Project

General

Profile

Download (4.13 KB) Statistics
| Branch: | Tag: | Revision:

foreman/app/controllers/users_controller.rb @ 14dd0353

class UsersController < ApplicationController

filter_parameter_logging :password, :password_confirmation
skip_before_filter :require_login, :only => [:login, :logout]
skip_before_filter :authorize, :only => [:login, :logout]

def index
# set defaults search order - cant use default scope due to bug in AR
# http://github.com/binarylogic/searchlogic/issues#issue/17
params[:search] ||= {}
params[:search][:order] ||= "descend_by_firstname"

@search = User.search(params[:search])
@users = @search.paginate(:page => params[:page], :include => [:auth_source])
end

def new
@user = User.new
end

def create
@user = User.new(params[:user])
@user.admin = params[:admin]
if @user.save
@user.roles = Role.name_is("Anonymous")
flash[:foreman_notice] = "Successfully created user."
redirect_to users_url
else
render :action => 'new'
end
end

def edit
@user = User.find(params[:id])
if @user.user_facts.count == 0
user_fact = @user.user_facts.build :operator => "==", :andor => "or"
user_fact.fact_name_id = Puppet::Rails::FactName.first.id if Puppet::Rails::FactName.first
true
end
end

def update
@user = User.find(params[:id])
admin = params[:user].delete :admin
# Remove keys for resticted variables when the user is granted minimal access only to their own account
if @minimal_edit
for key in params[:user].keys
params[:user].delete key unless %w{password_confirmation password mail firstname lastname}.include? key
end
end
if @user.update_attributes(params[:user])
# Only an admin can update admin attribute of another use
# this is required, as the admin field is blacklisted above
@user.update_attribute(:admin, admin) if User.current.admin
@user.roles << Role.find_by_name("Anonymous") unless @user.roles.map(&:name).include? "Anonymous"
flash[:foreman_notice] = "Successfully updated user."
redirect_to users_url
else
render :action => 'edit'
end
end

def destroy
user = User.find(params[:id])
if user == User.current
flash[:foreman_notice] = "You are currently logged in, suicidal?"
redirect_to :back and return
end
if user.destroy
flash[:foreman_notice] = "Successfully destroyed user."
else
flash[:foreman_error] = user.errors.full_messages.join("<br/>")
end
redirect_to users_url
end

# Called from the login form.
# Stores the user id in the session and redirects required URL or default homepage
def login
session[:user] = nil
if request.post?
user = User.try_to_login(params[:login]['login'].downcase, params[:login]['password'])
if user.nil?
#failed to authenticate, and/or to generate the account on the fly
flash[:foreman_error] = "Incorrect username or password"
redirect_to login_users_path
else
#valid user
session[:user] = user.id
uri = session[:original_uri]
session[:original_uri] = nil
redirect_to (uri || hosts_path)
end
end
end
# Called from the logout link
# Clears the rails session and redirects to the login action
def logout
session[:user] = @user = User.current = nil
if flash[:foreman_notice] or flash[:foreman_error]
flash.keep
else
session.clear
flash[:foreman_notice] = "Logged out - See you soon"
end
redirect_to login_users_path
end

def auth_source_selected
render :update do |page|
if params[:auth_source_id] and AuthSource.find(params[:auth_source_id]).can_set_password?
page.show 'password', 'verification'
else
page.hide 'password', 'verification'
end
end
end

private

def authorize(ctrl = params[:controller], action = params[:action])
# Minimal edit is true when the user is granted access to just their
# own account details
@minimal_edit = false
return true if User.current.allowed_to?({:controller => ctrl, :action => action})
if action =~ /edit|update/ and params[:id] == User.current.id.to_s
return @minimal_edit=true
else
deny_access and return
end
end

end
(26-26/26)