app/controllers/chaltron/users_controller.rb
class Chaltron::UsersController < ApplicationController
before_action :authenticate_user!
load_and_authorize_resource except: [:self_show, :self_edit, :self_update]
respond_to :html
default_log_category :user_admin
def index
@filters = filter_params
# apply provider filter
@users = @users.where(provider: nil) if @filters[:provider] == 'local'
@users = @users.where(provider: :ldap) if @filters[:provider] == 'ldap'
# apply activity filter
@users = @users.where(sign_in_count: 0) if @filters[:activity] == 'no_login'
end
def show
end
def new
end
def edit
end
def self_show
end
def self_edit
end
def create
if @user.save
flash[:notice] = I18n.t('chaltron.users.created')
info I18n.t('chaltron.logs.users.created',
current: current_user.display_name, user: @user.display_name)
end
respond_with(@user)
end
def update
flash[:notice] = I18n.t('chaltron.users.updated') if @user.update(update_params)
respond_with(@user)
end
def enable
@user.enable!
redirect_to(@user)
end
def disable
@user.disable!
redirect_to(@user)
end
def self_update
user_params_with_pass = self_update_params.dup.to_h
if params[:user][:password].present?
user_params_with_pass.merge!(
password: params[:user][:password],
password_confirmation: params[:user][:password_confirmation],
)
end
if current_user.update(user_params_with_pass)
flash[:notice] = I18n.t('chaltron.users.self_updated')
render :self_show
else
render :self_edit
end
end
def destroy
if current_user == @user
redirect_to({ action: :index }, alert: I18n.t('chaltron.users.cannot_self_destroy'))
else
info I18n.t('chaltron.logs.users.destroyed',
current: current_user.display_name, user: @user.display_name)
@user.destroy
respond_with(@user)
end
end
private
def create_params
params.require(:user).permit(:username, :email, :fullname,
:password, :password_confirmation, roles: [])
end
def update_params
params.require(:user).permit(roles: [])
end
def self_update_params
allowed = [:fullname]
allowed << :email if current_user.provider.nil?
params.require(:user).permit(allowed)
end
def filter_params
params.fetch(:filters, {}).permit(:provider, :activity)
end
end