module Symphonia class UsersController < ApplicationController include Symphonia::Swagger::BaseController def self.tag_list %w[User admin] end swagger_me entity: "User", base_path: "/admin/users" helper Symphonia::RendererHelper before_action :find_user, except: %i[index new create show] before_action :authorize, except: [:show] before_action -> { menu_item(:my_account) }, only: %i[current edit_current update_current] def index @query = Symphonia::User.query.new @query.from_params params @entities = @query.entities respond_to do |format| format.html do @entities = @entities.page(params[:page]) render layout: !request.xhr? end format.json { render json: @entities.all, only: %i[id] + Symphonia::User.registered_attributes.keys } end end def show @user = Symphonia::User.find(params[:id]) if params[:id] @user ||= Symphonia::User.current authorize respond_to do |format| format.html format.json { render json: @user, except: %w[crypted_password password_salt persistence_token perishable_token] } end end def new @user = Symphonia::User.new @roles = Symphonia::Role.sorted respond_to do |format| format.html end end def create @user = Symphonia::User.new(user_params) respond_to do |format| if @user.save format.html { redirect_to @user, notice: t(:text_created) } format.xml { render xml: @user, status: :created, location: @user } format.json { render json: @user, status: :created, location: @user } else format.html do @roles = Symphonia::Role.sorted render action: 'new' end format.xml { render xml: @user.errors, status: :unprocessable_entity } format.json { render json: @user.errors, status: :unprocessable_entity } end end end def edit @roles = Role.all end def update @user.attributes = user_params @user.admin = params[:admin] if params[:admin] && Symphonia::User.current.admin? if params[:role_id].present? && Symphonia::User.current.admin? @role = Role.find(params[:role_id]) @user.role = @role end respond_to do |format| @user.edited_by = current_user @user.edited_at = DateTime.now if @user.save format.html { redirect_back_or_default user_path(@user), notice: t(:text_updated) } format.any(:json, :xml) { head :no_content } else format.html do @roles = Symphonia::Role.all render action: 'edit' end format.xml { render xml: @user.errors, status: :unprocessable_entity } format.json { render json: @user.errors, status: :unprocessable_entity } end end end def destroy @user.destroy respond_to do |format| format.html { redirect_to params[:back_url] || users_url } format.js { render js: "Symphonia.filters.removeRow('#{view_context.dom_id(@user)}')" } format.json { head :no_content } end end def archive @user.archive! respond_to do |format| format.html { redirect_to params[:back_url] || users_url } format.json { head :no_content } end end def unarchive Notifier.user_change_to_active(@user).deliver_later @user.unarchive! respond_to do |format| format.html { redirect_to params[:back_url] || users_url } format.xml { head :no_content } end end private def find_user @user = Symphonia::User.find(params[:id]) end def authorize if User.current.logged_in? && User.current.id == @user&.id true else super end end def user_params allowed = [:login, :first_name, :last_name, :password, :password_confirmation, :email, :mail, preference_ids: []] allowed.concat(%i[admin role_id]) if Symphonia::User.current.admin? params.require(:user).permit(allowed) end end end