thingspeak/app/controllers/users_controller.rb

class UsersController < ApplicationController
  include KeyUtilities
  before_filter :require_no_user, :only => [:new, :create, :forgot_password]
  before_filter :require_user, :only => [:show, :edit, :update, :change_password, :edit_profile]

  # generates a new api key
  def new_api_key
    current_user.set_new_api_key!
    redirect_to account_path
  end

  # edit public profile
  def edit_profile
    @user = current_user
  end

  # update public profile
  def update_profile
    @user = current_user # makes our views "cleaner" and more consistent
    # update
    @user.update_attributes(user_params)
    redirect_to account_path
  end

  # public profile for a user
  def profile
    # set params and request.format correctly
    set_request_details!(params)

    @user = User.find_by_login(params[:id])

    # output error if user not found
    render :text => t(:user_not_found) and return if @user.nil?

    # if a json or xml request
    if request.format == :json || request.format == :xml
      # authenticate the user if api key matches the target user
      authenticated = (User.find_by_api_key(get_apikey) == @user)
      # set options correctly
      options = authenticated ? User.private_options : User.public_options(@user)
    end

    respond_to do |format|
      format.html
      format.json { render :json => @user.as_json(options) }
      format.xml { render :xml => @user.to_xml(options) }
    end
  end

  # list all public channels for a user
  def list_channels
    @user = User.find_by_login(params[:id])

    # output error if user not found
    render :text => t(:user_not_found) and return if @user.nil?

    # if html request
    if request.format == :html
      @title = "Internet of Things - Public Channels for #{@user.login}"
      @channels = @user.channels.public_viewable.paginate :page => params[:page], :order => 'last_entry_id DESC'
    # if a json or xml request
    elsif request.format == :json || request.format == :xml
      # authenticate the user if api key matches the target user
      authenticated = (User.find_by_api_key(get_apikey) == @user)
      # get all channels if authenticated, otherwise only public ones
      channels = authenticated ? @user.channels : @user.channels.public_viewable
      # set channels correctly
      @channels = { channels: channels.as_json(Channel.public_options) }
    end

    respond_to do |format|
      format.html
      format.json { render :json => @channels }
      format.xml { render :xml => @channels.to_xml(:root => 'response') }
    end
  end

  def new
    @title = t(:signup)
    @user = User.new
  end

  def create
    @user = User.new(user_params)
    @user.api_key = generate_api_key(16, 'user')

    # save user
    if @user.valid?

      if @user.save
        redirect_back_or_default channels_path and return
      end
    else
      render :action => :new
    end

  end

  def show
    @menu = 'account'
    @user = @current_user
  end

  def edit
    @menu = 'account'
    @user = @current_user
  end

  # displays forgot password page
  def forgot_password
    @user = User.new
  end

  # this action is called from an email link when a password reset is requested
  def reset_password
    # if user has been logged in (due to previous form submission)
    if !current_user.nil?
      @user = current_user
      @user.errors.add(:base, t(:password_problem))
      @valid_link = true
    else
      @user = User.find_by_id(params[:id])
      # make sure tokens match and password reset is within last 10 minutes
      if @user.perishable_token == params[:token] && @user.updated_at > 600.seconds.ago
        @valid_link = true
        # log the user in
        @user_session = UserSession.new(@user)
        @user_session.save
      end
    end
  end

  # do the actual password change
  def change_password
    @user = current_user
    # if no password entered, redirect
    redirect_to reset_password_path and return if params[:user][:password].empty?
    # check current password and update
    if @user.update_attributes(user_params)
      redirect_to account_path
    else
      redirect_to reset_password_path
    end
  end

  def update
    @menu = 'account'
    @user = @current_user # makes our views "cleaner" and more consistent
    # check current password and update
    if @user.valid_password?(params[:password_current]) && @user.update_attributes(user_params)
      redirect_to account_path
    else
      @user.errors.add(:base, t(:password_incorrect))
      render :action => :edit
    end
  end

  private

    # only allow these params
    def user_params
      params.require(:user).permit(:email, :login, :time_zone, :public_flag, :bio, :website, :password, :password_confirmation)
    end

