# -*- coding: utf-8 -*- class UsersController < ApplicationController respond_to :html, :json, :js before_filter :find_user, only: [:show, :update, :forgot_password] authorize_resource except: [:forgot_password] def index begin redirect_to group_path(Group.everyone) rescue raise "No basic groups are present, yet. Try `rake bootstrap:all`." end end def show if current_user == @user current_user.update_last_seen_activity("sieht sich sein eigenes Profil an", @user) else current_user.try(:update_last_seen_activity, "sieht sich das Profil von #{@user.title} an", @user) end respond_to do |format| format.html # show.html.erb #format.json { render json: @profile.sections } # TODO end metric_logger.log_event @user.attributes.merge({name: @user.name, title: @user.title}), type: :show_user end def new @user = User.new @parent_group = Group.find(params[:parent_id]) if params[:parent_type] == 'Group' @user.add_to_group = @parent_group.try(:id) @user.female = false @user.alias = params[:alias] end def create @user_params = user_params @basic_user_params = @user_params.select { |key, value| key.to_s.in? ['first_name', 'last_name', 'email', 'female', 'create_account'] } @basic_user_params[:first_name] ||= I18n.t(:first_name) @basic_user_params[:last_name] ||= I18n.t(:last_name) @user = User.create(@basic_user_params) if @user_params[:add_to_group] Group.find(@user_params[:add_to_group]).assign_user @user @user_params.except! :add_to_group end @user.update_attributes(@user_params) @user.fill_in_template_profile_information @user.send_welcome_email if @user.account redirect_to @user end def update @user.update_attributes(user_params) respond_with @user end def autocomplete_title query = params[:term] if params[ :term ] query ||= params[ :query ] if params[ :query ] query ||= "" @users = User.where("CONCAT(first_name, ' ', last_name) LIKE ?", "%#{query}%") # render json: json_for_autocomplete(@users, :title) # render json: @users.to_json( :methods => [ :title ] ) render json: @users.map(&:title) end def forgot_password authorize! :update, @user.account @user.account.send_new_password flash[:notice] = I18n.t(:new_password_has_been_sent_to, user_name: @user.title) redirect_to :back end private # This method returns the request parameters and their values as long as the user # is permitted to change them. # # This mechanism protects from mass assignment hacking and replaces the old # attr_accessible mechanism. # # For more information, have a look at these resources: # https://github.com/rails/strong_parameters/ # http://railscasts.com/episodes/371-strong-parameters # def user_params permitted_keys = [] if @user permitted_keys += [:first_name] if can? :change_first_name, @user permitted_keys += [:alias] if can? :change_alias, @user permitted_keys += [:email, :date_of_birth, :localized_date_of_birth] if can? :update, @user permitted_keys += [:avatar, :remove_avatar] if can? :update, @user permitted_keys += [:last_name, :name] if can? :change_last_name, @user permitted_keys += [:corporation_name] if can? :manage, @user permitted_keys += [:create_account, :female, :add_to_group, :add_to_corporation, :hidden, :wingolfsblaetter_abo] if can? :manage, @user else # user creation permitted_keys += [:first_name, :last_name, :female, :date_of_birth, :add_to_group, :add_to_corporation, :aktivmeldungsdatum, :study_address, :home_address, :work_address, :email, :phone, :mobile, :create_account] if can? :create, :aktivmeldung end params.require(:user).permit(*permitted_keys) end def find_user if not handle_mystery_user @user = User.find(params[:id]) if params[:id].present? @user ||= User.find_by_alias(params[:alias]) if params[:alias].present? @user ||= User.new @title = @user.title @navable = @user end end def handle_mystery_user if (params[:id].to_i == 1) and (not User.where(id: 1).present?) redirect_to group_path(Group.everyone), :notice => "I bring order to chaos. I am the beginning, the end, the one who is many." return true end end end