fiedl/your_platform

View on GitHub
app/controllers/users_controller.rb

Summary

Maintainability
B
6 hrs
Test Coverage
# -*- coding: utf-8 -*-
class UsersController < ApplicationController

  respond_to :html, :json, :js

  before_action :find_user, only: [:show, :update, :forgot_password]
  authorize_resource except: [:forgot_password]

  skip_before_action :verify_authenticity_token, if: -> {
    params[:user].try(:[], :avatar).present?
    # Make sure in `user_params` that only the avatar can pass then!
  }

  expose :user, -> { @user }

  def index
    begin
      redirect_to group_path(Group.everyone)
    rescue
      raise ActiveRecord::RecordNotFound, "No basic groups are present, yet. Try `rake bootstrap:all`."
    end
  end

  def show
    set_current_title @user.title
    set_current_navable @user
    set_current_access :signed_in
    set_current_access_text :all_signed_in_users_can_read_this_user_profile
    set_current_tab :contacts

    if current_user == @user
      set_current_activity :looks_at_own_profile, @user
    else
      set_current_activity :looks_at_profile, @user
    end

    respond_to do |format|
      format.html
      format.json
      format.js
      format.vcf do
        current_user.add_recent_contact @user
        render plain: @user.to_vcf
      end
    end
  end

  def new
    @user = User.new

    @parent_group = Group.find(params[:parent_id]) if params[:parent_type] == 'Group'
    @parent_group ||= Group.find(params[:group_id]) if params[:group_id]

    @group_member_since = Date.parse(params[:group_member_since]) if params[:group_member_since]
    @group_member_since ||= Time.zone.now.to_date

    @may_create_user_account = false # may be changed later when we extend this feature.

    @user.female = false
    @user.alias = params[:alias]
  end

  def create
    @user_params = user_params
    @basic_user_params = @user_params.select { |key, value| key.to_s.in? ['first_name', 'last_name', 'email', 'female', 'create_account'] }
    @basic_user_params[:first_name] ||= I18n.t(:first_name)
    @basic_user_params[:last_name] ||= I18n.t(:last_name)
    @user = User.create(@basic_user_params)
    @user.update_attributes(@user_params)
    @user.fill_in_template_profile_information
    @user.send_welcome_email if @user.account

    if params[:group_id]
      @group = Group.find params[:group_id]
      @group.assign_user @user, at: (params[:group_member_since] || Time.zone.now)
    end

    if @group
      if @group.kind_of? Groups::Room
        redirect_to group_room_occupants_path(group_id: @group.parent.id)
      else
        redirect_to group_members_path(group_id: @group.id)
      end
    else
      redirect_to @user
    end
  end

  def update
    @user.update! user_params

    render json: @user, status: :ok
  end

  def forgot_password
    authorize! :update, @user.account
    @user.account.send_new_password
    flash[:notice] = I18n.t(:new_password_has_been_sent_to, user_name: @user.title)
    redirect_back(fallback_location: sign_in_path)
  end

  private

  # This method returns the request parameters and their values as long as the user
  # is permitted to change them.
  #
  # This mechanism protects from mass assignment hacking and replaces the old
  # attr_accessible mechanism.
  #
  # For more information, have a look at these resources:
  #   https://github.com/rails/strong_parameters/
  #   http://railscasts.com/episodes/371-strong-parameters
  #
  def user_params
    permitted_keys = []
    if @user
      permitted_keys += [:avatar, :remove_avatar, :avatar_background] if can? :update, @user
      unless params[:user].try(:[], :avatar).present?
        # Because if the avatar is present, the authenticity
        # token check is skipped due to:
        # https://github.com/refile/refile/issues/185
        # https://trello.com/c/BrZRMY6K/816
        #
        permitted_keys += [:first_name] if can? :change_first_name, @user
        permitted_keys += [:alias] if can? :change_alias, @user
        permitted_keys += [:email, :date_of_birth, :localized_date_of_birth, :bio] if can? :update, @user

        permitted_keys += [:last_name, :name] if can? :change_last_name, @user
        permitted_keys += [:corporation_name] if can? :manage, @user
        permitted_keys += [:create_account, :female, :add_to_corporation] if can? :manage, @user
        permitted_keys += [:hidden] if can? :change_hidden, @user
        permitted_keys += [:notification_policy] if can? :update, @user
        permitted_keys += [:local_postal_mail_subscription] if can? :update, @user
      end
    else  # user creation
      permitted_keys += [:first_name, :last_name, :female, :date_of_birth, :add_to_corporation, :aktivmeldungsdatum, :study_address, :home_address, :work_address, :email, :phone, :mobile, :create_account] if can? :create, User
    end
    params.require(:user).permit(*permitted_keys)
  end

  def find_user
    if not handle_mystery_user
      @user = User.find(params[:id]) if params[:id].present?
      @user ||= User.find_by_alias(params[:alias]) if params[:alias].present?
      @user ||= User.new
    end
  end

  def handle_mystery_user
    if (params[:id].to_i == 1) and (not User.where(id: 1).present?)
      redirect_to group_path(Group.everyone), :notice => "I bring order to chaos. I am the beginning, the end, the one who is many."
      return true
    end
  end

end