    # set params[:id] and request.format correctly
    def set_request_details!(params)
      # set format
      new_format = 'html' if params[:glob].end_with?('.html')
      new_format = 'json' if params[:glob].end_with?('.json')
      new_format = 'xml' if params[:glob].end_with?('.xml')

      # remove the format from the end of the glob
      params[:id] = params[:glob].chomp(".#{new_format}")

      # set the new format if it exists
      request.format = new_format.to_sym if new_format.present?
    end

end
initial checkin of full application 2011-03-27 22:56:15 +02:00			`class UsersController < ApplicationController`
update with changes from Production branch 2014-02-17 18:05:39 +01:00			`include KeyUtilities`
initial checkin of full application 2011-03-27 22:56:15 +02:00			`before_filter :require_no_user, :only => [:new, :create, :forgot_password]`
update with changes from Production branch 2014-02-17 18:05:39 +01:00			`before_filter :require_user, :only => [:show, :edit, :update, :change_password, :edit_profile]`

			`# generates a new api key`
			`def new_api_key`
			`current_user.set_new_api_key!`
			`redirect_to account_path`
			`end`

			`# edit public profile`
			`def edit_profile`
			`@user = current_user`
			`end`

			`# update public profile`
			`def update_profile`
			`@user = current_user # makes our views "cleaner" and more consistent`
			`# update`
			`@user.update_attributes(user_params)`
			`redirect_to account_path`
			`end`

			`# public profile for a user`
			`def profile`
			`# set params and request.format correctly`
			`set_request_details!(params)`

			`@user = User.find_by_login(params[:id])`

			`# output error if user not found`
			`render :text => t(:user_not_found) and return if @user.nil?`

			`# if a json or xml request`
			`if request.format == :json \|\| request.format == :xml`
			`# authenticate the user if api key matches the target user`
			`authenticated = (User.find_by_api_key(get_apikey) == @user)`
			`# set options correctly`
			`options = authenticated ? User.private_options : User.public_options(@user)`
			`end`

			`respond_to do \|format\|`
			`format.html`
			`format.json { render :json => @user.as_json(options) }`
			`format.xml { render :xml => @user.to_xml(options) }`
			`end`
			`end`

			`# list all public channels for a user`
			`def list_channels`
			`@user = User.find_by_login(params[:id])`

			`# output error if user not found`
			`render :text => t(:user_not_found) and return if @user.nil?`

			`# if html request`
			`if request.format == :html`
			`@title = "Internet of Things - Public Channels for #{@user.login}"`
			`@channels = @user.channels.public_viewable.paginate :page => params[:page], :order => 'last_entry_id DESC'`
			`# if a json or xml request`
			`elsif request.format == :json \|\| request.format == :xml`
			`# authenticate the user if api key matches the target user`
			`authenticated = (User.find_by_api_key(get_apikey) == @user)`
			`# get all channels if authenticated, otherwise only public ones`
			`channels = authenticated ? @user.channels : @user.channels.public_viewable`
			`# set channels correctly`
			`@channels = { channels: channels.as_json(Channel.public_options) }`
			`end`

			`respond_to do \|format\|`
			`format.html`
			`format.json { render :json => @channels }`
			`format.xml { render :xml => @channels.to_xml(:root => 'response') }`
			`end`
			`end`
initial checkin of full application 2011-03-27 22:56:15 +02:00
			`def new`
update with changes from Production branch 2014-02-17 18:05:39 +01:00			`@title = t(:signup)`
initial checkin of full application 2011-03-27 22:56:15 +02:00			`@user = User.new`
			`end`
update with changes from Production branch 2014-02-17 18:05:39 +01:00
initial checkin of full application 2011-03-27 22:56:15 +02:00			`def create`
update with changes from Production branch 2014-02-17 18:05:39 +01:00			`@user = User.new(user_params)`
			`@user.api_key = generate_api_key(16, 'user')`
initial checkin of full application 2011-03-27 22:56:15 +02:00
update with changes from Production branch 2014-02-17 18:05:39 +01:00			`# save user`
			`if @user.valid?`

