app/controllers/gringotts/settings_controller.rb
require_dependency "gringotts/application_controller"
module Gringotts
class SettingsController < ApplicationController
# our verification pages should not require verification! can anyone say infinite redirect?
skip_before_filter :gringotts_protego!, :only => [:index, :setup, :prompt]
before_filter :load_gringotts_settings
def index
# since we always redirect from here, keep the flash (rails-3.2 bug fix'd!)
flash.keep
if @gringotts.confirmed? && @gringotts.verified?(session)
redirect_to gringotts_engine.success_path
elsif @gringotts.phone_number.present?
redirect_to gringotts_engine.verification_path
else
redirect_to gringotts_engine.setup_path
end
return true
end
def setup
if @gringotts.confirmed? && !@gringotts.verified?(session)
# since this is not covered by gringotts_protego! we need to manually check some things
# namely, that if a user is supposed to be verifying, they can't edit their settings...
redirect_to gringotts_engine.verification_path
end
end
def prompt
# see if we have a url saved (we should, but for safety, if missing, just redirect to root)
@next_url = gringotts_next_url || main_app.root_url
if @gringotts.show_prompt?
# going to show prompt
# need to remember that have shown, so not show twice
@gringotts.prompt_shown!
else
# should not see it twice
redirect_to @next_url
end
end
def update
if accepts_strong_params?
@settings.assign_attributes(settings_params)
else
@settings.update_attributes(phone_number: params[:settings][:phone_number])
end
if @settings.save
redirect_to verification_url
else
render :setup
end
end
def disable
@gringotts.update_attributes!(confirmed_at: nil)
@gringotts.settings.destroy
redirect_to gringotts_engine.root_path, notice: "Phone Verification is OFF"
return true
end
private
def load_gringotts_settings
# this is lazy-creation of Gringotts settings, so we don't have to tie in with user creation in regular app
@settings = @gringotts.settings || Gringotts::Settings.new({vault_id: @gringotts.id})
end
def settings_params
params.require(:settings).permit(:active, :phone_number)
end
end
end