app/controllers/my_controller.rb
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006- Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class MyController < ApplicationController
self.main_menu = false
before_action :require_login
# let user change user's password when user has to
skip_before_action :check_password_change, :check_twofa_activation, :only => :password
accept_api_auth :account
require_sudo_mode :account, only: :put
require_sudo_mode :reset_atom_key, :reset_api_key, :show_api_key, :destroy
helper :issues
helper :users
helper :custom_fields
helper :queries
helper :activities
def index
page
render :action => 'page'
end
# Show user's page
def page
@user = User.current
@groups = @user.pref.my_page_groups
@blocks = @user.pref.my_page_layout
end
# Edit user's account
def account
@user = User.current
@pref = @user.pref
if request.put?
@user.safe_attributes = params[:user]
@user.pref.safe_attributes = params[:pref]
if @user.save
@user.pref.save
respond_to do |format|
format.html do
flash[:notice] = l(:notice_account_updated)
redirect_to my_account_path
end
format.api {render_api_ok}
end
return
else
respond_to do |format|
format.html {render :action => :account}
format.api {render_validation_errors(@user)}
end
end
end
end
# Destroys user's account
def destroy
@user = User.current
unless @user.own_account_deletable?
redirect_to my_account_path
return
end
if request.post? && params[:confirm]
@user.destroy
if @user.destroyed?
logout_user
flash[:notice] = l(:notice_account_deleted)
end
redirect_to home_path
end
end
# Manage user's password
def password
@user = User.current
unless @user.change_password_allowed?
flash[:error] = l(:notice_can_t_change_password)
redirect_to my_account_path
return
end
if request.post?
if !@user.check_password?(params[:password])
flash.now[:error] = l(:notice_account_wrong_password)
elsif params[:password] == params[:new_password]
flash.now[:error] = l(:notice_new_password_must_be_different)
else
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
@user.must_change_passwd = false
if @user.save
# The session token was destroyed by the password change, generate a new one
session[:tk] = @user.generate_session_token
Mailer.deliver_password_updated(@user, User.current)
flash[:notice] = l(:notice_account_password_updated)
redirect_to my_account_path
end
end
end
end
# Create a new feeds key
def reset_atom_key
if request.post?
if User.current.atom_token
User.current.atom_token.destroy
User.current.reload
end
User.current.atom_key
flash[:notice] = l(:notice_feeds_access_key_reseted)
end
redirect_to my_account_path
end
def show_api_key
@user = User.current
end
# Create a new API key
def reset_api_key
if request.post?
if User.current.api_token
User.current.api_token.destroy
User.current.reload
end
User.current.api_key
flash[:notice] = l(:notice_api_access_key_reseted)
end
redirect_to my_account_path
end
def update_page
@user = User.current
block_settings = params[:settings] || {}
block_settings.each do |block, settings|
@user.pref.update_block_settings(block, settings.to_unsafe_hash)
end
@user.pref.save
@updated_blocks = block_settings.keys
end
# Add a block to user's page
# The block is added on top of the page
# params[:block] : id of the block to add
def add_block
@user = User.current
@block = params[:block]
if @user.pref.add_block @block
@user.pref.save
respond_to do |format|
format.html {redirect_to my_page_path}
format.js
end
else
render_error :status => 422
end
end
# Remove a block to user's page
# params[:block] : id of the block to remove
def remove_block
@user = User.current
@block = params[:block]
@user.pref.remove_block @block
@user.pref.save
respond_to do |format|
format.html {redirect_to my_page_path}
format.js
end
end
# Change blocks order on user's page
# params[:group] : group to order (top, left or right)
# params[:blocks] : array of block ids of the group
def order_blocks
@user = User.current
@user.pref.order_blocks params[:group], params[:blocks]
@user.pref.save
head :ok
end
end