			`if @user.save`
			`redirect_back_or_default channels_path and return`
			`end`
			`else`
			`render :action => :new`
			`end`
initial checkin of full application 2011-03-27 22:56:15 +02:00
			`end`
update with changes from Production branch 2014-02-17 18:05:39 +01:00
initial checkin of full application 2011-03-27 22:56:15 +02:00			`def show`
update with changes from Production branch 2014-02-17 18:05:39 +01:00			`@menu = 'account'`
			`@user = @current_user`
initial checkin of full application 2011-03-27 22:56:15 +02:00			`end`
update with changes from Production branch 2014-02-17 18:05:39 +01:00
initial checkin of full application 2011-03-27 22:56:15 +02:00			`def edit`
update with changes from Production branch 2014-02-17 18:05:39 +01:00			`@menu = 'account'`
			`@user = @current_user`
initial checkin of full application 2011-03-27 22:56:15 +02:00			`end`

update with changes from Production branch 2014-02-17 18:05:39 +01:00			`# displays forgot password page`
			`def forgot_password`
			`@user = User.new`
			`end`
initial checkin of full application 2011-03-27 22:56:15 +02:00
update with changes from Production branch 2014-02-17 18:05:39 +01:00			`# this action is called from an email link when a password reset is requested`
			`def reset_password`
			`# if user has been logged in (due to previous form submission)`
			`if !current_user.nil?`
			`@user = current_user`
			`@user.errors.add(:base, t(:password_problem))`
			`@valid_link = true`
			`else`
			`@user = User.find_by_id(params[:id])`
			`# make sure tokens match and password reset is within last 10 minutes`
			`if @user.perishable_token == params[:token] && @user.updated_at > 600.seconds.ago`
			`@valid_link = true`
			`# log the user in`
			`@user_session = UserSession.new(@user)`
			`@user_session.save`
			`end`
			`end`
			`end`

			`# do the actual password change`
			`def change_password`
initial checkin of full application 2011-03-27 22:56:15 +02:00			`@user = current_user`
update with changes from Production branch 2014-02-17 18:05:39 +01:00			`# if no password entered, redirect`
			`redirect_to reset_password_path and return if params[:user][:password].empty?`
			`# check current password and update`
			`if @user.update_attributes(user_params)`
initial checkin of full application 2011-03-27 22:56:15 +02:00			`redirect_to account_path`
			`else`
			`redirect_to reset_password_path`
			`end`
update with changes from Production branch 2014-02-17 18:05:39 +01:00			`end`
initial checkin of full application 2011-03-27 22:56:15 +02:00
			`def update`
update with changes from Production branch 2014-02-17 18:05:39 +01:00			`@menu = 'account'`
			`@user = @current_user # makes our views "cleaner" and more consistent`
			`# check current password and update`
			`if @user.valid_password?(params[:password_current]) && @user.update_attributes(user_params)`
initial checkin of full application 2011-03-27 22:56:15 +02:00			`redirect_to account_path`
			`else`
update with changes from Production branch 2014-02-17 18:05:39 +01:00			`@user.errors.add(:base, t(:password_incorrect))`
			`render :action => :edit`
initial checkin of full application 2011-03-27 22:56:15 +02:00			`end`
			`end`

update with changes from Production branch 2014-02-17 18:05:39 +01:00			`private`

			`# only allow these params`
			`def user_params`
			`params.require(:user).permit(:email, :login, :time_zone, :public_flag, :bio, :website, :password, :password_confirmation)`
			`end`

			`# set params[:id] and request.format correctly`
			`def set_request_details!(params)`
			`# set format`
			`new_format = 'html' if params[:glob].end_with?('.html')`
			`new_format = 'json' if params[:glob].end_with?('.json')`
			`new_format = 'xml' if params[:glob].end_with?('.xml')`

			`# remove the format from the end of the glob`
			`params[:id] = params[:glob].chomp(".#{new_format}")`

			`# set the new format if it exists`
			`request.format = new_format.to_sym if new_format.present?`
			`end`

			`end`