class UserController < ApplicationController
skip_before_filter :authenticate_user, :only => [ :login, :signup, :forgot_password, :set_group ]
def login
return if generate_blank_form
remember_me = params[:user].delete(:autologin)
@user = User.new(params['user'])
user = User.authenticate(params['user']['login'], params['user']['password'])
if user
self.current_user = user
flash[:notice] = 'Login succeeded'
if remember_me && remember_me == '1'
user.generate_security_token
cookies[:autologin] = {:value => user.id.to_s, :expires =>90.days.from_now}
cookies[:token] = {:value => user.security_token, :expires =>90.days.from_now}
end
back_or_redirect_to :controller => 'welcome', :action => :index
else
@login = params['user']['login']
flash[:notice] = 'Login failed'
end
end
def signup
return if generate_blank_form
params['user'].delete('form')
begin
User.transaction do
@user = User.new(params['user'])
@user.password_needs_confirmation = true
if @user.save
key = @user.generate_security_token
url = url_for(:action => 'welcome')
url += "?user[id]=#{@user.id}&key=#{key}"
UserNotify.deliver_signup(@user, params['user']['password'], url)
flash[:notice] = 'Signup successful! Please check your registered email account to verify your account registration and continue with the login.'
redirect_to :action => 'login'
end
end
rescue Exception => ex
report_exception ex
flash[:notice] = 'Error creating account: confirmation email not sent'
end
end
def logout
self.current_user = nil
cookies.delete :autologin
redirect_to :action => 'login'
end
def change_password
return if generate_filled_in
params['user'].delete('form')
begin
@user.change_password(params['user']['password'], params['user']['password_confirmation'])
@user.save!
rescue Exception => ex
report_exception ex
flash.now[:notice] = 'Your password could not be changed at this time. Please retry.'
render and return
end
begin
UserNotify.deliver_change_password(@user, params['user']['password'])
rescue Exception => ex
report_exception ex
end
end
def forgot_password
if authenticated_user?
flash[:notice] = 'You are currently logged in. You may change your password now.'
redirect_to :action => 'change_password'
return
end
return if generate_blank_form
if params['user']['email'].empty?
flash.now[:notice] = 'Please enter a valid email address.'
elsif (user = User.find_by_email(params['user']['email'])).nil?
flash.now[:notice] = "We could not find a user with the email address #{CGI.escapeHTML(params['user']['email'])}"
else
begin
User.transaction do
key = user.generate_security_token
url = url_for(:action => 'change_password')
url += "?user[id]=#{user.id}&key=#{key}"
UserNotify.deliver_forgot_password(user, url)
flash[:notice] = "Instructions on resetting your password have been emailed to #{CGI.escapeHTML(params['user']['email'])}."
unless authenticated_user?
redirect_to :action => 'login'
return
end
redirect_back_or_default :action => 'welcome'
end
rescue Exception => ex
report_exception ex
flash.now[:notice] = "Your password could not be emailed to #{CGI.escapeHTML(params['user']['email'])}"
end
end
end
def edit
return if generate_filled_in
if params['user']['form']
form = params['user'].delete('form')
begin
case form
when "edit"
changeable_fields = ['first_name', 'last_name', 'email']
@user.attributes = params['user'].delete_if { |k,v| not changeable_fields.include?(k) }
@user.save
flash.now['notice'] = "User has been updated."
when "change_password"
change_password
when "delete"
delete
else
raise "unknown edit action"
end
rescue Exception => ex
logger.warn ex
logger.warn ex.backtrace
end
end
end
def delete
@user = current_user || User.find_by_id( session[:user_id] )
begin
@user.update_attribute( :deleted, true )
logout
rescue Exception => ex
flash.now[:notice] = "Error: #{ex}."
redirect_back_or_default :action => 'welcome'
end
end
def welcome
flash.keep
back_or_redirect_to :controller => 'welcome'
end
def set_group
@group = Group.find(params[:group_id])
@user = User.find(params[:id])
if params[:value] == 'true'
@group.users << @user unless @group.users.include? @user
else
@group.users.delete @user
end
@users = User.find(:all)
end
def toggle_work_lock_monitoring
@user = User.find(params[:id])
@subscriber = params[:subscriber_id] ? User.find(params[:subscriber_id]) : current_user
already_monitoring = @user.work_lock_subscribers.include? @subscriber
if already_monitoring
@user.work_lock_subscribers.delete @subscriber
action = 'stopped'
else
@user.work_lock_subscribers << @subscriber
action = 'started'
end
flash[:notice] = "Monitoring #{action}"
UserNotify.deliver_monitoring(@user, @subscriber, action)
redirect_to :action => :edit, :id => @user.id unless request.xhr?
end
def invite_work_lock_subscriber
@user = current_user
@subscriber = User.find(params[:id])
already_monitoring = @user.work_lock_subscribers.include? @subscriber
if already_monitoring
flash[:notice] = "#{@subscriber.name} is already monitoring your work sheets."
else
monitoring_url = url_for :action => :toggle_work_lock_monitoring, :id => @user
UserNotify.deliver_monitoring_invitation(@subscriber, @user, monitoring_url)
flash[:notice] = "Invitation sent to #{@subscriber.name}"
end
render :template => '/display_notice', :layout => false
end
protected
def protect?(action)
if ['login', 'signup', 'forgot_password'].include?(action)
return false
else
return true
end
end
# Generate a template user for certain actions on get
def generate_blank_form
case request.method
when :get
@user = User.new
if cookie = cookies['autologin']
cookie_value = cookie[0]
if remembered_user = User.find(:first, :conditions => ["id = ?", cookie_value])
@user.login = remembered_user.login
end
end
render
return true
end
return false
end
# Generate a template user for certain actions on get
def generate_filled_in
@user = User.find_by_id(params[:id]) || current_user || User.find_by_id(session[:user_id])
@groups = Group.find(:all, :order => 'name')
@periods = @user.periods
@associates = User.find(:all) - @user.work_lock_subscribers - [current_user]
@potential_subscribees = User.find(:all) - @user.work_lock_subscriptions - [current_user]
absences = Absence.find(:all, :conditions => ['user_id = ? AND "on" BETWEEN ? AND ?', current_user.id, Date.new(Date.today.year, 1, 1), Date.new(Date.today.year, 12, 31)])
@holidays = absences.select {|a| a.reason == 'HOLIDAY'}
@holidays.map! {|a| a.on}
@sick_days = absences.select {|a| a.reason == 'SICK'}
@sick_days.map! {|a| a.on}
@sick_days_with_doctors_leave = absences.select {|a| a.reason == 'SICK_WITH_DOCTOR'}
@sick_days_with_doctors_leave.map! {|a| a.on}
case request.method
when :get
render
return true
end
return false
end
def report_exception( ex )
logger.warn ex
logger.warn ex.backtrace.join("\n")
end
private
def populate_layout
@sidebars = [
{ :id => 1, :title => "Welcome to Backlog", :content => 'Welcome to Backlog, a project support application targeted at collecting, planning, and completing tasks.
Backlog also offers history tracking and a graphical presentation of burn down charts.
' }
]
end
end