Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2026-03-13 07:56:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make the UsersController more RESTful by moving actions that act on the Users resource from LoginController to UsersController.

Browse source 
git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@410 a4c988fc-2ded-0310-b66e-134b36920a42
This commit is contained in:
lukemelia 2007-01-27 08:28:52 +00:00
parent 109a1847fb
commit ddc6d57c17
13 changed files with 184 additions and 193 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tracks/app/controllers/application.rb
View file

@ -71,6 +71,10 @@ class ApplicationController < ActionController::Base
end
end
def redirect_back_or_home
redirect_back_or_default home_url
end
private
def parse_date_per_user_prefs( s )

57
tracks/app/controllers/login_controller.rb
View file

@ -18,7 +18,7 @@ class LoginController < ApplicationController
msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire."
notify :notice, "Login successful: session #{msg}"
cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year }
redirect_back_or_default home_url
redirect_back_or_home
else
@login = params['user_login']
notify :warning, "Login unsuccessful"
@ -69,7 +69,7 @@ class LoginController < ApplicationController
unless (@user.nil?)
notify :notice, "You have successfully verified #{open_id_response.identity_url} as your identity."
session['user_id'] = @user.id
redirect_back_or_default home_path
redirect_back_or_home
else
notify :warning, "You have successfully verified #{open_id_response.identity_url} as your identity, but you do not have a Tracks account. Please ask your administrator to sign you up."
end
@ -83,47 +83,6 @@ class LoginController < ApplicationController
redirect_to :action => 'login' unless performed?
end
def signup
if User.no_users_yet?
@page_title = "Sign up as the admin user"
@user = get_new_user
elsif @user && @user.is_admin?
@page_title = "Sign up a new user"
@user = get_new_user
else # all other situations (i.e. a non-admin is logged in, or no one is logged in, but we have some users)
@page_title = "No signups"
@admin_email = User.find_admin.preference.admin_email
render :action => "nosignup"
end
end
def create
user = User.new(params['user'])
unless user.valid?
session['new_user'] = user
redirect_to :controller => 'login', :action => 'signup'
return
end
user.is_admin = true if User.no_users_yet?
if user.save
@user = User.authenticate(user.login, params['user']['password'])
@user.create_preference
@user.save
notify :notice, "Signup successful for user #{@user.login}."
redirect_back_or_default home_url
end
end
def delete
if params['id'] and ( params['id'] == @user.id or @user.is_admin )
@user = User.find(params['id'])
# TODO: Maybe it would be better to mark deleted. That way user deletes can be reversed.
@user.destroy
end
redirect_back_or_default home_url
end
def logout
session['user_id'] = nil
reset_session
@ -150,17 +109,7 @@ class LoginController < ApplicationController
end
private
def get_new_user
if session['new_user']
user = session['new_user']
session['new_user'] = nil
else
user = User.new
end
user
end
def should_expire_sessions?
session['noexpiry'] != "on"
end

99
tracks/app/controllers/users_controller.rb
View file

@ -5,20 +5,33 @@ class UsersController < ApplicationController
before_filter :begin_open_id_auth, :only => :update_auth_type
end
before_filter :admin_login_required, :only => [ :index, :create, :destroy ]
before_filter :admin_login_required, :only => [ :index, :destroy ]
def index
@page_title = "TRACKS::Manage Users"
@user_pages, @users = paginate :users, :order => 'login ASC', :per_page => 10
@total_users = User.find(:all).size
# When we call login/signup from the admin page
# When we call users/signup from the admin page
# we store the URL so that we get returned here when signup is successful
expires_now
store_location
end
# verify :method => :post,
# :only => %w( create ),
# :render => { :text => '403 Forbidden: Only POST requests on this resource are allowed.',
# :status => 403 }
def new
if User.no_users_yet?
@page_title = "Sign up as the admin user"
@user = get_new_user
elsif @user && @user.is_admin?
@page_title = "Sign up a new user"
@user = get_new_user
else # all other situations (i.e. a non-admin is logged in, or no one is logged in, but we have some users)
@page_title = "No signups"
@admin_email = User.find_admin.preference.admin_email
render :action => "nosignup", :layout => "login"
return
end
render :layout => "login"
end
# Example usage: curl -H 'Accept: application/xml' -H 'Content-Type: application/xml'
# -u admin:up2n0g00d
@ -26,28 +39,56 @@ class UsersController < ApplicationController
# http://our.tracks.host/users
#
def create
if params['exception']
render_failure "Expected post format is valid xml like so: <request><login>username</login><password>abc123</password></request>."
return
end
if params['exception']
render_failure "Expected post format is valid xml like so: <request><login>username</login><password>abc123</password></request>."
return
end
respond_to do |format|
format.html do
unless User.no_users_yet? || (@user && @user.is_admin?)
@page_title = "No signups"
@admin_email = User.find_admin.preference.admin_email
render :action => "nosignup", :layout => "login"
return
end
user = User.new(params['user'])
unless user.valid?
session['new_user'] = user
redirect_to :action => 'new'
return
end
admin = User.find_admin
unless session["user_id"].to_i == admin.id.to_i
access_denied
user.is_admin = true if User.no_users_yet?
if user.save
@user = User.authenticate(user.login, params['user']['password'])
@user.create_preference
@user.save
notify :notice, "Signup successful for user #{@user.login}."
redirect_back_or_home
end
return
end
unless check_create_user_params
render_failure "Expected post format is valid xml like so: <request><login>username</login><password>abc123</password></request>."
format.xml do
unless User.find_by_id_and_is_admin(session['user_id'], true)
render :text => "401 Unauthorized: Only admin users are allowed access to this function.", :status => 401
return
end
unless check_create_user_params
render_failure "Expected post format is valid xml like so: <request><login>username</login><password>abc123</password></request>."
return
end
user = User.new(params[:request])
user.password_confirmation = params[:request][:password]
if user.save
render :text => "User created.", :status => 200
else
render_failure user.errors.to_xml
end
return
end
user = User.new(params[:request])
user.password_confirmation = params[:request][:password]
if user.save
render :text => "User created.", :status => 200
else
render_failure user.errors.to_xml
end
end
end
end
def destroy
@deleted_user = User.find_by_id(params[:id])
@ -176,6 +217,16 @@ class UsersController < ApplicationController
private
def get_new_user
if session['new_user']
user = session['new_user']
session['new_user'] = nil
else
user = User.new
end
user
end
def check_create_user_params
return false unless params.has_key?(:request)
return false unless params[:request].has_key?(:login)