Revision 355bce36
Added by Ohad Levy over 10 years ago
| app/controllers/api/v2/users_controller.rb | ||
|---|---|---|
|
module Api
|
||
|
module V2
|
||
|
class UsersController < V2::BaseController
|
||
|
|
||
|
include Foreman::Controller::UsersMixin
|
||
|
include Api::Version2
|
||
|
include Api::TaxonomyScope
|
||
|
before_filter :find_resource, :only => %w{show update destroy}
|
||
| ... | ... | |
|
end
|
||
|
|
||
|
def create
|
||
|
admin = params[:user].delete(:admin)
|
||
|
@user = User.new(params[:user]) { |u| u.admin = admin }
|
||
|
if @user.save
|
||
|
@user.roles << Role.find_by_name("Anonymous") unless @user.roles.map(&:name).include? "Anonymous"
|
||
|
process_success
|
||
|
else
|
||
|
process_resource_error
|
||
| ... | ... | |
|
end
|
||
|
|
||
|
def update
|
||
|
admin = params[:user].has_key?(:admin) ? params[:user].delete(:admin) : nil
|
||
|
# Remove keys for restricted variables when the user is editing their own account
|
||
|
if @user == User.current
|
||
|
for key in params[:user].keys
|
||
|
params[:user].delete key unless %w{password_confirmation password mail firstname lastname}.include? key
|
||
|
end
|
||
|
end
|
||
|
if @user.update_attributes(params[:user])
|
||
|
# Only an admin can update admin attribute of another use
|
||
|
# this is required, as the admin field is blacklisted above
|
||
|
@user.update_attribute(:admin, admin) if User.current.admin and !admin.nil?
|
||
|
@user.roles << Role.find_by_name("Anonymous") unless @user.roles.map(&:name).include? "Anonymous"
|
||
|
update_sub_hostgroups_owners
|
||
|
|
||
|
process_success
|
||
|
else
|
||
|
process_resource_error
|
||
Also available in: Unified diff
fixes #3930 - refactoring of edit_self implementation.