."
return true
end
end
end